Hey all, long time since I was last here... which goes to show just how good Postfix is I guess ;-)

Anyhow still using 2.11.x and have come into an odd filtering need.

I need to *accept* email based on certain helo lines... Which I'm pretty sure is possible, however the other part is I have to reject user/unknown for all emails that don't match the helo line...

So I have my postfix setup basically as follows (currently):

domain1.com -> check local alias map, if match -> forward (relay) to the real mail server via specific transport map
domain2.net -> relay domain + transport map -> spam/virus collector
domain3.org -> no local users, no relay domain, no transport map -> everything rejected at SMTP as 'user unknown'

What I want to do is change the behavior for 'domain3.org' to:

No local users, no relay domain, no transport map by default, if helo/ehlo is my IP address 'HELO [1.2.3.4]' or any unqualified ip address 'HELO 23.34.45.56' to act the same as 'domain2.net' and behave as if an entry in relay_domains and transport_maps to the spam/virus collector.

Config is quite simple and as follows:

main.cf extract:

mynetworks_style = host
mydestination = $myhostname, localhost.$mydomain, localhost, hash:/path-to/rejectdomains
smtpd_helo_restrictions = permit
alias_maps = hash:/path-to/aliases, hash:/path-to/ldapaliascache
transport_maps = hash:/path-to/ldaptranscache, hash:/path-to/transport
relay_domains = hash:/path-to/localdomains, hash:/path-to/spamcollector
smtpd_client_restrictions = cidr:/path-to/rejectlist, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org

Then, rejectdomains contains lines like:

domain3.org        domain3.org
.domain3.org        .domain3.org

rejectlist contains lines like:

199.16.156.0/22         550 5.1.1 User Unknown
66.220.144.0/20         550 5.1.1 User Unknown
108.174.0.0/20          550 5.1.1 User Unknown
17.0.0.0/8              550 5.1.1 User Unknown

ldapaliascache is built from script and contains lines like:

@domain1.com       @domain1.com
miche...@domain1.net  miche...@domain1.net
ad...@domain1.org.au ad...@domain1.org.au

ldaptranscache is also built from script and contains lines like:

domain1.com        smtp:[mailbox.mymailserver.com]
domain1.net          smtp:[mailbox.mymailserver.com]
domain1.org.au     smtp:[mailbox.mymailserver.com]

transport contains lines like:

domain2.net        spamanalyser:

spamcollector and localdomains contain lines like:

domain1.org.au        domain1.org.au
.domain1.org.au        .domain1.org.au
domain1.com        domain1.com
.domain1.com        .domain1.com
domain2.net        domain2.net
.domain2.net        .domain2.net

And finally master.cf is finished with the line:

spamanalyser unix - n n - - pipe flags=R user=nobody argv=/path-to/analyser.rb

Thanks in advance,

Regards,

Michelle

Reply via email to