On 5/27/2016 3:51 AM, Konstantin Kletschke wrote: > Hi, > > I wonder if there is a mechanism to implement a function to whitelist > mime_header_checks or not. > > I read this is not possible, I also read this is possible with separate > cleanup (because header_checks and mime_header_cheks belongs to > cleanup) > and smtpd in master.cf... 50:50
The separate cleanup+header_checks must listen on a different IP:port. You'll need to arrange with the sender to use the alternate IP:port rather than your normal MX:25, or use firewall tricks to redirect the sender to the alternate IP:port. Both these are inconvenient and prone to breakage because they're different from normal mail flow. So... whitelisting (mime_)header_checks is not possible without fragile infrastructure changes that don't scale well. And it's not really whitelisting, it's exempting specified clients from any header_checks. > > I have a mime_header_checks statement in my main.cf rejecting mails > with > specific attachements. Some hosts sending these attachements on > purpose needs to be whitelisted. So I implemented this in main.cf: > > header_checks=pcre:/etc/postfix/whitelist > mime_header_checks=regexp:/etc/postfix/blocked_attachements > > /etc/postfix/whitelist looks this way: > > /from@mail\.address/ FILTER smtp:[127.0.0.1]:10027 That can't work because the blocking header_checks have already run. FILTER specifies the next-hop *after* the mail is received and queued. Use amavisd-new or similar content/proxy/milter/filter to apply different policies to different senders. -- Noel Jones
