On Tue, Sep 13, 2016 at 05:40:09PM +0200, Christian Rößner wrote:
> > Don't confuse the socketmap layer protocol which can find, not find or
> > tempfail a lookup, with the Postfix syntax for the lookup result, which,
> > depending on context access(5), header_checks(5), ...
> > may begin with various keywords such as:
> >
> > OK
> > DUNNO
> > REJECT
> > DEFER
> > WARN
> >
> > or just some address or transport spec as with virtual(5) or transport(5).
>
> Yes I know. But the "map"-logic must be somehow interpreted by the calling
> option. So for tcp-map I found out that I need to send
>
> 200 <space> dunno <newline>
> or
> 200 <space> reject <newline>
>
> to get the wanted results from postscreen_access_list
>
> I looked for the same syntax in socketmap (knowing that it needs to be
> encoded).
>
> But at the end I can stay with tcp-map, as the postfix option in postscreen
> itself does not know more than the described responses.
>
> Is there some chance that postscreen could be extended to also have "defer"?
Clients that you're unwilling to block outright should probably be
deferred by smtpd(8) and not postscreen(8). The latter is designed
to reject botnet traffic from definitely illegitimate clients.
Postscreen does not seem to at present support a blacklist 'defer'
action.
--
Viktor.
