On Monday, May 08, 2017 08:09:45 PM Andreas Schamanek wrote: > Hi there, > > I am open to suggestions but for now I am running Postfix 2.11.3 > (Debian Stable), Postgrey 1.35 and postfix-policyd-spf-python 2.0.1, > joined together with > > smtpd_recipient_restrictions = (...) > reject_unauth_destination > check_policy_service unix:private/policyd-spf > # postgrey > check_policy_service inet:127.0.0.1:60000 > > I not yet very familiar with the many details of Postfix but if I am > not mistaken a policy service can only return 1 action (AFAIK this is > still the case in 3.x, too!? cf. [1]). > > So, policyd-spf is bound to either PREPEND a header _or_ send an OK. > Is there a way to configure this so that policyd-spf in case of > SPF-Pass causes Postfix to prepend a header _and_ skip the > greylisting? > > I haven't tried it but I assume that I could call policyd-spf twice > with 2 different configs, the 1st to send PREPEND, the 2nd to send OK. > However, if possible I wanted to avoid this waste of resources. > > I found a thread from 2014 by Wietse re. [Idea: multiple actions in > access/header_checks/policy results][1]. It seems this is what I am > looking for, but it hasn't been hacked into Postfix, or have I just > missed the respective documentation? > > [1]: > http://postfix.1071664.n5.nabble.com/Idea-multiple-actions-in-access-header > -checks-policy-results-td71906.html
If you look at README.per_user_whitelisting that's included with the policy server it shows methods to take different actions based on the SPF result. You do have to run it twice to also prepend the header field, but (assuming a local DNS cache - which you really should have anyway) the resource implications are not large. Virtually all of the overhead associated with SPF checks are due to waiting on DNS lookups. As long as it's in the local cache for the second instance, that should be pretty minimal. That text could use some work, so if you have suggestions, please file bugs in the project bug tracker [1]. Scott K [1] https://bugs.launchpad.net/pypolicyd-spf/
