Seems to have no effect for unknown reasons. policy service is not called. Tried:
master.cf tls_whitelist_check unix - - n - - smtp -o header_checks= -o smtp_header_checks= -o smtpd_recipient_restrictions=check_policy_service,unix:private/policy -o sender_dependent_default_transport_maps= -o smtpd_relay_restrictions= header_checks in main.cf: /^Subject: .*/ FILTER tls_whitelist_check: mail.log reports: Jan 5 14:00:09 mx1 postfix/cleanup[31559]: 3FE0A8062A: filter: header Subject: test from mail1.remote.tld[1.2.3.4]; from=<rem...@remote.tld> to=<remo...@remote2.tld> proto=ESMTP helo=<mail1.bla>: tls_whitelist_check: mail gets delivered, but policy service is not used/called. What am i missing? Am Sa., 5. Jan. 2019 um 11:05 Uhr schrieb Stefan Bauer < cubew...@googlemail.com>: > Understood. Would it be possible to have header_checks in main.cf that > send mails with special subject with FILTER to smtp process that did not > have policy service as option > > and all other mails (/.*/) > > also with FILTER to smtp process with policy service? > > this way i can bypass policy service with special subject. > > Am Freitag, 4. Januar 2019 schrieb Bill Cole < > postfixlists-070...@billmail.scconsult.com>: > > On 4 Jan 2019, at 10:36, Stefan Bauer wrote: > > > >> Would it be possible to have FILTER as action in policy server > > > > Yes, but FILTER behaves as documented in the access(5) man page. The > first 5 words there describing what FILTER does are critical, but you > should read it all... > > > >> (in > >> recipient_restrictions) and send it to smtp process that uses > header_checks > >> do have mailroute based on subject? > > > > There can be NO WAY to exempt a message from policy that would apply at > RCPT time with facts that cannot be known until end-of-DATA time. Postfix > cannot modify the basic constraints of non-quantum causality or the arrow > of time or tell SMTP clients to re-order the fixed command sequence of SMTP. > > > > If you want to make any decisions about a message based on a header, you > must do that with a tool (header_checks, milter, content_filter, or > post-delivery backend) that has access to the message data because it > operates at end-of-DATA or after queueing. > >
