Hi dear folks in the list,Dovecot supports the authorization policy server [1], so I wonder if there's any initiative to provide similar support on postfix.
The workaround we've found so far is to us, for when dovecot and postfix are used together, use dovecot SASL. By doing that, we can configure postfix to block SMTP connections if they are rejected according to the auth server policies.
I wonder though how to proceed in scenarios where dovecot is not present.For my current use case the only criteria used in the policy is the client IP address, but I'd like some flexibility similar to what dovecot offers.
One alternative I've found so far are to use DNSBLs, or to implement (have not tested it though) is using smtpd_client_restrictions with reject_rbl_client using some custom list, but it has the usual limitations of RBLs.
I wonder how feasible it is to use the server auth policy with smtpd_client_restrictions. The protocol is quite simple, http/json based.
If it cannot be built into postfix, what do you folks think on having it as a third party component, doing the requests on behalf of postfix?
I imagine something like:smtpd_client_restrictions = check_client_a_access tcp:my_auth_policy_client:9999
Any thoughts on such idea? Do you folks know any (open source) solution already available for such use case?
Googling for `postfix policy server` leads to some solutions which seem to be too complex for such simple use case, but I am probably missing something.
[1] https://doc.dovecot.org/configuration_manual/authentication/auth_policy/ -- Regards, Leandro Santiago Software Craftsman at Lightmeter https://lightmeter.io
OpenPGP_0xAB5F702209190A96.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
