Dear Postfix users,
I have a fairly quiet Postfix server and so can just about get away with
having 'reject_unverified_sender set' as default. This does lose genuine
email from time to time so to mitigate, I have a SPAWN policy service
'policy-nv' which checks a global file for exceptions. In addition each
mailbox can have a local file with its own exceptions that will override
a global file reject or ok match. I'm currently testing a process to
disable reject_unverified_sender checks on a per mailbox basis but would
like to compliment this feature with an in-milter log report when a
sender would have failed sender verification.
In an attempt accomplish failure logging, I decided to add
'warn_if_reject reject_unverified_sender' to cache the result prior to
calling the policy. The intention was to then search the Postfix
'address_verify_map' btree database for a match from within the policy.
There's a major problem though as the policy runs as nobody, and the
BTree database is owned by Postfix. It is also illegal to call a policy
using postfix permissions, and I wouldn't want to do that anyway. I am
wondering if there's workaround or perhaps another way to tell the
spawned policy that the sender has failed the test? Perhaps reading the
database isn't such a good idea anyway. For a start I don't know if
'warn_if_reject reject_unverified_sender' completes before passing
spawning.
If reading the address verify map database outside of Postfix bad idea,
I will accept that. I only want it to log to a dedicated file for my
convenience so not the end of the world if I can't do it. 'warn_if'
will log failures to the mail.log in any case. Out of interest (even if
I drop this idea) what do the first two colon separated digits of the
matched reply refer to? The third is obviously UNIX time fourth the reply.
0:0:1636478315:250 Accepted
smtpd_sender_restrictions =
warn_if_reject reject_unverified_sender
# policy replies with action=OK/REJECT/DUNNO
check_policy_service unix:private/policy-nv
reject_unverified_sender
Thanks for your help.
Best wishes,
Mick.
