Re: different milters for different SMTP clients

Thu, 28 Jul 2022 11:24:55 -0700 

Many thanks guys!
It was very useful. I did not understand what a Postfix cidr map can contain, I 
though it can be only OK, REJECT, DISABLE keywords.
Given that I have three local nets - netA, netB, netC - and three milters of 
which one applies to all nets, my postfix config would look like:

smtpd_milters = DKIM_milter, Antivirus_milter, Spam_milter
smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map

/etc/postfix/smtpd_milter_map:
        netA            DKIM_milter, Antivirus_milter
        netB            DKIM_milter, Antivirus_milter
        netC    DKIM_milter, Antivirus_milter

And smtpd_milters directive will catch all networks not explicitly listed in 
smtpd_milter_map.

It is also true that some milters can control which clients they serve and how, 
but I’d prefer to control that from Postfix configuration.
Thanks again,
Ivars

> On 28 Jul 2022, at 18:10, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
> 
>> On 2022-07-28 13:17, Ivars Strazdiņš wrote:
>>> The example for smtpd_milter_maps setting seems to be all or none approach 
>>> - it seems not possible to configure postfix to apply only some milters 
>>> based on client’s IP address.
> 
> hmmm you have misunderstood it? for every host/IP/eange (depending on map 
> type) you list all milters to use.
> 
> for non-matching IPs, the list in smtpd_milters is used.
> 
> On 28.07.22 17:04, Jesper Dybdal wrote:
>> If I've understood what you want, then smtpd_milter_maps can do just that.  
>> Here is my smtpd_milter_map file:
> 
>> # The Postfix mailing list seems to send from some
>> # of these addresses:
>> 168.100.1.0/28    inet:127.0.0.1:10029
>> 
>> # bendel.debian.org: Debian mailing lists:
>> 82.195.75.100    inet:127.0.0.1:10029
>> 
>> # vger.kernel.org: Netfilter mailing list:
>> 23.128.96.18    inet:127.0.0.1:10029
>> 
>> # postfix.charite.de: Amavis mailing list:
>> 141.42.206.35    inet:127.0.0.1:10029
>> 
>> # lists.clamav.net: ClamAv mailing list:
>> 192.34.61.247    inet:127.0.0.1:10029
>> 
>> # Catchall: use both milters for all other client addresses
>> # (IPv6 included just in case it becomes relevant some day):
>> 0.0.0.0/0    inet:127.0.0.1:10029,inet:127.0.0.1:10030
>> ::/0        inet:127.0.0.1:10029,inet:127.0.0.1:10030
> 
> note that the catchall is not needed - simply use smtpd_milters
> 
> -- 
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> REALITY.SYS corrupted. Press any key to reboot Universe.

Reply via email to