OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Content filter wants to know sender's IP
From: Andrew Sweger (andyn2h2.com)
Date: Fri Jun 02 2000 - 10:40:20 CDT

On Jun 2, 2000 5:50pm, Alexander Nosenko wrote:

> Last snapshot-20000531 has support for content filtering, but I would like
> to make a proposal: can we have message filtering by sender's IP and
> message size, not only by content? How can I get access to the sender's IP
> from filtering script and is it possible at all ?
> (Our company has some security rules about outgoing mail, who can send it
> and how much). Access tables can't do content filtering and content filter
> can't do sender's IP filtering, it seems...
> May be, one more magic-header to be passed to the filter script as argument
> ( X-postfix-sender-IP or something) ;-)?

You're talking about controlling two distinct domains: the sender (person)
and IP (machine). I'm the same sender, but I may generate my email from
many differnt IP's depending on where I'm at. If your PHB's want to
control by the sender, then Postfix can help. If they want to control by
location (such as not letting the Marketting network machines sending
email to Engineering), then applying an appropriate firewall policy is in
order. I'm using the term firewall in the broader sense of well thought
out policy and risk analysis, not a firewall-in-a-box. Let the network
engineer figure out implementation. 

-- 
 Andrew Sweger <andyn2h2.com>   |  N2H2, Incorporated
 Systems Architect               |  900 Fourth Avenue, Suite 3400
 Advanced Technologies Division  |  Seattle WA 98164-1059
 v=206.336.2947  f=206.336.1541  |  http://www.n2h2.com/