|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: filter framework (long-ish)
From: Colin Campbell (sgcccdc
citec.qld.gov.au)
Date: Fri May 02 2003 - 00:18:53 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
On Thu, 1 May 2003 12:21:12 -0400 (EDT)
Victor.Duchovnimorganstanley.com wrote:
> If anything, I would propose a more radically streamlined queue manager,
> where the trivial-rewrite lookups are performed as a last step in
> "cleanup", leaving the queue manager to just schedule delivery agents,
> without any need to perform external lookups of any sort.
>
> If per-user content filtering amounted to consulting an alternate
> transport table in trivial-rewrite (based on a flag in the queue manager
> resolve request), I have no objections as the mechanism would have the
> same queue manager latency as the current Postfix. This could again be
> implemented in cleanup as above, with cleanup requesting either the
> regular or the filter transport table.
Forgive me for perpetuating this thread but I'm not sure that will provide the
functionality I would like to see. I would like to see some of the functionality
of smtpd's check_xxx_access replicated for filtering, namely:
check_client_filter (works like check_client_access)
check_sender_filter (works like check_sender_access)
check_recipient_filter (works like check_recipient_access)
Within these checks the RHS values would be:
OK -> do not filter (ie leave transport:next_hop alone)
transport:next_hop -> use this transport:next_hop instead
I also would like to see
filter_classes (works like smtpd_restriction_classes)
to provide exceptions.
Why am I harpiong on this? I feel I have what seems to be a fairly complex
set of requirments and conditions to live with:
a) the filter host is not local
b) customers have a requirement that some mail must *not* be filtered
c) we sell
filter outgoing and incoming
filter outgoing only
filter incoming only
allow exceptions
I have implemented a pure postfix setup (two instances of postfix; could
have done it with one but yet more requirements make using 2 easier) that
does all of this when there's only one recipient per email. If there are
multiple recipients (in different domains) then I can't guarantee both of
these:
- mail that should be filtered, is
- mail that should not be filtered, isn't
Maybe my setup is too simple and I need to add one or more postfix instances
although I could implement the filtering checks I need in a local filter based
on smtpprox. Will give this some thought over this long weekend.
This should be the last you hear from me on this unless you want more :-)
Colin
--
Colin Campbell
Unix Support/Postmaster/Hostmaster
CITEC
+61 7 3227 6334
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]