NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2004-06

Re: "Local whitelist" for the next restriction possible?

Victor.DuchovniMorganStanley.com
Date: Tue Jun 15 2004 - 13:08:45 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 15 Jun 2004, Michael Tokarev wrote:

> For quite some time now I'm thinking about a sort of "local whitelist"
> for a given reject_mumble restriction. Ie, sometimes, a rule catches a
> good amount of spam but catches some legitimate hosts at the same time.
> So, I want to do something like:
>
> reject_rbl_client bl.example.com but not if
> client is a.b.c.d or c.d.e.f.
>
> Comments?
>

This is a sensible request. Until something along these lines is
implemented, one can always implement a "skip" whitelist entry as follows:

smtpd_restriction_classes =
rr_1, rr_2, rr_3, ..., rr_N

        smtpd_recipient_restrictions =
                permit_mynetworks,
                permit_sasl_authenticated
                reject_unauth_destination,
                rr_1

        rr_1 =
                check_mumble_access hash:/etc/postfix/rr_1_access,
                ... rr_1 rules ...
                rr_2

        rr_2 =
                check_mumble_access hash:/etc/postfix/rr_2_access,
                ... rr_2 rules
                rr_3

        rr_N =
                check_mumble_access hash:/etc/postfix/rr_N_access,
                ... rr_N rules ...

Any of the rr_K_access tables can skip to a later rule with a RHS entry of
rr_K+1! This is ugly.

A more general:

if_ok restriction
some_other_restriction

if_defer restriction
next_restriction

if_permit restriction
next-restriction

would be a big win. The hard part is not losing your mind while trying to
ensure robust semantics with defer_if_permit, defer_if_reject, ...

Probably grouping would have to be introduced

        if_ok { list } { list }
        if_defer { list } { list }
        ...

Do you want to propose a more fleshed out design?

--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]