|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: How to make sure sender's mail gets through [VASCL:A125EFB4960]
From: Sandy Drobic (postfix-users
japantest.homelinux.com)
Date: Tue May 02 2006 - 10:11:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Richmond Dyes wrote:
> I use content filtering using regexp on my postfix server. I have a list of
> users in my hashed access file to make sure their email gets through no matter
> what the filtering says. it doesn't seem to be working.
>
> Here is the order of my mail checks I have.
>
> I first do these on my recipient checking.
>
>
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient
> reject_non_fqdn_sender
> permit_mynetworks
> reject_unauth_destination
> reject_unauth_pipelining
> reject_invalid_hostname
> check_helo_access regexp:/etc/postfix/helo_checks
> permit
reject_unauth_pipelining is only useful in smtpd_data_restrictions.
If you are already separating the restrictions in sender, helo, recipient
etc, then you should consequently move the restrictions applied to helo to
smptd_helo_restrictions:
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
permit_mynetworks
reject_unauth_destination
smptd_helo_restrictions =
permit_mynetworks,
reject_invalid_hostname
check_helo_access regexp:/etc/postfix/helo_checks
Also, reject_unauth_pipelining is not useful in helo restrictions.
>
> Then I have this redirect through port 10024 and 10025 using vams antivirus and
> anti spam software to check mail for spam and viruses
>
> content_filter = smtp:[127.0.0.1]:10024
>
> I then have my senders checked using these parameters
> smtpd_sender_restrictions =
> check_sender_access hash:/etc/postfix/access
>
> Then I have these parameters for helo
> smtpd_helo_required=yes
> smtpd_helo_restrictions = permit_mynetworks, reject_unauth_pipelining
>
> I then have my custom regexp checks here.
>
> header_checks = regexp:/etc/postfix/header_checks
> regexp:/etc/postfix/subject_checks #checks for subject lines
> regexp:/etc/postfix/rec_checks # checks for receive lines in header
> regexp:/etc/postfix/mailuser_checks #list of mailusers that are
> able and unable to receive mail
> body_checks = regexp:/etc/postfix/body_checks
> #following are list of different
> regexp:/etc/postfix/com_checks #list of .com domains blocked
> regexp:/etc/postfix/info_checks #list of .info domains blocked
> regexp:/etc/postfix/net_checks #list of .net domains blocked
> regexp:/etc/postfix/biz_checks #list of .biz domains blocked
This is probably where your problems occur. header_checks and body_checks
are applied to ALL mails that use the same cleanup service. If you don't
define separate cleanup services with separate configurations the
header_body_checks will be applied to all mail.
you might consider moving those restrictions to the appropriate
sender/helo/recipient restrictions where you have more fine-tuned control
about the order of restrictions.
>
> 1. How do I make sure the mail addresses and the domains in
> check_sender_access hash:/etc/postfix/access go through no matter what
> other checks are done besides the spam and anti-virus checks done my vams
> software?
S.o.
> 2. Is the order of my checks efficient and logical and what changes should I
> make if they aren't?
>
S.o.
Sandy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]