|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: How to make sure sender's mail gets through [VASCL:A12E217A8CB]
From: Richmond Dyes (rdyes
monroehosp.org)
Date: Tue May 02 2006 - 14:53:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sandy Drobic wrote:
> Richmond Dyes wrote:
>> I use content filtering using regexp on my postfix server. I have a
>> list of users in my hashed access file to make sure their email gets
>> through no matter what the filtering says. it doesn't seem to be
>> working.
>>
>> Here is the order of my mail checks I have.
>>
>> I first do these on my recipient checking.
>>
>>
>> smtpd_recipient_restrictions =
>> reject_non_fqdn_recipient
>> reject_non_fqdn_sender
>> permit_mynetworks
>> reject_unauth_destination
>> reject_unauth_pipelining
>> reject_invalid_hostname
>> check_helo_access regexp:/etc/postfix/helo_checks
>> permit
>
> reject_unauth_pipelining is only useful in smtpd_data_restrictions.
>
> If you are already separating the restrictions in sender, helo,
> recipient etc, then you should consequently move the restrictions
> applied to helo to smptd_helo_restrictions:
>
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient
> reject_non_fqdn_sender
> permit_mynetworks
> reject_unauth_destination
>
> smptd_helo_restrictions =
> permit_mynetworks,
> reject_invalid_hostname
> check_helo_access regexp:/etc/postfix/helo_checks
>
> Also, reject_unauth_pipelining is not useful in helo restrictions.
>
>
>>
>> Then I have this redirect through port 10024 and 10025 using vams
>> antivirus and anti spam software to check mail for spam and viruses
>>
>> content_filter = smtp:[127.0.0.1]:10024
>>
>> I then have my senders checked using these parameters
>> smtpd_sender_restrictions =
>> check_sender_access hash:/etc/postfix/access
>>
>> Then I have these parameters for helo
>> smtpd_helo_required=yes
>> smtpd_helo_restrictions = permit_mynetworks, reject_unauth_pipelining
>>
>> I then have my custom regexp checks here.
>>
>> header_checks = regexp:/etc/postfix/header_checks
>> regexp:/etc/postfix/subject_checks #checks for
>> subject lines
>> regexp:/etc/postfix/rec_checks # checks for receive
>> lines in header
>> regexp:/etc/postfix/mailuser_checks #list of
>> mailusers that are able and unable to receive mail
>> body_checks = regexp:/etc/postfix/body_checks
>> #following are list of different
>> regexp:/etc/postfix/com_checks #list of .com domains
>> blocked
>> regexp:/etc/postfix/info_checks #list of .info domains
>> blocked
>> regexp:/etc/postfix/net_checks #list of .net domains
>> blocked
>> regexp:/etc/postfix/biz_checks #list of .biz domains
>> blocked
>
> This is probably where your problems occur. header_checks and
> body_checks are applied to ALL mails that use the same cleanup
> service. If you don't define separate cleanup services with separate
> configurations the header_body_checks will be applied to all mail.
>
> you might consider moving those restrictions to the appropriate
> sender/helo/recipient restrictions where you have more fine-tuned
> control about the order of restrictions.
So are you saying my header checks should be part of my
smptd_helo_restrictions and my body checks should be under
smtp_recipient_restrictions? If not, where?
>
>>
>> 1. How do I make sure the mail addresses and the domains in
>> check_sender_access hash:/etc/postfix/access go through no
>> matter what
>> other checks are done besides the spam and anti-virus checks
>> done my vams
>> software?
>
> S.o.
>
>> 2. Is the order of my checks efficient and logical and what
>> changes should I
>> make if they aren't?
>>
>
> S.o.
>
> Sandy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]