From: Wietse Venema (wietseporcupine.org)
Date: Mon Apr 09 2007 - 05:54:55 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Daniel L. Miller:
[ Charset ISO-8859-1 unsupported, converting... ]
> Currently, my spam checkers are enabled via:
>
> smtpd_recipient_restrictions =
> check_recipient_access hash:/etc/postfix/maps/recipient_access,
> permit_sasl_authenticated,
> reject_unauth_destination,
> permit
>
> and recipient_access:
> amfes.com FILTER lmtp-amavis:[127.0.0.1]:10024
>
> The goal is to restrict content filter processing to inbound mail for
> the hosted mailboxes. Part of my filter toolbox is dspam. In the past,
> I used an opt-in technique where I specifically configured dspam as to
> which mailboxes were to be processed - so dspam would take mail
> addressed to others and merely pass it along. As this was an extremely
> painful way to handle this, I switched to an opt-out technique.
>
> Everything was working just swimmingly, until I saw a message sent by
> one of my valid users with a large CC block which included at least one
> other local user. This appears to have had dspam process the message
> for every recipient of that message - which I decidedly did NOT want.
>
> I'm confident there's a simple, elegant Postfix solution to this.

Indeed. Use a separate mail submission port for "your own" users
and accept authenticated mail only.

There's is even an official network port for this:

/etc/postfix/master.cf:
submission inet n - n - - smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_mynetwoks,permit_sasl_authenticated,reject

        Wietse

> Probably something that checks the sender address and only performs the
> content filter if the sender address is external. I just don't see it
> waving at me in the docs. Could someone highlight for me please?
>
> --
> Daniel
>
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]