From: Aaron Wolfe (aawolfegmail.com)
Date: Thu Sep 06 2007 - 21:37:21 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/6/07, Wietse Venema <wietseporcupine.org> wrote:
>
> Aaron Wolfe:
> > On 9/6/07, Wietse Venema <wietseporcupine.org> wrote:
> > >
> > > Aaron Wolfe:
> > > > Hi,
> > > >
> > > > I am trying to find a way to allow different domains to have
> different
> > > > white/blacklists, i.e. if my customer #1 wants to whitelist spammer
> A,
> > > > client #2 doesn't have to take their junk. I've got my blacklist
> in
> > > mysql
> > > > working fine sitewide, and I have a field in the table that contains
> the
> > > > domain that requested the entry (and should be the only domain who's
> > > > incoming mail causes the entry to be used). It doesn't seem like I
> can
> > > get
> > > > postfix to query based on both the sending domain *and* the
> recipient
> > > > domain.
> > > >
> > > > I've searched around a lot but haven't found it, maybe I am
> blind. I
> > > have
> > > > per domain smtpd restrictions working for just about every other UCE
> > > control
> > > > (per recipient RBL usage, per recipient dns and RFC checks,
> etc). This
> > > per
> > > > recipient + per sender whitelist is eluding me. Is there a way?
> > >
> > > By design you can't have an access map per user. This would
> > > run Postfix out of file handles very quickly.
> > >
> > > Wietse
> > >
> >
> >
> > Maybe if I used file handles... but I'm doing sql queries. The number
> of
> > queries is the same as any site wide access list, I just hope to find a
> way
> > to query on two elements instead of one.
>
> Postfix does not know that multiple SQL queries use the same socket.
> Even if it does, one access map per recipient is not practical
> because it uses up a chunk of resources.

I think maybe I am being unclear. I simply want to do a lookup using two
pieces of information (in this case, the sender and the recipient). This
would not increase the number of lookups being done, it would not be
mulitple SQL queries. It isn't "one access map per recipient" as far as
postfix is concerned, its just one access map with two lookup criteria
instead of one. All the data is still in a single sql table just like with
a sitewide access list, and only one query is required to find it just like
in a sitewide access list.

I suggest that you divide access rules into classes, and that
> users can subscribe to one or more classes.
>
> See http://www.postfix.org/RESTRICTION_CLASS_README.html.
>
> Work with the system, not against it.

I am aware of this, and I use it for smtpd restrictions already (different
UCE options for different domains). However, I can't see a way to have per
(recipient) domain white/blacklists without creating a separate class for
each domain... and that would just be impossible with the number of domains
I have. I don't think having hundreds of classes would be working "with the
system" and conservative on resources compared to simply adding an element
to a sql query, but maybe I am wrong.

        Wietse
>
> > Postfix will almost do this now, you can specify a query = "SELECT
> whatever
> > FROM table WHERE x = " etc, and you can insert the search item and some
> > variations of it into the query wherever you'd like. You can also of
> course
> > specify other static values in the query. All that's missing is the
> ability
> > to specify other dynamic info related to the current lookup besides the
> > primary search item, for instance if a lookup is done at the recipient
> > phase, postfix knows the client, sender and recipient info so why can we
> > only use one of them in any single lookup? OR is there a way that I
> haven't
> > found?
> >
> > I hope I make some kind of sense. This seems strangely limited (or
> maybe
> > there is a very good reason I haven't figured out :)
> >
> > -Aaron
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]