"Local whitelist" for the next restriction possible?
This is a discussion on "Local whitelist" for the next restriction possible? within the mailing.postfix.users forums, part of the Mail Servers and Related category; For quite some time now I'm thinking about a sort of "local whitelist" for a given reject_mumble ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-15-2004
|
|||
|
|||
"Local whitelist" for the next restriction possible?
For quite some time now I'm thinking about a
sort of "local whitelist" for a given reject_mumble restriction. Ie, sometimes, a rule catches a good amount of spam but catches some legitimate hosts at the same time. So, I want to do something like: reject_rbl_client bl.example.com but not if client is a.b.c.d or c.d.e.f. ....and continue evaluating the list of restrictions. Note "spreading" the list to smtpd_mumble_restrictions does not work, because I want more such "local whitelists" when there are "mumbles". In principle it is possible to achieve this by turning reject_rbl_client into a regex map like this: /a.b.c.d/ DUNNO /c.d.e.f/ DUNNO /./ reject_rbl_client bl.example.com (which does not really work, because first the hostname will be looked, and an IP address after that). Another my thought was to create a map like this (using inline fnmatch for simplicity): check_client_access fnmatch:a.b.c.d|c.d.e.f:warn_if_reject, reject_rbl_client bl.example.com (any map will do), to turn the reject into reject_warning for the listed hosts only. It looked like an excellent idea - all is here, and I will be seeing Helpful Warnings (tm) about my rule being used.. but nope, it does not work again, because warn_if_reject applies to the next restriction in THE SAME list of restrictions, which in this case consists of only one "restriction", that is, the warn_if_reject itself. So after numerous experiments, I'm after writing either a tcp map or policy map daemon for this very stuff, that will emulate the regex "solution" above, with the side effect of making the restriction list almost unreadable. And I was quite surprized such a natural, at first glance, way to do things is not possible in postfix. Am I only one who wanted such a logic? Well... Maybe this example isn't the best one - if I want to whitelist a host, I probably will whitelist it "globally", i.e. accept (permit) it right at the start of restrictions. But I'm thinking about a bit different stuff too: e.g. by "whitelisting" a rule for a given recipient - like, a known spam-sending host is allowed for a given list of recipients (which is in fact possible with regex map like the above), but only if it isn't shows other spam characteristics (like blocklisted or unverified sender for example). Comments? /mjt 
|
Linear Mode
