Re: "Local whitelist" for the next restriction possible?

On Tue, 15 Jun 2004, Michael Tokarev wrote:

> For quite some time now I'm thinking about a sort of "local whitelist"
> for a given reject_mumble restriction. Ie, sometimes, a rule catches a
> good amount of spam but catches some legitimate hosts at the same time.
> So, I want to do something like:
>
> reject_rbl_client bl.example.com but not if
> client is a.b.c.d or c.d.e.f.
>
> Comments?
>

This is a sensible request. Until something along these lines is
implemented, one can always implement a "skip" whitelist entry as follows:


smtpd_restriction_classes =
rr_1, rr_2, rr_3, ..., rr_N

smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated
reject_unauth_destination,
rr_1

rr_1 =
check_mumble_access hash:/etc/postfix/rr_1_access,
... rr_1 rules ...
rr_2

rr_2 =
check_mumble_access hash:/etc/postfix/rr_2_access,
... rr_2 rules
rr_3

rr_N =
check_mumble_access hash:/etc/postfix/rr_N_access,
... rr_N rules ...

Any of the rr_K_access tables can skip to a later rule with a RHS entry of
rr_K+1! This is ugly.

A more general:

if_ok restriction
some_other_restriction

if_defer restriction
next_restriction

if_permit restriction
next-restriction

would be a big win. The hard part is not losing your mind while trying to
ensure robust semantics with defer_if_permit, defer_if_reject, ...

Probably grouping would have to be introduced

if_ok { list } { list }
if_defer { list } { list }
...

Do you want to propose a more fleshed out design?

--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomo@postfix.org?body=unsubscribe%20p ostfix-users>