MS+Postfix, Selective HOLD

Hugo van der Kooij hvdkooij at vanderkooij.org
Sun Apr 6 09:30:37 IST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have been trying to get my head around this question before. I find
that I have a scalability problem that I could resolve if I can put
messages on HOLD for MS to pickup only if it is not for a certain recipient.

There is one recipient that goes straight into a procmail parser to
extract specific information. There is no need to fire up the whole MS
circus for each message. This is an automated system that will get 1
message per monitored SMTP server per minute.

The normal config is:
#       Do some header checks
#       This includes setting almost anything on hold for MailScanner to
pick up
header_checks = regexp:/etc/postfix/regexp/header-checks

So I have tried a number of setups. Most of them failed miserably.

This morning I woke up whith what seems to be the answer so I gave it a
spin and here are my findings.


What does work is at the end of my smtpd checks add a table to list
explicit addresses to scan. In the main.cf it looks like:

#       Access rules
smtpd_client_restrictions =
~        permit_mynetworks,
~        permit_sasl_authenticated,
....Long list removed.......
~        reject_unauth_destination,
~        check_recipient_access hash:/etc/postfix/hash/valid-recipients

And the hash tables explicit lists everyone for whome MS should be
called upon. Like:

hugo at vanderkooij.org		HOLD
hvdkooij at vanderkooij.org	HOLD

(I know putting email in the clear scares some people. But if you ever
see a Megalist without these two then do not buy it. ;-)

But the drawback is it only works for a simple setup at home with only a
moderate list of recipients. And where you actually know all the recipients.


But if you want to have just a few exceptions then you better use
regular expressions.

So replace:
check_recipient_access hash:/etc/postfix/hash/valid-recipients

with:
check_recipient_access regexp:/etc/postfix/regexp/MailScanner

With /etc/postfix/regexp/MailScanner looking like:

#
#        header_checks - Postfix built-in header/body inspection
#
/exclusion at test\.example\.net/          OK

#       Everyone else will go through MailScanner!
/.*/                                    HOLD

#       EOF


This does the trick for me. It might work for others.

Hugo.

- --
hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH+IorBvzDRVjxmYERAgMyAJ4xhxORHyI5FCR4+SmqBsHF0hEG6ACdEsxF
Rc+yfJOmfToGmB65GW0nQ1I=
=u3N0
-----END PGP SIGNATURE-----

More information about the MailScanner mailing list