MS+Postfix, Selective HOLD

Glenn Steen glenn.steen at gmail.com
Sun Apr 6 20:38:41 IST 2008 

On 06/04/2008, Hugo van der Kooij <hvdkooij at vanderkooij.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA1
>
>  Hi,
>
>  I have been trying to get my head around this question before. I find
>  that I have a scalability problem that I could resolve if I can put
>  messages on HOLD for MS to pickup only if it is not for a certain
> recipient.
>
>  There is one recipient that goes straight into a procmail parser to
>  extract specific information. There is no need to fire up the whole MS
>  circus for each message. This is an automated system that will get 1
>  message per monitored SMTP server per minute.
>
>  The normal config is:
>  #       Do some header checks
>  #       This includes setting almost anything on hold for MailScanner to
>  pick up
>  header_checks = regexp:/etc/postfix/regexp/header-checks
>
>  So I have tried a number of setups. Most of them failed miserably.
>
>  This morning I woke up whith what seems to be the answer so I gave it a
>  spin and here are my findings.
>
>
>  What does work is at the end of my smtpd checks add a table to list
>  explicit addresses to scan. In the main.cf it looks like:
>
>  #       Access rules
>  smtpd_client_restrictions =
>  ~        permit_mynetworks,
>  ~        permit_sasl_authenticated,
>  ....Long list removed.......
>  ~        reject_unauth_destination,
>  ~        check_recipient_access
> hash:/etc/postfix/hash/valid-recipients
>
>  And the hash tables explicit lists everyone for whome MS should be
>  called upon. Like:
>
>  hugo at vanderkooij.org            HOLD
>  hvdkooij at vanderkooij.org        HOLD
>
>  (I know putting email in the clear scares some people. But if you ever
>  see a Megalist without these two then do not buy it. ;-)
>
>  But the drawback is it only works for a simple setup at home with only a
>  moderate list of recipients. And where you actually know all the
> recipients.
>
Actually... If you (as ) already use the relay_recipient_map thing,
it'd be trivial to rewrite the script that generates the
relay_recipient_map to also do an access_map...:).
 But then again...
>
>  But if you want to have just a few exceptions then you better use
>  regular expressions.
>
>  So replace:
>  check_recipient_access
> hash:/etc/postfix/hash/valid-recipients
>
>  with:
>  check_recipient_access
> regexp:/etc/postfix/regexp/MailScanner
>
>  With /etc/postfix/regexp/MailScanner looking like:
>
>  #
>  #        header_checks - Postfix built-in header/body inspection
>  #
>  /exclusion at test\.example\.net/          OK
>
>  #       Everyone else will go through MailScanner!
>  /.*/                                    HOLD
>
>  #       EOF
>
>
>  This does the trick for me. It might work for others.
This would be a better replacement for the header check thing, in
cases where you'd like to be selective. Thanks for thinking it up, and
sharing.

>  Hugo.
>
Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list