MS+Postfix, Selective HOLD
Glenn Steen
glenn.steen at gmail.com
Sat Apr 12 15:59:10 IST 2008
On 12/04/2008, Hugo van der Kooij <hvdkooij at vanderkooij.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Glenn Steen wrote:
> | On 06/04/2008, Hugo van der Kooij <hvdkooij at vanderkooij.org> wrote:
> |> -----BEGIN PGP SIGNED MESSAGE-----
> |> Hash: SHA1
> |>
> |> Hi,
> |>
> |> I have been trying to get my head around this question before. I find
> |> that I have a scalability problem that I could resolve if I can put
> |> messages on HOLD for MS to pickup only if it is not for a certain
> |> recipient.
> |>
> |> There is one recipient that goes straight into a procmail parser to
> |> extract specific information. There is no need to fire up the whole MS
> |> circus for each message. This is an automated system that will get 1
> |> message per monitored SMTP server per minute.
> |>
> |> The normal config is:
> |> # Do some header checks
> |> # This includes setting almost anything on hold for MailScanner
> to
> |> pick up
> |> header_checks =
> regexp:/etc/postfix/regexp/header-checks
> |>
> |> So I have tried a number of setups. Most of them failed miserably.
> |>
> |> This morning I woke up whith what seems to be the answer so I gave it a
> |> spin and here are my findings.
> |>
> |>
> |> What does work is at the end of my smtpd checks add a table to list
> |> explicit addresses to scan. In the main.cf it looks like:
> |>
> |> # Access rules
> |> smtpd_client_restrictions =
> |> ~ permit_mynetworks,
> |> ~ permit_sasl_authenticated,
> |> ....Long list removed.......
> |> ~ reject_unauth_destination,
> |> ~ check_recipient_access
> |> hash:/etc/postfix/hash/valid-recipients
> |>
> |> And the hash tables explicit lists everyone for whome MS should be
> |> called upon. Like:
> |>
> |> hugo at vanderkooij.org HOLD
> |> hvdkooij at vanderkooij.org HOLD
> |>
> |> (I know putting email in the clear scares some people. But if you ever
> |> see a Megalist without these two then do not buy it. ;-)
> |>
> |> But the drawback is it only works for a simple setup at home with only
> a
> |> moderate list of recipients. And where you actually know all the
> |> recipients.
> |>
> | Actually... If you (as ) already use the relay_recipient_map thing,
> | it'd be trivial to rewrite the script that generates the
> | relay_recipient_map to also do an access_map...:).
> | But then again...
> |> But if you want to have just a few exceptions then you better use
> |> regular expressions.
> |>
> |> So replace:
> |> check_recipient_access
> |> hash:/etc/postfix/hash/valid-recipients
> |>
> |> with:
> |> check_recipient_access
> |> regexp:/etc/postfix/regexp/MailScanner
> |>
> |> With /etc/postfix/regexp/MailScanner looking like:
> |>
> |> #
> |> # header_checks - Postfix built-in header/body inspection
> |> #
> |> /exclusion at test\.example\.net/ OK
> |>
> |> # Everyone else will go through MailScanner!
> |> /.*/ HOLD
> |>
> |> # EOF
> |>
> |>
> |> This does the trick for me. It might work for others.
> | This would be a better replacement for the header check thing, in
> | cases where you'd like to be selective. Thanks for thinking it up, and
> | sharing.
>
> Sharing is what make OS so much stronger.
>
> But I have found an issue I am not able to pinpoint yet. Every email to
> my postmaster seems to bypass MailScanner as well. I have grepped my
> config files untill my fingers grew tired. But I have no postmaster
> exception in postfix anywhere. Nor do I have one in MailScanner.
>
> Is there an buildin option of postfix I am missing here?
Nah, it likely is a regexp thing:-).
Your pattern
/.*/
litteraly means "anything containing at least one character". So you
need match the empty recipient as well with a separate
/^$/ HOLD
pattern in there, or else the empty sender (==MAILER-DAEMON,
postmaster or ...:-) will simply "fall through".
Try it and tell us how you fare!
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list