Let postfix bypass MailScanner for specific recipients

Hugo van der Kooij hvdkooij at vanderkooij.org
Sun Jan 13 14:29:53 GMT 2008

Hash: SHA1


I have the need to bypass MailScanner for specific recipients which I
can define as regular expression. I was oping to do this much in the way
I definne custom reject messages without the need of large line in
access tables.

Un fortunatly this does not work as planned as nothing gets put on HOLD

So this is what I did:

~ 1. in main.cf

header_checks = regexp:/etc/postfix/regexp/header-checks

#       Classifications
smtpd_restriction_classes =
~        work_MS,
~        reject_RFC,
~        reject_auto,
~        reject_auto_virus,
~        reject_domain,
~        reject_dynamic,
~        reject_infected,
~        reject_spam,
~        reject_user
work_MS = check_client_access regexp:/etc/postfix/class/work_MS
reject_RFC = check_client_access regexp:/etc/postfix/class/reject_RFC
reject_auto = check_client_access regexp:/etc/postfix/class/reject_auto
reject_auto_virus = check_client_access
reject_domain = check_client_access regexp:/etc/postfix/class/reject_domain
reject_dynamic = check_client_access
reject_infected = check_client_access
reject_spam = check_client_access regexp:/etc/postfix/class/reject_spam
reject_user = check_client_access regexp:/etc/postfix/class/reject_user

~ 2. in class/work_MS:

/To: loopback at .*\.waakhond\.net/        OK
/./                                     HOLD

~ 3. in regexp/header-checks:

/^Received:/                           work_MS

While in the past it would point straight to HOLD in the
regexp/header-checks file

I can imagine it would be an issue with the check_client_access stuff.
But then I should be able to simplify this by using the following lines
in the regexp/header-checks:

/To: loopback at .*\.waakhond\.net/        OK
/^Received:/                            HOLD

While this put all the incoming messages one again in the hold queue it
also does this for the ones I wan to exclude.

The simple reason is that the loopback account eats email and checks
each message on a number of keys and if all of them match will log the
arrival time matched to the keys. As MailScaner will add extra delay and
~ most importantly a very flexible amount of delay the time measurements
on the messages becomes tainted.

So you may now understand why I wan tthe bypass to work selectively and
am not worried about an incidental spam message ending up there.

Any suggestions to make this actually work?


- --
hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

Version: GnuPG v1.4.7 (GNU/Linux)


More information about the MailScanner mailing list