Let postfix bypass MailScanner for specific recipients

UxBoD uxbod at splatnix.net
Sun Jan 13 15:16:23 GMT 2008

Could you not just invert the regex for the To: pattern match ie.

/!To: loopback at .*\.waakhond\.net/        HOLD


--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
// Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net

----- Original Message -----
From: "Hugo van der Kooij" <hvdkooij at vanderkooij.org>
To: "MailScanner Mailinglist" <mailscanner at lists.mailscanner.info>
Sent: 13 January 2008 14:29:53 o'clock (GMT) Europe/London
Subject: Let postfix bypass MailScanner for specific recipients

Hash: SHA1


I have the need to bypass MailScanner for specific recipients which I
can define as regular expression. I was oping to do this much in the way
I definne custom reject messages without the need of large line in
access tables.

Un fortunatly this does not work as planned as nothing gets put on HOLD

So this is what I did:

~ 1. in main.cf

header_checks = regexp:/etc/postfix/regexp/header-checks

#       Classifications
smtpd_restriction_classes =
~        work_MS,
~        reject_RFC,
~        reject_auto,
~        reject_auto_virus,
~        reject_domain,
~        reject_dynamic,
~        reject_infected,
~        reject_spam,
~        reject_user
work_MS = check_client_access regexp:/etc/postfix/class/work_MS
reject_RFC = check_client_access regexp:/etc/postfix/class/reject_RFC
reject_auto = check_client_access regexp:/etc/postfix/class/reject_auto
reject_auto_virus = check_client_access
reject_domain = check_client_access regexp:/etc/postfix/class/reject_domain
reject_dynamic = check_client_access
reject_infected = check_client_access
reject_spam = check_client_access regexp:/etc/postfix/class/reject_spam
reject_user = check_client_access regexp:/etc/postfix/class/reject_user

~ 2. in class/work_MS:

/To: loopback at .*\.waakhond\.net/        OK
/./                                     HOLD

~ 3. in regexp/header-checks:

/^Received:/                           work_MS

While in the past it would point straight to HOLD in the
regexp/header-checks file

I can imagine it would be an issue with the check_client_access stuff.
But then I should be able to simplify this by using the following lines
in the regexp/header-checks:

/To: loopback at .*\.waakhond\.net/        OK
/^Received:/                            HOLD

While this put all the incoming messages one again in the hold queue it
also does this for the ones I wan to exclude.

The simple reason is that the loopback account eats email and checks
each message on a number of keys and if all of them match will log the
arrival time matched to the keys. As MailScaner will add extra delay and
~ most importantly a very flexible amount of delay the time measurements
on the messages becomes tainted.

So you may now understand why I wan tthe bypass to work selectively and
am not worried about an incidental spam message ending up there.

Any suggestions to make this actually work?


- --
hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

Version: GnuPG v1.4.7 (GNU/Linux)

MailScanner mailing list
mailscanner at lists.mailscanner.info

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list