jeffb at espi
May 22, 2002, 8:52 AM
Post #4 of 4
BE> This is using header/body checks in postfix?
Re: (REPOST) Filtering from Dbmail and Postfix
[In reply to]
The "loose" server does NOT do regexp checks, while the "tight" server
Both use a MySQL table of blocked addresses (similar to the "access"
table in postfix), and each has a postfix hash table of IPs to not
accept mail from.
Eventually, everything except the REGEXP be combined into a single
MySQL table of email addresses/domains and IP subnets, with a "level"
field - the different mail servers will do their selects from this
table with a 'where' clause that will chose which level to use.
That is, "select action from myaccess where mailfrom = 'badguy [at] u'
and level < 2" would ignore a block on this address that had a level
of 4 assigned.
>> However, you could use a Perl script as the "transport agent"
BE> Something like:
BE> 1. transport for bpsnetworks.com is a pipe to filter.pl
BE> 2. filter.pl does:
BE> a. lookup enduser [at] bpsnetworks
BE> b. if unfiltered, call dbmail-smtpd to deliver message
BE> c. if filtered, call virus/spam filters and then hand it to
BE> dbmail-smtpd (if it lives)
BE> Is that what you are suggesting? If so, it seems that this would
BE> require one of 2 options.
BE> 1. either use an existing, unused field in the db (like user.clientid)
BE> 2. add an additional field to either the user or aliases table to
BE> indicate filtering or not
Yes, this is what I'm suggesting. The Perl script wouldn't have to use
any special file/database; a simple text file of "exceptions" to
"standard" processing would be usable. If the address doesn't match a
pattern in this exception file, it gets filtered. Otherwise, act upon
the options found within the filter.
We use the clientid fields to separate domains for listing in our
setup. But adding an additional field to the aliases table would not
be a bad thing... except when the table changes at version upgrades.
If you want filtering options ONLY at the domain level, that can be
handled in the transport table - if you're using my mysql-based
suggestion, you have complete control over that table anyway.
User-level filtering options, though, involve getting access to either
the user or aliases table, OR A COPY THEREOF. The aliases table would
be the more useful; you could have different actions for different
aliases of the same user...
BE> Am I understanding your suggestion correctly? OR, are you suggesting
BE> doing this lookup on a postfix table (I have mysql support in postfix).
BE> Also, is there a tool already in existence that would get me started on
BE> this? I don't mind doing some tweaking, but I am not that familiar with
BE> perl to write it from the ground up.
I haven't seen a tool like this, but it could probably be cobbled
together by a Perl expert in an hour or so... someone new to Perl
(like me) would take a few hours to do it. B-)
Engineered Software Products, Inc
Questionable web page: http://dididahdahdidit.com
Liberalism grants you the freedom to advocate any idea*.
* Please see http://www.dididahdahdidit.com/except.php for a
current list of exceptions