Calling a milter from smtpd_recipient_restrictions

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Calling a milter from smtpd_recipient_restrictions

Elaconta.com Webmaster
Hi

Is there any way to call a milter from smtpd_recipient_restrictions
rather than having the milter applied to all mail?

I'm talking specifically about sid-milter for SPF checking, i'd rather
have it check only incoming mail.

-----------------------------
Elaconta.com Webmaster
-----------------------------
Reply | Threaded
Open this post in threaded view
|

Re: Calling a milter from smtpd_recipient_restrictions

Sahil Tandon
* elaconta.com Webmaster <[hidden email]> [05-17-2008]:

> Is there any way to call a milter from smtpd_recipient_restrictions rather
> than having the milter applied to all mail?

I do not think it is possible to invoke milters from smtpd_*_restrictions.
                                                                         
> I'm talking specifically about sid-milter for SPF checking, i'd rather have
> it check only incoming mail.
                                                       
Maybe you can run two postfix instances that separately handle incoming and
outgoing mail; then place the milter only on the incoming instance?

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Calling a milter from smtpd_recipient_restrictions

Elaconta.com Webmaster
Sahil Tandon wrote:

> * elaconta.com Webmaster <[hidden email]> [05-17-2008]:
>
>  
>> Is there any way to call a milter from smtpd_recipient_restrictions rather
>> than having the milter applied to all mail?
>>    
>
> I do not think it is possible to invoke milters from smtpd_*_restrictions.
>                                                                          
>  
>> I'm talking specifically about sid-milter for SPF checking, i'd rather have
>> it check only incoming mail.
>>    
>                                                        
> Maybe you can run two postfix instances that separately handle incoming and
> outgoing mail; then place the milter only on the incoming instance?
>
>  
Well, the problem i was trying to solve was this: When a user AUTHs and
submits an email to Postfix, sid-milter also checks the user's home
address for SPF validity, which of course does not validate (the user's
home address is not allowed to submit email for the domain) and causes
an SPF fail. sid-milter should have an option to ignore AUTH'd users but
it does not. If i could get sid-milter to act only on received mail and
not on mail submitted by AUTH'd users the problem would be solved. Two
Postfix instances seems like a cannon to kill a fly so to speak.

-----------------------------
Elaconta.com Webmaster
-----------------------------

Reply | Threaded
Open this post in threaded view
|

Re: Calling a milter from smtpd_recipient_restrictions

Noel Jones-2
elaconta.com Webmaster wrote:

> Sahil Tandon wrote:
>> * elaconta.com Webmaster <[hidden email]> [05-17-2008]:
>>
>>  
>>> Is there any way to call a milter from smtpd_recipient_restrictions
>>> rather than having the milter applied to all mail?
>>>    
>>
>> I do not think it is possible to invoke milters from
>> smtpd_*_restrictions.
>>                                                                          
>>  
>>> I'm talking specifically about sid-milter for SPF checking, i'd
>>> rather have it check only incoming mail.
>>>    
>>                                                         Maybe you can
>> run two postfix instances that separately handle incoming and outgoing
>> mail; then place the milter only on the incoming instance?
>>
>>  
> Well, the problem i was trying to solve was this: When a user AUTHs and
> submits an email to Postfix, sid-milter also checks the user's home
> address for SPF validity, which of course does not validate (the user's
> home address is not allowed to submit email for the domain) and causes
> an SPF fail. sid-milter should have an option to ignore AUTH'd users but
> it does not. If i could get sid-milter to act only on received mail and
> not on mail submitted by AUTH'd users the problem would be solved. Two
> Postfix instances seems like a cannon to kill a fly so to speak.
>
> -----------------------------
> Elaconta.com Webmaster
> -----------------------------
>

Have your users submit mail on the "submission" port 587 -
after all, that's the purpose of it - and disable the milter
on that port.


something like:
# master.cf
...
submission   inet  n  -  n  -  -   smtpd
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=reject_plaintext_session
   -o
smtpd_recipient_restrictions=permit_sasl_authenticated,reject
   -o smtpd_data_restrictions=
   -o smtpd_milters=

season to taste.

--
Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Calling a milter from smtpd_recipient_restrictions

Elaconta.com Webmaster
Noel Jones wrote:

> elaconta.com Webmaster wrote:
>> Sahil Tandon wrote:
>>> * elaconta.com Webmaster <[hidden email]> [05-17-2008]:
>>>
>>>  
>>>> Is there any way to call a milter from smtpd_recipient_restrictions
>>>> rather than having the milter applied to all mail?
>>>>    
>>>
>>> I do not think it is possible to invoke milters from
>>> smtpd_*_restrictions.
>>>                                                                          
>>>  
>>>> I'm talking specifically about sid-milter for SPF checking, i'd
>>>> rather have it check only incoming mail.
>>>>    
>>>                                                         Maybe you
>>> can run two postfix instances that separately handle incoming and
>>> outgoing mail; then place the milter only on the incoming instance?
>>>
>>>  
>> Well, the problem i was trying to solve was this: When a user AUTHs
>> and submits an email to Postfix, sid-milter also checks the user's
>> home address for SPF validity, which of course does not validate (the
>> user's home address is not allowed to submit email for the domain)
>> and causes an SPF fail. sid-milter should have an option to ignore
>> AUTH'd users but it does not. If i could get sid-milter to act only
>> on received mail and not on mail submitted by AUTH'd users the
>> problem would be solved. Two Postfix instances seems like a cannon to
>> kill a fly so to speak.
>>
>> -----------------------------
>> Elaconta.com Webmaster
>> -----------------------------
>>
>
> Have your users submit mail on the "submission" port 587 - after all,
> that's the purpose of it - and disable the milter on that port.
>
>
> something like:
> # master.cf
> ...
> submission   inet  n  -  n  -  -   smtpd
>   -o smtpd_sasl_auth_enable=yes
>   -o smtpd_client_restrictions=
>   -o smtpd_helo_restrictions=
>   -o smtpd_sender_restrictions=reject_plaintext_session
>   -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
>   -o smtpd_data_restrictions=
>   -o smtpd_milters=
>
> season to taste.
>
I found a patch on the sid-milter forum which seems to solve the
problem. I thought the patch was "Sendmail-oriented", but it does seem
to solve the problem in Postfix's milter implementation. I'll keep
monitoring it. If the patch presents any problem, then i'll go with your
solution, which really looks cleaner. Thanks!

-----------------------------
Elaconta.com Webmaster
-----------------------------