Multiple tables for check_sender_access

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Multiple tables for check_sender_access

azurIt
Hi,

is it possible to specify multiple tables for check_sender_access used  
in smtpd_sender_restrictions? Few examples i tried (none worked):

smtpd_sender_restrictions =
   reject_non_fqdn_sender
   check_sasl_access hash:/etc/postfix/sasl_access  
hash:/etc/postfix/sasl_access_2
   reject_sender_login_mismatch



smtpd_sender_restrictions =
   reject_non_fqdn_sender
   check_sasl_access  
hash:/etc/postfix/sasl_access,hash:/etc/postfix/sasl_access_2
   reject_sender_login_mismatch



smtpd_sender_restrictions =
   reject_non_fqdn_sender
   check_sasl_access hash:/etc/postfix/sasl_access
   check_sasl_access hash:/etc/postfix/sasl_access_2
   reject_sender_login_mismatch




Use case: One table is used for hand editing, one is generated by script.

Thanks.

azur

Reply | Threaded
Open this post in threaded view
|

Re: Multiple tables for check_sender_access

Wietse Venema
[hidden email]:

> Hi,
>
> is it possible to specify multiple tables for check_sender_access used  
> in smtpd_sender_restrictions? Few examples i tried (none worked):
>
> smtpd_sender_restrictions =
>    reject_non_fqdn_sender
>    check_sasl_access hash:/etc/postfix/sasl_access  
> hash:/etc/postfix/sasl_access_2
>    reject_sender_login_mismatch

smtpd_sender_restrictions =
    reject_non_fqdn_sender
    check_sasl_access hash:/etc/postfix/sasl_access
    check_sasl_access hash:/etc/postfix/sasl_access_2
    reject_sender_login_mismatch

And so on.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Multiple tables for check_sender_access

Viktor Dukhovni
In reply to this post by azurIt
On Sat, Jan 11, 2020 at 10:25:42AM +0100, [hidden email] wrote:

> is it possible to specify multiple tables for check_sender_access used  
> in smtpd_sender_restrictions? Few examples i tried (none worked):
>
> smtpd_sender_restrictions =
>    reject_non_fqdn_sender
>    check_sasl_access hash:/etc/postfix/sasl_access hash:/etc/postfix/sasl_access_2
>    reject_sender_login_mismatch
> [...]
>
> Use case: One table is used for hand editing, one is generated by script.

You can use a Makefile to combine the two files into a third file, which
becomes the map source, and then "postmap" that and use a single lookup
table.

Postfix has "pipemap" for chained lookups and "unionmap" for returning multiple
results, but no explicit "stackmap" for returning a result from the first table
in a list that has a matching key, because many lookup features implicitly
support that via parameters named "..._maps".  An explicit "stackmap" feature
could be implemented, but it is not clear it would be particularly useful.

As Wietse noted, with access(5) you can mostly get the same effect by
specifying two checks one in each table, except that when a DUNNO answer is
found in the first table, the second table is still checked, (OK and REJECT are
final).

If you consolidate the tables into one, you avoid a second lookup (when neither
match) and the memory cost of having a second table.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Multiple tables for check_sender_access

@lbutlr
In reply to this post by azurIt
On 11 Jan 2020, at 02:25, [hidden email] wrote:
> smtpd_sender_restrictions =
>  reject_non_fqdn_sender
>  check_sasl_access hash:/etc/postfix/sasl_access
>  check_sasl_access hash:/etc/postfix/sasl_access_2
>  reject_sender_login_mismatch

That should work just fine.

What errors did you get?



--
It's better to burn out than it is to rust -- Neil Young as quoted be
        Kurt Cobain

Reply | Threaded
Open this post in threaded view
|

Re: Multiple tables for check_sender_access

azurIt
>> smtpd_sender_restrictions =
>>  reject_non_fqdn_sender
>>  check_sasl_access hash:/etc/postfix/sasl_access
>>  check_sasl_access hash:/etc/postfix/sasl_access_2
>>  reject_sender_login_mismatch
>
> That should work just fine.
>
> What errors did you get?



Sorry, i probably did something wrong while testing, this one is  
working. Thanks to Wietse and you.

azur