Putting all outgoing mail on hold?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Putting all outgoing mail on hold?

Jesper Dybdal-2
Is there a simple way to put all outgoing mail (i.e., everything that
would normally be processed by the default "smtp" instance) into the
HOLD queue?

The reason I would like to do that is that the IP address on which I run
my little server is about to change, and I would like outgoing mail to
be held until I am sure that the new address has a proper reverse DNS
and is not in any problematic DNSBLs.  I could also just block outgoing
port 25 with a firewall rule, but using HOLD will give me better
control: I can then release individual mails if I want to.
--
Jesper Dybdal, Denmark.
http://www.dybdal.dk (in Danish).
Reply | Threaded
Open this post in threaded view
|

Re: Putting all outgoing mail on hold?

Noel Jones-2
On 3/17/2012 9:48 AM, Jesper Dybdal wrote:

> Is there a simple way to put all outgoing mail (i.e., everything that
> would normally be processed by the default "smtp" instance) into the
> HOLD queue?
>
> The reason I would like to do that is that the IP address on which I run
> my little server is about to change, and I would like outgoing mail to
> be held until I am sure that the new address has a proper reverse DNS
> and is not in any problematic DNSBLs.  I could also just block outgoing
> port 25 with a firewall rule, but using HOLD will give me better
> control: I can then release individual mails if I want to.


You can use a check_recipient_access map that puts everything
non-local on hold.

This needs to be the first rule in one of the smtpd_*_restrictions
sections so that all SMTP mail will be subjected to it.  And, as a
guideline, you don't want rules of this sort in
smtpd_recipient_restrictions due to the danger of a typo mistake
making you an open relay.

Note that smtpd restrictions don't apply to mail submitted via the
sendmail(1) command line interface -- such as users with a login
shell, system/cron mail, sometimes webmail.

It would probably be prudent to do the firewall block until you see
where mail is going.

Also note that HOLD is a message-level restriction.  If a message
has both local and non-local recipients, all will be put on HOLD.

# main.cf
smtpd_sender_restrictions =
  check_recipient_access =
      regexp:/etc/postfix/hold_outgoing.regexp

# hold_outgoing.regexp
/example\.com$/  DUNNO  skip my domain
/^/   HOLD  outgoing delivery suspended





  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Putting all outgoing mail on hold?

Wietse Venema
In reply to this post by Jesper Dybdal-2
Jesper Dybdal:
> Is there a simple way to put all outgoing mail (i.e., everything that
> would normally be processed by the default "smtp" instance) into the
> HOLD queue?

# postconf -e 'default_transport = retry:waiting for remote server upgrade'

        Wietse
Reply | Threaded
Open this post in threaded view
|

RE: Putting all outgoing mail on hold?

Vishal Agarwal-2
In reply to this post by Noel Jones-2
Hi,

I have read somewhere that if you put  "/^Received:/ HOLD"  in header
checks; then all the message will be in queue and will be waiting for
delivery. In such case after getting all the message hold, you can use
postsuper -H [-H queue_id (un-hold)] to deliver selected messages.



Thanks/regards,
Vishal Agarwal

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Noel Jones
Sent: Sunday, March 18, 2012 5:13 AM
To: [hidden email]
Subject: Re: Putting all outgoing mail on hold?

On 3/17/2012 9:48 AM, Jesper Dybdal wrote:

> Is there a simple way to put all outgoing mail (i.e., everything that
> would normally be processed by the default "smtp" instance) into the
> HOLD queue?
>
> The reason I would like to do that is that the IP address on which I run
> my little server is about to change, and I would like outgoing mail to
> be held until I am sure that the new address has a proper reverse DNS
> and is not in any problematic DNSBLs.  I could also just block outgoing
> port 25 with a firewall rule, but using HOLD will give me better
> control: I can then release individual mails if I want to.


You can use a check_recipient_access map that puts everything
non-local on hold.

This needs to be the first rule in one of the smtpd_*_restrictions
sections so that all SMTP mail will be subjected to it.  And, as a
guideline, you don't want rules of this sort in
smtpd_recipient_restrictions due to the danger of a typo mistake
making you an open relay.

Note that smtpd restrictions don't apply to mail submitted via the
sendmail(1) command line interface -- such as users with a login
shell, system/cron mail, sometimes webmail.

It would probably be prudent to do the firewall block until you see
where mail is going.

Also note that HOLD is a message-level restriction.  If a message
has both local and non-local recipients, all will be put on HOLD.

# main.cf
smtpd_sender_restrictions =
  check_recipient_access =
      regexp:/etc/postfix/hold_outgoing.regexp

# hold_outgoing.regexp
/example\.com$/  DUNNO  skip my domain
/^/   HOLD  outgoing delivery suspended





  -- Noel Jones

Reply | Threaded
Open this post in threaded view
|

Re: Putting all outgoing mail on hold?

Jesper Dybdal-2
In reply to this post by Jesper Dybdal-2
I wrote:

>Is there a simple way to put all outgoing mail (i.e., everything that
>would normally be processed by the default "smtp" instance) into the
>HOLD queue?

Thanks for the responses.

Considering the disadvantages of using the HOLD state that Noel
describes, I think I'll use Wietse's suggestion.  Though it doesn't
allow releasing individual messages, it is at least a much cleaner way
to do it than blocking with a firewall rule.