From: Eddy Beliveau (no email)
Date: Fri May 02 2008 - 15:08:14 EDT
>> Eddy Beliveau wrote:
>>Objet : Re: smtpd_data_restrictions vs header_checks (sequence of
>>execution)
...cut...
>> smtpd_data_restrictions =
>> check_sender_access ldap:ldap_add_header
>> ldap_add_header_query_filter = (mail=%s)
>> ...cut...
>> ldap_add_header_result_attribute = privileges
>> ldap_add_header_result_format = PREPEND X-Sender-Privileges: %s
>> But, I also want to be sure to remove any forged similar header
>> so, I added this rule to my header_checks file:
>> /^X-Sender-Privileges:/ IGNORE
...cut...
>> It seems that "smtpd_data_restrictions" is execute before header_checks
>> step.
"Noel Jones" <> replies:
> Right, smtpd_*_restrictions happen before header/body checks (with the
> exception of smtpd_end_of_data_restrictions which can't add headers).
> ...cut...
> - have the pre-amavis postfix remove forged headers, and the post-amavis
> postfix add your headers. This would require either multiple postfix
> instances, or defining multiple cleanup services in master.cf.
Hi! Noel,
Many thanks for your reply.
Currently, emails received by postfix (port 25) are passed to smtp-amavis
(127.0.0.1:10024)
which passed them back to postfix (127.0.0.1:10025) for final delivery with
lmtp/smtp
Here is a part of my current master.cf said:
smtp inet n - n - - smtpd
-o receive_override_options=no_address_mappings
cleanup unix n - n - 0 cleanup
lmtp unix - - n - - lmtp
smtp unix - - n - - smtp
smtp-amavis unix - - n - 10 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookup=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_data_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o mynetworks_style=host
-o strict_rfc821_envelopes=yes
-o in_flow_delay=0
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
My current header_checks file contains:
/^X-Sender-Privileges:/ IGNORE
I like your multiple cleanup solution.
Do you mean the following:
smtp inet n - n - - smtpd
-o receive_override_options=no_address_mappings
-o cleanup_service_name=pre-cleanup
-o smtpd_data_restrictions=
pre-cleanup unix n - n - 0 cleanup
cleanup unix n - n - 0 cleanup
-o header_checks=
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
## -o smtpd_data_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o mynetworks_style=host
-o strict_rfc821_envelopes=yes
-o in_flow_delay=0
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
Thanks again,
Eddy
|
|
|