Re: policy banks question

--On Friday, April 15, 2011 1:45 AM +0200 Mark Martinec
<Mark.Martinec+amavis@ijs.si> wrote:

> The magic is not in a regex (which matches everything which
> reaches it), but in the order of rules in smtpd_sender_restrictions.
> Remember that a FILTER in a matching access map just makes its
> argument overlay the content_filter setting. The last FILTER
> triggering has the final say (i.e. wins).
>
> So the tag_as_originating.re places amavisfeed:[127.0.0.1]:10026
> into a content_filter for everybody first.
>
> Then smtpd_sender_restrictions proceeds to permit_mynetworks,
> permit_sasl_authenticated and permit_tls_clientcerts. If any
> of these three rules match, the search stops here and the
> amavisfeed:[127.0.0.1]:10026 remains in content_filter.
>
> If, however, none of the tree rules identifying local nets
> or autheticated roaming users match, then the search reaches
> the 'check_sender_access regexp:/etc/postfix/tag_as_foreign.re',
> which overlays its cargo into a content_filter, which ends up
> being amavisfeed:[127.0.0.1]:10024. This happens for any
> inbound or nonauthenticated client - which is exactly what we
> need (assuming amavisd has a policy bank with originating=>1
> hanging on a TCP port 10026.

Thanks, that is a great explanation. :)

Regards,
Quanah

-- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

• This message: [ Message body ]
• Next message: Mark Martinec: "Re: setting amavisd on new server Q"
• Previous message: Mark Martinec: "Re: spam_tag3_level in SQL maps"
• In reply to: Mark Martinec: "Re: policy banks question"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]