On Thu, Nov 17, 2011 at 06:39:29AM -0500, Wietse Venema wrote: > Solar Designer: > > Does this mean you're going to implement it? Sounds great if so. And > > the default action feature, please - I'd use them together. > > ACCEPT in header_checks == turn off header checks for this message.
Right. (And maybe body checks as well, or maybe this contradicts the policy stated below...) > No Postfix table-driven feature has support for unmatched patterns; > No Postfix table-driven "yes/permit/accept" feature overrides other > table-driven features. I suppose adhering to this policy has both pros and cons. What about something like this? - /malware sig with occasional false positives/ DEFERRED_REJECT malware detected /whitelisted sender address/ ACCEPT where DEFERRED_REJECT would alter the default action for the current message and ACCEPT would override that? It'd work as desired (the whitelisting would take priority) regardless of the order in which the two patterns are seen in the headers or body. After the headers and body are fully processed, we'd have the per-message default action set to DEFERRED_REJECT, but it would only be applied if the ACCEPT flag is not set. We would also have DEFERRED_DISCARD, indeed. > If you really want such things then I suggest using a Perl script > with Net::SMTP as a tiny content filter. Yes, this (or something very much like it) is my primary alternative. The reason why I brought this to postfix-users instead of just doing things on the specific system in one way or another was that I felt we could improve Postfix for others as well. Alexander
