Jurek, > > Passing just a policy name over the protocol is less work > > and no additional configuration parameters for me, > > and more for Petr. And vice versa. Mark > > I'm very interested in this solution. > I've been testing new beta version of amavisd-milter by Petr Rehor > amavisd-milter-1.2.1-beta3.tar.gz > This version added new feature: > Added info about user authentication to synthesized received header. > Format of synthesized received header is now: > Received: from <hello> (<rdns> [<ip>]) (authenticated bits=<bits>) > by <hostname> (<rdns> [<ip>]) > with <protocol> (authenticated as <user>) id <qid>; > <date> > (envelope-from <sender>)
> Is it possible to use information included in Received from as a condition > to policy_bank.? It would be possible to extract this information from the header, but would involve parsing it and adding some controls to enable the feature, to tell which Received header fields are trustworthy (the topmost one with amavisd-milter, but right after that someone will say, why not my Received from the outmost trusted MTA...), and to tell how this information should influence policy bank switching. >From my side it would be far simpler to just receive a policy name over AM.PDP protocol, and let amavisd-milter do all the magic with combining authentication, encryption, mynetworks, etc. information into a policy bank name (or list of names). The main idea is to get an attribute like: policy_bank=ORIGINATING whenever mail is coming from internal networks or from an authenticated user. Alternatively, policy_bank=AUTHENTICATED could just tell one aspect, and let amavisd combine it with MYNETS policy bank, to achieve the same effect, i.e. treating internal senders the same as authenticated roaming users. Perhaps a list of policy bank names should be allowed, which could be used like: policy_bank=MYNETS,TLS,AUTH or policy_bank=TLS,ORIGINATING or whatever. The semantics of policy banks is entirely in hands of administrator (amavisd.conf) and amavisd-milter. Amavisd would not need to be aware of policy banks semantics, so no changes to code would be necessary. Mark ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
