Giovani,
> I'm trying to create a filter for a customer who doesn't want he's
> employees to send any type of attachment, but wants them to be able to
> receive some. I know that the best way to do this is to create policies,
> and it does work
Sorry for delay, see my today's reply (2009-05-27) to your other post:
"blocking outgoing but allowing incoming extensions"
> except for the fact that I can't seem to find a way to tell postfix
> to apply a filter based on each recipient of the message.
A policy bank can't be applied on a per-recipient basis,
it affects a message as a whole. You need per-recipient *_maps.
> So, if the user send's an e-mail to us...@example.com (internal account
> allowing some extensions) and to u...@example2.com (external account,
> should block all extensions), postfix will match the filter to the
> internal account and deliver it to amavisd on a policy that will allow
> the attachment to go through to the external account. So I thought of
> using banned_filename_maps on the default policy, like this:
>
> @banned_filename_maps = (
> { 'us...@example.com' => 'ALLOWATTACHMENT',
> 'us...@example.com' => 'ALLOWATTACHMENT',
> '@example.com' => 'MYNETS-DEFAULT',
> '.' => 'BLOCKALL',
> },
> );
Yes, that is a correct approach.
> What I found is that mail sent to us...@example.com matches
> 'us...@example.com', '@example.com' and '.', the latest blocking all
> extensions, causing the mail to be blocked, even if previously allowed
> by the map defined by 'us...@example.com' => 'ALLOWATTACHMENT'. So, my
> question is, why does it keep looking for matches even after it has
> already found one? And why does the '.' match overrides the previous
> one, much more specific?
This is a detail I forgot in my other post. You are right, the search
goes on until it matches some rule. The solution is to add an
explicit catchall rule to your ALLOWATTACHMENT ruleset, or use
PASSALL or BLOCKALL as appropriate in the lists, something like:
%banned_rules = (
'PASSALL' => new_RE( [qr'^' => 0] ),
'ALLOWATTACHMENT' => ...,
'DEFAULT' => $banned_filename_re,
);
@banned_filename_maps = (
{ 'us...@example.com' => 'ALLOWATTACHMENT,MYNETS-DEFAULT,BLOCKALL',
'us...@example.com' => 'ALLOWATTACHMENT,MYNETS-DEFAULT,BLOCKALL',
'@example.com' => 'MYNETS-DEFAULT,PASSALL',
'.' => 'BLOCKALL',
},
);
(i'm not sure the above lists of rule names match your needs,
adjust as appropriate; perhaps defining a BLOCKATTACHMENT might
be cleaner)
Mark
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
