I have now successfully implemented the smtpd policy using class's to setup
the following (half explained using config structure, half with english
logic).
Basically I only load the policy script *IF* it was detected as a subscriber
network, giving me a chance to exempt if SPF "pass". If/when SPF is more
widely adopted and if/when I have better hardware I will move to support
SPF/reject, but for now I'm just taking advantage of the pass option to get
around my filters that tend to have FPs
My subscriber filters only match around 30k vs the 140k+ I pass, so only
loading the policy for subscriber's is much less of a burden on my system.
** THANKS LEN **.. For posting the .class examples once upon a time. Having
the unkn_ptr_and_unkn_helo.class example was VERY VERY helpful in making
this work!
smtpd_recipient_restrictions =
my standard restrictions..
..
if PTR = subscriber ptr then switch to subscriber.class
if no-PTR then switch to ptr-less.class
if ..(other stuff) then switch to (other).class
all switch to finalize.class
finalize.class =
common things I wanted to finish up with without rewriting several times...
reject_unverified_sender,
4tuple,
permit
subscriber.class =
load smtpd policy (perl script)
if source IP is in MX then DUNNO
OR if "spf PASS" (designated other hosts than MX) then DUNNO
ALL ELSE REJECT subscriber_network PTR = revdns
if dunnno'd then switch to finalize.class
I can post another step by step if anyone else wants to override subscriber
or anything else when coming from MX/SPF designated host. Not going to take
the time if I'm the only one though :)
-Tom
-----Original Message-----
From: Bill Landry [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 17, 2003 1:42 PM
To: [EMAIL PROTECTED]
Subject: [IMGate] Re: SPF
Thanks Tom, I have been looking at testing SPF, and I sure this will help a
lot!
Bill
