On Sun, Oct 15, 2023 at 11:40:57AM -0400, Viktor Dukhovni via Postfix-users wrote:
> > This is rather straightforward with access(5) rules: > > > > smtpd_restriction_classes = reject_unfiltered > > > > # Allow the filtering service IPv4/IPv6 CIDR blocks and reject > > # everything else. > > reject_unfiltered = > > check_client_access cidr:{ > > {192.0.2.0/24 permit_auth_destination}, > > {2001:db8:feed:cafe::/64 permit_auth_destination}, > > {0.0.0.0/0 REJECT 5.7.1 MX bypass attempt}, > > {::/0 REJECT 5.7.1 MX bypass attempt} > > } > > > > # If large enough, or changes more than rarely, use an access(5) > > # table ("cdb", "hash", ...) instead. Assumes smtpd_delay_reject > > # is not changed from "yes" default. > > # > > smtpd_client_restrictions = > > check_recipient_access inline:{ > > {filtered1.example = reject_unfiltered}, > > {filtered2.example = reject_unfiltered} > > } > > OK, in this example, where would I specify which domains must go through the > spam filter? Replace the names "filter1.example", "filter2.example", ... with the names of the domains that are accepted only from the filter services. > These domains MUST go through the spam filter: domain1.com domain2.net smtpd_client_restrictions = check_recipient_access inline:{ {domain1.com = reject_unfiltered}, {domain2.net = reject_unfiltered} } > These can be delivered directly WITHOUT going through the spam filters: > bypass1.com bypass2.net They don't need to be specifically mentioned. > Would this be put into a hash table or in place of the > filtered1.example in your config? Whether to use a hash table for the recipient access checks, or not, is up to you. main.cf: indexed = ${default_database_type}:${config_directory}/ smtpd_client_restrictions = check_recipient_access ${indexed}filtered filtered: domain1.com reject_unfiltered domain2.net reject_unfiltered The client access lookup could also be configured in a separate file, but not a "postmapped" indexed table, "cidr" tables stay in source form. main.cf: reject_unfiltered = check_client_access cidr:reject_unfiltered.cidr reject_unfiltered.cidr: 192.0.2.0/24 permit_auth_destination 2001:db8:feed:cafe::/64 permit_auth_destination 0.0.0.0/0 REJECT 5.7.1 MX bypass attempt ::/0 REJECT 5.7.1 MX bypass attempt -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org