Yes, I do realize the more added to postscreen, the slower it gets, etc. However, one function that would seem to fit perfectly if it's not too slow would be spf and dkim checks. SPF we are doing via a milter, and, seems to be fast. Yes, it's DNS records, but, postscreen already does much worse with dnsrbls. Not sure about dkim efficiency. And the same whitelist rules apply once a given sender passes the test, added to temp whitelist and no need to do it the next time.
However, it is good practice to reject mail that fails spf or dkim tests, since theoretically it is forged. And if it isn't then, the sender will be made aware that they have an error in their setup. It would be better to reject these before they ever get to the smtp server, would it not? Seems like this would be a function, if fast enough, that would fit the intended use of postscreen. However, this may not be easy to do either since I am sure you don't want to add milter or content screening capability to postscreen, that would surely slow it down. Perhaps one can use the libraries, not sure. Nevertheless, I hope someone considers this possibility for future postfix versions. Steve
