On 26 October 2011 10:27, Scott Kitterman <post...@kitterman.com> wrote:
> On 10/26/2011 10:17 AM, Simon Brereton wrote:
> ...
>>
>> So my obvious question to the list is - Can I get amavis to explicity
>> add a header with the SPF validity, and if not, can I do this with
>> policyd? And if not, and I must install postfix-policyd-spf-python
>> or postfix-policyd-spf-perl which do you recommend and why?
>
> There is an amavis user list that you should consult for amavis support.
True - but most people use it. Googling didn't help, so it's unlikely
that it can do it - still worth asking the wise people here though.
> postfix-policyd-spf-perl is very simple and is, IMO, not suitable for
> anything other than hobby installs. postfix-policyd-spf-python is well
> documented, supports a wide variety of configurations for different uses and
> is much more complete.
>
> I'm the last one to do any work on the Perl implementation and the developer
> of the Python implementation. Unless you are severely allergic to Python
> and prepared to read/modify Perl source, I'd use the Python one. It is
> available as a distribution package in many distros.
Thanks for the advice. Curiously for a "hobby installs" package it
has more howtos and documentation on Google. I'm not adverse to
python, but I'd still like reassurance that two policy filters is the
way to go.. For my edification, where would you put it in my
restrictions?
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient,
permit_sasl_authenticated,
reject_sender_login_mismatch,
check_helo_access hash:/etc/postfix/helo_checks,
check_sender_access hash:/etc/postfix/ip_whitelist,
check_recipient_access hash:/etc/postfix/laxdomains,
check_sender_access hash:/etc/postfix/backscatter
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre
permit_mynetworks,
check_policy_service inet:127.0.0.1:10031,
reject_unlisted_recipient,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client blackholes.mail-abuse.org,
reject_rbl_client tw.countries.nerd.dk,
reject_rbl_client kr.countries.nerd.dk,
reject_rbl_client cn.countries.nerd.dk,
reject_rbl_client relays.mail-abuse.org,
reject_rhsbl_sender dsn.rfc-ignorant.org,
warn_if_reject,
reject_unknown_client,
warn_if_reject,
reject_rhsbl_client dsn.rfc-ignorant.org,
warn_if_reject,
reject_rbl_client dnsbl.sorbs.net,
warn_if_reject,
reject_rbl_client dnsbl.njabl.org,
warn_if_reject,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
Simon
