Am 08.08.2014 um 16:19 schrieb Noel Jones: > On 8/8/2014 8:56 AM, li...@rhsoft.net wrote: >> Am 08.08.2014 um 13:18 schrieb Noel Jones: >>> On 8/8/2014 4:58 AM, li...@rhsoft.net wrote: >>>> dreamed about like below but dreams don't always become true :-) >>>> >>>> smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket >>>> permit_dnswl_client list.dnswl.org >>>> check_sender_access >>>> proxy:hash:/etc/postfix/disable-sender-contentfilter.cf >>>> check_recipient_access >>>> proxy:hash:/etc/postfix/disable-rcpt-contentfilter.cf >>>> unix:/run/spamass-milter/spamass-milter.sock >>> >>> It is not possible for postfix to do conditional milters because >>> postfix must connect to the milter at the beginning of the SMTP >>> session, before any client/sender/recipient information is known. >>> But some milters have their own settings per client/sender/recipient >> >> hmm - that would mean that even the cheap restrictions below >> would not make a reject decision *before* the expensive >> contentfilter and clamav are called? >> >> reject_non_fqdn_recipient >> reject_non_fqdn_sender >> reject_unknown_sender_domain >> reject_unknown_recipient_domain >> reject_unauth_destination >> reject_invalid_hostname >> > Of course not. Envelope restrictions will drop the connection > before DATA
well, but the same way "permit_dnswl_client list.dnswl.org" could happen before the milter/session and skip it for that smtp session so one could setup "dnswl-milter1.domain.tld", "dnswl-milter2.domain.tld" and feed the inhouse whitlist servers with specific data smtpd_milters = permit_dnswl_client dnswl-milter-av.domain.tld unix:/run/clamav-milter/clamav-milter.socket permit_dnswl_client dnswl-milter-contentfilter.domain.tld unix:/run/spamass-milter/spamass-milter.sock
