On 9/10/2014 1:24 AM, Michael Fox wrote: > Sorry if this is a bit simple, but I can’t seem to figure out how > the components fit together. > > > > Given the following: > > 1) MX/Relay machine running postfix: relay.domain1.com > > 2) Client machine: client.domain2.com > > > > I’d like to restrict/deny (5xx permanent error) incoming messages > from the Internet to client.domain2.com if they contain > attachments. But no such restriction should be applied to other > clients or to users on relay.domain1.com. > > > > I presume this would be done with some type of header check plus > some type of restriction class. If that’s true, then I need some > help with both. If I don’t even have that right, I’ll need a some > more help. ;-) >
Header_checks and/or restriction classes are the wrong tool for this. You'll need some external milter/content_filter/smtpd_proxy_filter with per-destination controls. - header_checks examine one header at a time, so you can't combine destination + attachment tests. - restriction classes (and other smtpd restrictions) deal with envelope information and cannot determine if an attachment is present.