On 9/10/2014 1:24 AM, Michael Fox wrote:
> I'd like to restrict/deny (5xx permanent error) incoming messages
> from the Internet to client.domain2.com if they contain
> attachments. But no such restriction should be applied to other
> clients or to users on relay.domain1.com.
Noel Jones:
> Header_checks and/or restriction classes are the wrong tool for
> this. You'll need some external
> milter/content_filter/smtpd_proxy_filter with per-destination controls.
Correct. However, if you have separate mail streams for mail clients
(TCP port submission/587 or smtps/465) and for MX service (TCP port
25), then you can apply different policies to each stream.
/etc/postfix/main.cf:
mua_cleanup_service = mua_cleanup
mua_header_checks = ...
mua_body_checks = ...
/etc/postfix/master.cf:
smtp inet n - n - - smtpd
mua_cleanup unix n - n - 0 cleanup
-o header_checks=mua_header_checks
-o body_checks=mua_body_checks
submission inet n - n - - smtpd
-o cleanup_service=$mua_cleanup_service
-o syslog_name=postfix/submission
...[see sample master.cf file for more]...
smtps inet n - n - - smtpd
-o cleanup_service=$mua_cleanup_service
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
...[see sample master.cf file for more]...
By keeping the "mua_xxx" parameter settings in main.cf, configuration
is not as ugly as it would be with settings in master.cf.
Wietse
