Hmmm. O.K. Thanks to both of you. It will take me some time to think this through.
The level of indirection between main.cf and master.cf sure adds flexibility. But, as someone who doesn't work in postfix every day or even every week, it also leaves my head spinning. ;-) Thanks again. Michael > -----Original Message----- > From: owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] On Behalf Of Wietse Venema > Sent: Wednesday, September 10, 2014 6:54 AM > To: Postfix users > Subject: Re: Restricting relay of attachments > > On 9/10/2014 1:24 AM, Michael Fox wrote: > > I'd like to restrict/deny (5xx permanent error) incoming messages > > from the Internet to client.domain2.com if they contain > > attachments. But no such restriction should be applied to other > > clients or to users on relay.domain1.com. > > Noel Jones: > > Header_checks and/or restriction classes are the wrong tool for > > this. You'll need some external > > milter/content_filter/smtpd_proxy_filter with per-destination controls. > > Correct. However, if you have separate mail streams for mail clients > (TCP port submission/587 or smtps/465) and for MX service (TCP port > 25), then you can apply different policies to each stream. > > /etc/postfix/main.cf: > mua_cleanup_service = mua_cleanup > mua_header_checks = ... > mua_body_checks = ... > > /etc/postfix/master.cf: > smtp inet n - n - - smtpd > mua_cleanup unix n - n - 0 cleanup > -o header_checks=mua_header_checks > -o body_checks=mua_body_checks > submission inet n - n - - smtpd > -o cleanup_service=$mua_cleanup_service > -o syslog_name=postfix/submission > ...[see sample master.cf file for more]... > smtps inet n - n - - smtpd > -o cleanup_service=$mua_cleanup_service > -o syslog_name=postfix/smtps > -o smtpd_tls_wrappermode=yes > ...[see sample master.cf file for more]... > > By keeping the "mua_xxx" parameter settings in main.cf, configuration > is not as ugly as it would be with settings in master.cf. > > Wietse
