On 6/5/2015 1:29 PM, Daniel Miller wrote: > June 4 2015 4:29 PM, wie...@porcupine.org wrote: >> Daniel Miller: >> >>> Is there a way for a policy server to validate senders using >>> Postfix's built-in authentication (like meeting permit_mynetworks >>> and permit_sasl_authenticated)? ?Or must the necessary checks be >>> duplicated? >> >> Let Postfix do the permit_mynetworks, permit_sasl_authenticated etc. >> valudation before invoking hte policy service: >> >> smtpd_xxx_restrictions = >> permit_mynetworks, >> permit_sasl_authenticated, >> reject_unauth_destination >> check_policy_service protocol:endpoint >> ... >> >> Wietse > > But doesn't the "permit_xxx" halt processing? My fault for not being > specific - I want to invoke the policy service for doing header checks, or > rather header removal, but only call the policy service after the other > validation checks have been passed. > > -- > Daniel >
not sure how you intend to remove headers with a policy service... Anyway, you can use a check_sasl_access table to detect sasl authenticated users, but there is no equivalent test for mynetworks; that will need to be duplicated with a check_client_access table. http://www.postfix.org/postconf.5.html#check_sasl_access Alternately, you can do those tests in your policy service with the information provided by the policy protocol. If the mail doesn't qualify for processing, just answer DUNNO. -- Noel Jones
