On 5/13/2018 11:56 AM, deoren wrote:
On 5/11/2018 2:20 PM, Wietse Venema wrote:
My apologies if I overlooked an answer somewhere, but I checked the docs
and performed a brief search of the archives before asking and didn't
spot the answer.


BCC everything EXCEPT for health check emails generated by our HAProxy

Use a CIDR map:

     smtpd_client_restritions =
    check_client_access cidr:/etc/postfix/client-access.cidr

     # First, a rule that matches healtcheck mail. DUNNO
     # Add a BCC recipient to other email. BCC f...@example.com

This requires Postfix 3.0 or later.


Thank you for the feedback and the solution.

I assume that the performance for this solution is going to be much better than the approach I went with? I'm guessing that this approach will also be much more stable over the long run as well. To continue that thought, this approach also keeps the two specific actions together in a single block which should be easier for anyone reviewing the settings to mentally parse.

I had a few moments to go back and update the setup to use the proposed solution, but stopped part way through. I see that we're matching on the client IP here with an action of DUNNO.

Instead of matching on the IP with check_client_access, could we match on the sender address instead with check_sender_access so that non-health-check mail from the load-balancer will still be subject to the BCC action?

      smtpd_client_restrictions =
        check_sender_access hash:/etc/postfix/sender-access.cf

      # First, a rule that matches health-check mail.
      smtp-health-che...@example.com DUNNO
      # Add a BCC recipient to other email.
      * BCC f...@example.com

For the last entry that BCC's "everything else", is the * character a valid source?

Thanks for your help.

Reply via email to