On Fri, 12 Aug 2022, Wietse Venema wrote: > Jaroslaw Rafa: > > Dnia 12.08.2022 o godz. 10:09:08 Wietse Venema pisze: > > > > By the way: does anybody know of a tool ready to use with Postfix, that > > > > does exactly this and only this, ie. allows to define sender/recipient > > > > pairs > > > > that are (with "default deny") or aren't (with "default allow") allowed > > > > to > > > > send mail to each other? > > > > > > Long ago Jozsef Kadlecsik wrote code that concatenated a sender and > > > recipient address, and that used the result as an access table > > > lookup key. It was part of a collection of patches some of which > > > have been adopted. > > > > > > https://www.kfki.hu/~kadlec/sw/postfix_patch.html > > > > I understand it's the "check_access" restriction mentioned in the page you > > linked? But it is not included in standard Postfix release? > > Some of the adopted features needed significant work to make them > robust, such as cidr maps and ${name?iftue,iffalse}. > > Concatenating addresses is tricky, and it became a low priority given > the availability of "pen pal" support in content filters.
That was the reason why the functionality of the patches was then implemented in a policy daemon. However it doesn't do just this, but many more: - global allow/deny lists based on client name, IP address/netblock, HELO/EHLO name, sender address, recipient address or patterns - individual per user (recipient) allow/deny lists of sender addresses or patterns - auto update of per user allow list when authenticated user sends an email - honeypot and geoip support - arbitraty AND/OR combination of all possible filtering condition - automatically blocking our senders if they exceed different limits like too many so far unseen new recipients or too many so far unseen submission client addresses in a given time window - spamassassin integration of per user allow/deny lists - ... The whole package (including the policy daemon, web interface for the users, admin cli interface, maintenance scripts) was public and could be published again. However it would need some time to recreate the package: installation and configuration instructions, embedded manuals need updating, site speficic settings should be stripped from the config file, etc. The whole thing was written in Perl :-). If you really interested, I could do it after my holiday. Best regards, Jozsef - E-mail : kad...@blackhole.kfki.hu, kadlecsik.joz...@wigner.hu PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics H-1525 Budapest 114, POB. 49, Hungary
