Differences

This shows you the differences between two versions of the page.

--- postfix:advance [2006/08/03 22:21]
greebo
+++ postfix:advance [2009/05/25 00:35] (current)
@@ Line 1: / Line 1: @@
 ====== Postfix advance lavel ======
-//see also article:// **[[postfix|Postfix]]**, **[[postfix:mx|Postifx as MX server]]**
+//see also article://  **[[postfix|Postfix]]**, **[[postfix:mx|Postifx as MX server]]**
 ===== Getting rid off spam/virus mails =====
@@ Line 8: / Line 8: @@
    * http://projects.puremagic.com/greylisting/
+===== Different Postfix Access Policy Delegation =====
+How to use different [[http://www.postfix.org/SMTPD_POLICY_README.html|Access Policy Delegation]] with postfix. This it opens the possibility to use diffrent [[http://www.postfix.org/SMTPD_POLICY_README.html|check_policy_service]] in dependency on sender address, client ip … and so on.
+Create aliases for groups of access restrictions in ''/etc/postfix/main.cf'':
+    smtpd_restriction_classes = policy1,
+                                policy2,
+    policy1 = check_policy_service inet:127.0.0.1:12525
+    policy2 = check_policy_service inet:127.0.0.1:12526
+Create “''/etc/postfix/ip_rules.cidr''”:
+   # echo “127.0.0.1 policy1″ > /etc/postfix/ip_rules.cidr
+   # echo “127.0.0.2 policy1″ >> /etc/postfix/ip_rules.cidr
+   # echo “0.0.0.0/0 policy2″ >> /etc/postfix/ip_rules.cidr
+Add “''check_client_access cidr:/etc/postfix/ip_rules.cidr''” at the end of “''smtpd_recipient_restrictions''” in ''/etc/postfix/main.cf''
+In this scenario you can have different access policies based on the client ip. It is also possible to base it on client reverse dns with help of pcre maps and recipient/sender address and hash maps
+===== Address verification =====
+   * **''address_verify_positive_expire_time''** (31d) - The time after which a successful probe expires from the address verification cache.
+   * **''address_verify_positive_refresh_time''** (7d) - The time after which a successful address verification probe needs to be refreshed.
+   * **''address_verify_negative_cache''** (yes) - Enable caching of failed address verification probe results.
+   * **''address_verify_negative_expire_time''** (3d) - The time after which a failed probe expires from the address verification cache.
+   * **''address_verify_negative_refresh_time''** (3h) - The time after which a failed address verification probe needs to be refreshed.
 ==== MySQL Proxy ====
@@ Line 70: / Line 98: @@
 If you haven't set it up, try this:
-  (postfix: master.cf  you can set up different ip addresses, aliases, and send 'local' email to one of them:
+   (postfix: master.cf  you can set up different ip addresses, aliases, and send 'local' email to one of them:
 In this case, the default is to filter.
 But, if coming in through 127.0.0.1 (already filtered, amavis->postfix and back) no filter.
-smtp      inet  n       -       n       -       -       smtpd   -o content_filter=dfilt:
+   smtp      inet  n       -       n       -       -       smtpd   -o content_filter=dfilt:
 .0.0.1:smtp inet n   -       n       -       -       smtpd
-dfilt     unix    -       n       n       -       -       pipe flags=Rq user=filter
+   dfilt     unix    -       n       n       -       -       pipe flags=Rq user=filter
-  argv=/usr/local/etc/postfix/disclaimer -f ${sender} -- ${recipient}
+     argv=/usr/local/etc/postfix/disclaimer -f ${sender} -- ${recipient}
----/usr/local/etc/postfix/disclaimer is:
+''/usr/local/etc/postfix/disclaimer is:''
+----
+<html>
+<pre>
   # Localize these.
   INSPECT_DIR=/var/spool/filter
@@ Line 107: / Line 138: @@
   exit $?
+</pre>
+</html>
+----
-//TODO//