[Postfixbuch-users] Frage zu restriction_classes

Christian Roessner christian at roessner-net.com
Mi Aug 27 13:59:59 CEST 2008 

So,

hier Folgendes:

In main.cf:

smtpd_restriction_classes       = greylist, sample
...
sample                          = pcre:/etc/postfix/maps/sample.pcre

smtpd_recipient_restrictions =
	...
        reject_unauth_destination
        check_recipient_access pcre:/etc/postfix/maps/rest_class.pcre
	...
	check_client_access pcre:/etc/postfix/maps/greylist.pcre


In /etc/postfix/maps/rest_class.pcre:

/^/     sample

In /etc/postfix/maps/sample.pcre:

/^/     PREPEND X-Sample-Test: War hier und geht weiter

Restart von Postfix: Test von Google:

Aug 27 13:50:29 srv1 postfix/master[8313]: daemon started -- version
2.5.1, configuration /etc/postfix
Aug 27 13:51:14 srv1 postfix/smtpd[8332]: connect from
yx-out-2324.google.com[74.125.44.30]
Aug 27 13:51:15 srv1 postfix/policyd-weight[5825]: weighted check:
NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5
CL_IP_EQ_HELO_IP=-2 (check from: .googlemail. - helo:
.yx-out-2324.google. - helo-domain: .google.)
FROM/MX_MATCHES_HELO(DOMAIN)=-2; <client=74.125.44.30>
<helo=yx-out-2324.google.com> <from=chrroessner at googlemail.com>
<to=christian at roessner-net.com>; rate: -8.5
Aug 27 13:51:15 srv1 postfix/policyd-weight[5825]: decided
action=PREPEND X-policyd-weight:  NOT_IN_SBL_XBL_SPAMHAUS=-1.5
NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check
from: .googlemail. - helo: .yx-out-2324.google. - helo-domain: .google.)
 FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -8.5; <client=74.125.44.30>
<helo=yx-out-2324.google.com> <from=chrroessner at googlemail.com>
<to=christian at roessner-net.com>; delay: 1s
Aug 27 13:51:16 srv1 postgrey: action=pass, reason=client whitelist,
client_name=yx-out-2324.google.com, client_address=74.125.44.30,
sender=chrroessner at googlemail.com, recipient=christian at roessner-net.com
Aug 27 13:51:16 srv1 postfix/smtpd[8332]: NOQUEUE:
client=yx-out-2324.google.com[74.125.44.30]
Aug 27 13:51:18 srv1 postfix/smtpd[8341]: connect from localhost[127.0.0.1]
Aug 27 13:51:18 srv1 postfix/smtpd[8341]: 3955B52578:
client=localhost[127.0.0.1]
Aug 27 13:51:18 srv1 postfix/cleanup[8342]: 3955B52578:
message-id=<b4eb38230808270451g1f7c9a47i2a3ceb2e1ae9a278 at mail.gmail.com>
Aug 27 13:51:18 srv1 postfix/qmgr[8317]: 3955B52578:
from=<chrroessner at googlemail.com>, size=3042, nrcpt=1 (queue active)
Aug 27 13:51:18 srv1 amavis[7538]: (07538-02) Passed CLEAN,
[74.125.44.30] [74.125.44.30] <chrroessner at googlemail.com> ->
<christian at roessner-net.com>, Message-ID:
<b4eb38230808270451g1f7c9a47i2a3ceb2e1ae9a278 at mail.gmail.com>, mail_id:
sdO0nbSbf4-i, Hits: -2.657, size: 2414, queued_as: 3955B52578, 2220 ms
Aug 27 13:51:18 srv1 postfix/smtpd[8341]: disconnect from
localhost[127.0.0.1]
Aug 27 13:51:18 srv1 deliver(christian at roessner-net.com):
msgid=<b4eb38230808270451g1f7c9a47i2a3ceb2e1ae9a278 at mail.gmail.com>:
saved mail to INBOX

Mailheader:

Return-Path: <chrroessner at googlemail.com>
Delivered-To: christian at roessner-net.com
Received: from localhost (localhost [127.0.0.1])
	by srv1.domu1.roessner-net.de (Postfix) with ESMTP id 3955B52578
	for <christian at roessner-net.com>; Wed, 27 Aug 2008 13:51:18 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at srv1.domu1.roessner-net.de
X-Spam-Flag: NO
X-Spam-Status: No, score=-2.657 required=3.6 tests=[AWL=0.242,
	BAYES_00=-2.599, DKIM_VERIFIED=-0.3]
Received: from srv1.domu1.roessner-net.de ([127.0.0.1])
	by localhost (amavis.internal.roessner-net.de [127.0.0.1])
(amavisd-new, port 10024)
	with ESMTP id sdO0nbSbf4-i for <christian at roessner-net.com>;
	Wed, 27 Aug 2008 13:51:16 +0200 (CEST)
X-Sample-Test: War hier und geht weiter
X-policyd-weight:  NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .googlemail. -
helo: .yx-out-2324.google. - helo-domain: .google.)
FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -8.5
Received: from yx-out-2324.google.com (yx-out-2324.google.com
[74.125.44.30])
	by srv1.domu1.roessner-net.de (Postfix) with ESMTP
	for <christian at roessner-net.com>; Wed, 27 Aug 2008 13:51:14 +0200 (CEST)
Received: by yx-out-2324.google.com with SMTP id 8so1540959yxg.43
        for <christian at roessner-net.com>; Wed, 27 Aug 2008 04:51:14
-0700 (PDT)
...

Postgrey _wurde_ also angesprungen, obwohl es _nach_ einer
Restriction-Class kam.

Denke, das wurde jetzt ausreichend bewiesen, dass nach den
Restriction-Classes bei DUNNO "normal" weiter verfahren wird.

So, habe jetzt Hunger.

Gruß
Christian

Christian Roessner schrieb:
> Nochmal Hallo,
> 
>> Hier der Beweis, dass zurück gesprungen wird! :-)
>>
>> Oder wie oder wat, oder warum?
> 
> lese gerade den C-Sourcecode.
> 
> smtpd_check.d
> 
> In main():
> 
> 5066     /*
> 5067      * Main loop: update config parameters or test the client,
> helo, sender
> 5068      * and recipient restrictions.
> 5069      */
> 5070     while (vstring_fgets_nonl(buf, VSTREAM_IN) != 0) {
> ...
> 5135         case 2:
> ...
> 5223             if (strcasecmp(args->argv[0], "restriction_class") == 0) {
> 5224                 rest_class(args->argv[1]);
> 5225                 resp = 0;
> 5226                 break;
> 5227             }
> 
> Die Funktion rest_class(char *class)
> 
> 4907 static void rest_class(char *class)
> 4908 {
> 4909     char   *cp = class;
> 4910     char   *name;
> 4911     HTABLE_INFO *entry;
> 4912
> 4913     if (smtpd_rest_classes == 0)
> 4914         smtpd_rest_classes = htable_create(1);
> 4915
> 4916     if ((name = mystrtok(&cp, RESTRICTION_SEPARATORS)) == 0)
> 4917         msg_panic("rest_class: null class name");
> 4918     if ((entry = htable_locate(smtpd_rest_classes, name)) != 0)
> 4919         argv_free((ARGV *) entry->value);
> 4920     else
> 4921         entry = htable_enter(smtpd_rest_classes, name, (char *) 0);
> 4922     entry->value = (char *)
> smtpd_check_parse(SMTPD_CHECK_PARSE_ALL, cp);
> 4923 }
> 
> Wird also sozusagen einfach als Makro geparst und in die Restricions
> unter smtpd_recipient_restrictions eingebaut.
> 
> Zumindest glaube ich das nach dem Code :-)
> 
> Gruß
> Christian
> 
> 

-- 
Roessner Network Solutions (R.N.S.)
Licher Str. 19a, 35394 Gießen
Telefon: +49 641 5879091, Mobil: +49 171 3611230
USt-IdNr.: DE225643613

URL: http://www.roessner-net.com/ PGP:
http://www.roessner-net.com/0x6B929997.asc

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 252 bytes
Beschreibung: OpenPGP digital signature
URL         : <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20080827/1a58f067/attachment.asc>

Mehr Informationen über die Mailingliste Postfixbuch-users