From: "Daniel L. Miller" on
I realize the developers and senior ops may be a bit irritated by some
of my recent queries. I plead ignorance - and a desire to improve.

I currently utilize ASSP as my primary filter. In the past, I have
heard that there is nothing ASSP does that cannot be done utilizing
alternative tools - in many cases built-in Postfix functionality.
Regardless of your opinion of ASSP, there is a particular feature which
I cannot replicate - hence my questions. That feature is auto-whitelisting.

The goal is simple - there are some people & businesses my company needs
to correspond with no matter how strict my filter, and no matter how
badly the remote site is configured. Waiting to receive a message
carrying critical business information is simply unacceptable - so I
need an alternative. ASSP provides me with one - by the simple act of a
user sending a message to a remote, that address and/or domain is
immediately whitelisted and immediately bypasses nearly all the spam
filters (virus scans still occur).

Daily scanning of logfiles does not accomplish this. Nor would even an
hourly scan - and constant logfile scanning strikes me as inelegant. If
there is any method currently existing within Postfix to accomplish this
goal please point me at it! If not, I'd like to discuss possible means
and methods for a future implementation.

--
Daniel

From: Sahil Tandon on
On Sun, 17 Jan 2010, Daniel L. Miller wrote:

> The goal is simple - there are some people & businesses my company
> needs to correspond with no matter how strict my filter, and no
> matter how badly the remote site is configured. Waiting to receive
> a message carrying critical business information is simply
> unacceptable - so I need an alternative. ASSP provides me with one
> - by the simple act of a user sending a message to a remote, that
> address and/or domain is immediately whitelisted and immediately
> bypasses nearly all the spam filters (virus scans still occur).

I do not know of a stock Postfix feature that provides this
functionality. amavisd-new has 'pen pals' which does something similar
to what you desire. Question: does ASSP simply whitelist the envelope
sender if it matches the envelope recipient of a message sent by one of
your users? That is to say, are messages spoofed with whitelisted
envelope senders simply given a free pass through all your checks?

--
Sahil Tandon <sahil(a)tandon.net>

From: "Daniel L. Miller" on
Henrik K wrote:
> On Sun, Jan 17, 2010 at 10:44:48PM -0800, Daniel L. Miller wrote:
>
>> Daily scanning of logfiles does not accomplish this. Nor would even an
>> hourly scan - and constant logfile scanning strikes me as inelegant. If
>> there is any method currently existing within Postfix to accomplish this
>> goal please point me at it! If not, I'd like to discuss possible means
>> and methods for a future implementation.
>>
>
> I've been meaning to make something like this for postfix, your post
> refreshed me. Amavisd-new penpals is ok (and you can make other custom
> queries to it's database), but it can't make MTA bypass all the ptr/helo/foo
> checks. My main problem is all bad SOHO servers etc that get blocked by
> those.
>
> It can be achieved with a simple policy daemon that records all outgoing
> recipients and/or relays and compares them for incoming messages, possibly
> adding a header that you can also reuse in SA for scoring.
>
I created one - the problem is execution. I took the greylist.pl and
tweaked it - and it now adds recipient addresses to a database very
simply. But I only want that to happen with valid senders/clients.
Placing this policy daemon, which always returns "dunno", in the
smtpd_recipient_restrictions very simply generates a list of recipients
- but without any validation. And duplicating validation within this
daemon strikes me as wasteful.

Ideally, I'd like this daemon called immediately upon successful
delivery, or at what Postfix determines as "successful delivery" based
on the remote server response. Without tailing the logfile I don't see
how else to accomplish it - but I don't LIKE that form of
implementation. Might be the only way to do it at this time - but
perhaps having such status messages available might be considered
sufficiently worthwhile to implement a new feature?

--
Daniel

From: Wietse Venema on
Daniel L. Miller:
> Henrik K wrote:
> > On Sun, Jan 17, 2010 at 10:44:48PM -0800, Daniel L. Miller wrote:
> >
> >> Daily scanning of logfiles does not accomplish this. Nor would even an
> >> hourly scan - and constant logfile scanning strikes me as inelegant. If
> >> there is any method currently existing within Postfix to accomplish this
> >> goal please point me at it! If not, I'd like to discuss possible means
> >> and methods for a future implementation.
> >>
> >
> > I've been meaning to make something like this for postfix, your post
> > refreshed me. Amavisd-new penpals is ok (and you can make other custom
> > queries to it's database), but it can't make MTA bypass all the ptr/helo/foo
> > checks. My main problem is all bad SOHO servers etc that get blocked by
> > those.
> >
> > It can be achieved with a simple policy daemon that records all outgoing
> > recipients and/or relays and compares them for incoming messages, possibly
> > adding a header that you can also reuse in SA for scoring.
> >
> I created one - the problem is execution. I took the greylist.pl and
> tweaked it - and it now adds recipient addresses to a database very
> simply. But I only want that to happen with valid senders/clients.
> Placing this policy daemon, which always returns "dunno", in the
> smtpd_recipient_restrictions very simply generates a list of recipients
> - but without any validation. And duplicating validation within this
> daemon strikes me as wasteful.
>
> Ideally, I'd like this daemon called immediately upon successful
> delivery, or at what Postfix determines as "successful delivery" based
> on the remote server response. Without tailing the logfile I don't see
> how else to accomplish it - but I don't LIKE that form of
> implementation. Might be the only way to do it at this time - but
> perhaps having such status messages available might be considered
> sufficiently worthwhile to implement a new feature?

I'm not sure you are solving the right problem. What is the likelihood
that a local user specifies an invalid remote address, and how
problematic is it for your to have a few invalid remote addresses
on your whitelist? If you use a btree or hash database, they won't
slow down the database searches.

Valid addresses don't live forever, either. After some time you
will have to expire unused entries from your database anyway, so
you might just as well live with a minor degree of pollution from
the occasional invalid remote address.

Wietse

From: "Daniel L. Miller" on
Wietse Venema wrote:
> Daniel L. Miller:
>
>> Henrik K wrote:
>>
>>> On Sun, Jan 17, 2010 at 10:44:48PM -0800, Daniel L. Miller wrote:
>>>
>>>
>>>> Daily scanning of logfiles does not accomplish this. Nor would even an
>>>> hourly scan - and constant logfile scanning strikes me as inelegant. If
>>>> there is any method currently existing within Postfix to accomplish this
>>>> goal please point me at it! If not, I'd like to discuss possible means
>>>> and methods for a future implementation.
>>>>
>>>>
>>> I've been meaning to make something like this for postfix, your post
>>> refreshed me. Amavisd-new penpals is ok (and you can make other custom
>>> queries to it's database), but it can't make MTA bypass all the ptr/helo/foo
>>> checks. My main problem is all bad SOHO servers etc that get blocked by
>>> those.
>>>
>>> It can be achieved with a simple policy daemon that records all outgoing
>>> recipients and/or relays and compares them for incoming messages, possibly
>>> adding a header that you can also reuse in SA for scoring.
>>>
>>>
>> I created one - the problem is execution. I took the greylist.pl and
>> tweaked it - and it now adds recipient addresses to a database very
>> simply. But I only want that to happen with valid senders/clients.
>> Placing this policy daemon, which always returns "dunno", in the
>> smtpd_recipient_restrictions very simply generates a list of recipients
>> - but without any validation. And duplicating validation within this
>> daemon strikes me as wasteful.
>>
>> Ideally, I'd like this daemon called immediately upon successful
>> delivery, or at what Postfix determines as "successful delivery" based
>> on the remote server response. Without tailing the logfile I don't see
>> how else to accomplish it - but I don't LIKE that form of
>> implementation. Might be the only way to do it at this time - but
>> perhaps having such status messages available might be considered
>> sufficiently worthwhile to implement a new feature?
>>
>
> I'm not sure you are solving the right problem. What is the likelihood
> that a local user specifies an invalid remote address, and how
> problematic is it for your to have a few invalid remote addresses
> on your whitelist? If you use a btree or hash database, they won't
> slow down the database searches.
>
> Valid addresses don't live forever, either. After some time you
> will have to expire unused entries from your database anyway, so
> you might just as well live with a minor degree of pollution from
> the occasional invalid remote address.
>
I cheated - I went right past sender validation and started discussing
recipient verification. Because Postfix already does (or can do)
recipient verification, I like the thought of keeping the whitelist
clean. You're of course correct that the whitelist would need
expiration at some point.

But my primary issue is sender validation. I don't see how, currently,
to implement this as a policy daemon without re-writing sender
validation into the policy daemon. I don't see any way, for example, to
call another policy daemon after permit_sasl_authenticated returns "OK".

--
Daniel