/usr/share/doc/postfix-policyd-spf-python/README.per_user_whitelisting is in postfix-policyd-spf-python 1.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 | This document illustrates applying different SMTPD Access Restrictions
for different recipients depending upon whether a message gets SPF
Pass. An understanding of at least the following Postfix documents
and associated man pages is required.
RESTRICTION_CLASS_README
SMTPD_ACCESS_README
SMTPD_POLICY_README
The Postfix RESTRICTION_CLASS_README opens with the following example
illustrating the use of different restrictions for different
recipients.
/etc/postfix/main.cf:
smtpd_restriction_classes = restrictive, permissive
# With Postfix < 2.3 specify reject_unknown_client.
restrictive = reject_unknown_sender_domain
reject_unknown_client_hostname ...
permissive = permit
smtpd_recipient_restrictions
permit_mynetworks
reject_unauth_destination
check_recipient_access hash:/etc/postfix/recipient_access
/etc/postfix/recipient_access:
joe@my.domain permissive
jane@my.domain restrictive
The example below illustrates using this policy-spf daemon with the
Postfix "check_policy_service" access restriction to apply the
"permissive" restriction only to messages getting SPF Pass.
/etc/python-policyd-spf/policyd-spf.conf:
HELO_pass_restriction = spf_fin, passed_spf
Mail_From_pass_restriction = spf_fin, passed_spf
/etc/python-policyd-spf/policyd-spf-fin.conf:
HELO_reject = False
Mail_From_reject = False
/etc/postfix/master.cf:
policyd-spf unix - n n - 0 spawn
user=nobody argv=/usr/bin/python
/usr/bin/policyd-spf
policyd-spf-fin unix - n n - 0 spawn
user=nobody argv=/usr/bin/python
/usr/bin/policyd-spf /etc/python-policyd-spf/policyd-spf-fin.conf
/etc/postfix/main.cf:
spf_fin = check_policy_service unix:private/policyd-spf-fin
smtpd_restriction_classes = restrictive, permissive, spf_fin, passed_spf
restrictive = reject_unknown_sender_domain
reject_unknown_client_hostname ...
permissive = permit
passed_spf
check_recipient_access hash:/etc/postfix/recipient_access
restrictive
smtpd_recipient_restrictions permit_mynetworks
reject_unauth_destination
check_policy_service unix:private/policyd-spf
restrictive
policyd-spf_time_limit = 3600
policyd-spf-fin_time_limit = 3600
/etc/postfix/recipient_access:
joe@my.domain permissive
jane@my.domain restrictive
|