Here is my SMTP situation.
Mail flow is tagged by an online relay provider (!!SPAM!!, !!BULK!!, etc)
Mail flow is received by an internal postfix. Transport is configured to relay to our internal Exchange else if subject are tagged. I do that using Header_checks. The tagged mail flow is dispatched to our quarantine server (webUI for individual users etc …)
/^[sS]ubject:.*!!SPAM!!*/ FILTER smtp:192.168.11.250
/^[sS]ubject:.*!!BULK!!*/ FILTER smtp:192.168.11.250
/^[sS]ubject:.*!!SUSPECT!!*/ FILTER smtp:192.168.11.250
It works fine.
Our quarantine server can generate a list of trusted sender for users.
This whitelist is availlable and I can download it to my postfix.
My question is: how can I apply my whitelist before the header checking ?
If Subject contains *!!SPAM!!*
then
If from contains trustedsender@domain.com AND if to contains InternalUser@domain.com
Then redirect to internal exchange server
else redirect to quarantine server
endif
endif
I don't know how to do that. Any hints?
Best Answer
After comment from @masegaloeh I've found a solution. The idea is to have a second postfix SMTP server listening on 10025 with a policy server in order to send mails to the normal server (if whitelisted) or to the quarantine server.
The idea was starting as your header_checks solution, in main.cf:
In header_checks:
Then in master.cf (edited with @masegaloeh comments):
This makes the second instance of postfix override the use of header_checks.
And in main.cf
And the contents of policy-server-switcher
Of course you will need to program your policy server to load the whitelist from database or LDAP, here is just an example to get the idea.
But this still have some caveats, suppose I send a mail with this
This will go to the normal server for alphamikevictor and for thomas, as far as the last test against the policy server returns FILTER to the normal, but if you place alphamikevictor on second position then it will send mail for both recipients to quarantine.