Postfix provides several “checks” that can be evaluated at different “stages” of the incoming SMTP connection. “checks” are something like “is the remote client SASL-Authenticated?”, “is the remote client providing an FQDN HELO Hostname?”, “is the remote client asking for SMTP pipelining?”, as well as “is the remote client blacklisted in some RBL?” or “is the remote client connecting from one of my IP subnet”?
Such checks can be evaluated at different stage of the SMTP transaction:
- as soon as the TCP connection is established (smtpd_client_restrictions)
- when the client issue a “MAIL FROM” command (smtpd_sender_restrictions)
- when the client send an “RCPT TO” command (smtpd_recipient_restrictions)
as well as at other stages.
Restrictions/Directives above, can be combined as in the following example (please note that “...restrictions are applied in the order as specified; the first restriction that matches wins”):
smtpd_client_restrictions =
permit_sasl_authenticated
check_client_access hash:/etc/postfix/access
check_policy_service inet:127.0.0.1:4466
warn_if_reject reject_unknown_reverse_client_hostname
reject_non_fqdn_helo_hostname
reject_unauth_pipelining
reject_invalid_helo_hostname
reject_rbl_client bl.spamcop.net
smtpd_sender_restrictions =
reject_non_fqdn_sender,
reject_unknown_sender_domain,
check_sender_access hash:/etc/postfix/sender_access
smtpd_recipient_restrictions =
check_policy_service inet:127.0.0.1:10045,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_recipient_access hash:/etc/postfix/access_recipient
permit_mynetworks,
warn_if_reject reject_unverified_recipient,
reject_unauth_destination,
check_policy_service inet:127.0.0.1:2501`
In order to properly LOG useful information that might not be known in the “smtpd_client_restrictions” (or other) context, the parameter “smtpd_delay_reject=yes” might be useful, as it will delay the “rejection time”, so to collect other infos (the recipient, for example, very useful to properly troubleshoot problems with end users complaining for missing received mail).
Postfix is a very complex system and, as such, is extremely flexible and powerful. You can find lots of information in the official web-pages (es.: http://www.postfix.org/postconf.5.html) that, BTW, includes also some useful configs that can be used as a starting point for your own setup (http://www.postfix.org/STANDARD_CONFIGURATION_README.html)
P.S.: please, be “kind” with this answer as... it's my first POST in the ServerFault/StackExchange arena ;-)
Best Answer
You could pretty easily do this by specifying a new master transport in the smtpd section of main.cf:
Then in master.cf:
In /path/to/your_script, just have it sleep(X) and exit(0). You can use this script/config as an example of how to implement external script interaction with postfix:
http://www.howtoforge.com/postfix_spf