The Postfix MTA has the ability to invoke external policy services to determine what to do with an incoming email. The advantage of this approach is that the MTA can evaluate how to dispose the email while the sending server is connected. Because the envelope sender address can be forged, this can reduce the impact of sending a bounce or message delivery error to the wrong address.
With that in mind, I created a simplistic Postfix policy service which queries TMDA to determine what to do. The code below is an initial trial, which has some caveats:
- It only works on filter rules that result in a bounce. It currently ignores things like ACTION_INCOMING, ACTION_FAIL_* and ACTION_EXPIRED_DATED.
- It has external dependancies: grep, cut, logger
- It's not written in python so it's integration with TMDA is limited to the features of external TMDA programs
- It only works with the "bounce" TMDA action. Ideally, it would work with the confirm action, but unfortunately, SMTP doesn't allow for sufficient space to specify a confirmation request in a 550 bounce error message. There may be enough space to specify a URL for which could be used for confirmation.
Here's how you install this policy daemon:
- Make sure that you've set "ALLOW_MODE_640 = True" in /etc/tmdarc
- Make sure that all users .tmda/config and .tmda/crypt_key have their group set to "mail" and have 640 permissions
- Copy the code (see below) into /usr/local/src/tmda/contrib/tmda-postfix-policy.sh
- Add the following to master.cf:
tmda unix - n n - - spawn user=mail argv=/bin/bash /usr/local/src/tmda/contrib/tmda-postfix-policy.sh - Add the following to main.cf:
smtpd_recipient_restrictions = permit_mynetworks, check_policy_service unix:private/tmdaAlternatively, you can add it to "smtpd_data_restrictions" or "smtpd_end_of_data_restrictions". - Restart Postfix
This is the code that implements this: tmda-postfix-policy.sh