On our server we are using policyd 1.x together with Postfix 2.1.5 for greylisting and enforcing incoming quotas from unauthorized users (ie. mail for our domains). For this, I have set up Postfix main.cf like this:
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10031
...
smtpd_recipient_restrictions =
permit_mynetworks,
...
permit_sasl_authenticated,
...
check_client_access pcre:/etc/postfix/checks/greylist.pcre,
and set up a selective greylisting configuration:
# greylist.pcre
/^unknown$/ greylisting
# TLDs with high spam rate
/\.(ni|ru|hu|us|si|sk|cn|jp|ro|hn|mx|br|ar|cc|ae|ee|my|tr|pt|cz)$/ greylisting
... etc
i.e. the SASL authentication overrides policyd. So far, this works great. However, I would now like to use policyd as well for authenticated users and set up a completely different rule set for these users:
For SOME unauthorized users, based on remote host name,
- greylisting,
- accounting (limit number of mails per time) with defaults,
- blacklisting,
- whitelisting.
For authorized (SASL) users,
- no greylisting,
- different user-specific outgoing mail quota with default,
- no blacklisting,
- no whitelisting.
So far, I think I have to run another instance of policyd with different SQL database and configuration file.
Is this true or is there a way to configure a single instance of policyd to use different rulesets based on remote hostname AND SASL authentication status?
