Loading ...
Sorry, an error occurred while loading the content.

295249Re: Best practice for implementing an policy service on submission port

Expand Messages
  • /dev/rob0
    Sep 4, 2013
    • 0 Attachment
      On Wed, Sep 04, 2013 at 01:06:52PM -0700, Quanah Gibson-Mount wrote:
      > Previous to Postfix 2.10 and the split between
      > smtpd_relay_restrictions and smtpd_recipient_restrictions, our
      > policy service check was in smtpd_recipient_restrictions, and
      > applied to both incoming and outgoing mail. With 2.10, in my
      > efforts to do things correctly, I have left the policy service on
      > port 25 with smtpd_recipient_restrictions, but for the submission
      > port I have:
      > -o smtpd_recipient_restrictions=
      > to strip it out. However, one of the things the policy service
      > (cluebringer/cpbolicyd) offers is rate limiting, which some clients
      > want to implement on their outgoing email.
      > Now, I could modify master.cf so it has:
      > -o smtpd_recipient_restrictions=<policy service bits>
      > but I was wondering if, for the submission port, there was a
      > different recommended method.

      Do you have the same cbpolicyd handling both submission and MX? I
      suppose that's fine, but it makes your policies a bit harder to
      maintain and master.

      If so, I think I'd move it off to some other restriction stage that
      could be shared among both/all smtpd instances.

      smtpd_sender_restrictions=<policy service bits>

      (and no -o to unset it for submission)
      http://rob0.nodns4.us/ -- system administration and consulting
      Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
    • Show all 4 messages in this topic