Applying Unix quota
Is there a way (policy?) to have POstfix check for the user's Unix
quota before delivering a local mail?
I am using procmail as MDA, so when procmail finds that the mail
cannot be delivered because the user is over quota, it's too late.
Hence I would like to have a sort of
smtpd_end_of_data_restrictions = check_policy_service something
that could accept/reject the mail before it is being handled to the MDA.
- On Sun, 30 Aug 2009, Olivier Nicole wrote:
> Is there a way (policy?) to have POstfix check for the user's UnixSure.
> quota before delivering a local mail?
> I am using procmail as MDA, so when procmail finds that the mailIndeed! Backscatter is bad.
> cannot be delivered because the user is over quota, it's too late.
> Hence I would like to have a sort ofYou could write a policy service to do this, or simply use a utility outside
> smtpd_end_of_data_restrictions = check_policy_service something
> that could accept/reject the mail before it is being handled to the MDA.
of Postfix to update an access(5) map that sends 4xx or 5xx responses for
users that exceed quota.
Sahil Tandon <sahil@...>
> > Hence I would like to have a sort ofI have written the table, it send DUNNO or REJECT depending whether
> > smtpd_end_of_data_restrictions = check_policy_service something
> > that could accept/reject the mail before it is being handled to the MDA.
> You could write a policy service to do this, or simply use a utility outside
> of Postfix to update an access(5) map that sends 4xx or 5xx responses for
> users that exceed quota.
the user is over quota or not.
Where is the best place to hook that table in Postfix?
smtpd_recipient_restrictions = check_recipient_access ldap:...
May not be the best choice because it seems it is check before the aliases are expanded, so if a user over quota is part of an alias, the message will not boun ce for that user.
alias_maps = hash:/etc/aliases, ldap:$config_directory/ldap_user_alias,
command_directory = /usr/local/sbin
config_directory = /usr/local/ETC
content_filter = smtp-amavis:[localhost]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_interfaces = $myhostname, localhost
local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
local_recipient_maps = unix:passwd.byname, $alias_maps, ldap:$config_dir
mail_owner = postfix
mailbox_command = /usr/local/bin/procmail -t -a $HOME
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
masquerade_domains = cs.ait.ac.th
masquerade_exceptions = root
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$my
domain, ufo.$mydomain, banyan.$mydomain, ldap.$mydomain, door.$mydomain,
firewall.$mydomain, dns.$mydomain, amanda.$mydomain, database.$mydomain, sysl
.$mydomain, mailback.$mydomain, csim.ait.asia
mydomain = cs.ait.ac.th
mynetworks = 22.214.171.124/24, 126.96.36.199/32
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
recipient_canonical_maps = ldap:$config_directory/ldap_user_uncanonical,
relay_domains = cs.ait.ac.th, vgl-vforge.cs.ait.ac.th, ait.ac.th, dec.ait.ac.th,
sample_directory = /usr/local/etc
sender_canonical_maps = ldap:$config_directory/ldap_canonical
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_loglevel = 2
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/run/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtpd_client_restrictions = check_client_access cidr:$config_directory/amavis_by
smtpd_recipient_restrictions = check_recipient_access ldap:$config_directory/lda
p_access permit_mynetworks permit_sasl_authenticated reject
_unauth_destination check_policy_service inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /usr/local/ssl/ca/ait-itserv.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/ssl/crt/combined/mail.cs.ait.ac.th.pem
smtpd_tls_key_file = /usr/local/ssl/key/mail.cs.ait.ac.th.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/run/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
tls_daemon_random_bytes = 32
tls_random_bytes = 32
tls_random_exchange_name = /var/run/postfix/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/transport
unknown_local_recipient_reject_code = 550