Loading ...
Sorry, an error occurred while loading the content.
 

Applying Unix quota

Expand Messages
  • Olivier Nicole
    Hi, Is there a way (policy?) to have POstfix check for the user s Unix quota before delivering a local mail? I am using procmail as MDA, so when procmail finds
    Message 1 of 3 , Aug 29, 2009
      Hi,

      Is there a way (policy?) to have POstfix check for the user's Unix
      quota before delivering a local mail?

      I am using procmail as MDA, so when procmail finds that the mail
      cannot be delivered because the user is over quota, it's too late.

      Hence I would like to have a sort of
      smtpd_end_of_data_restrictions = check_policy_service something
      that could accept/reject the mail before it is being handled to the MDA.

      Bests,

      olivier
    • Sahil Tandon
      ... Sure. ... Indeed! Backscatter is bad. ... You could write a policy service to do this, or simply use a utility outside of Postfix to update an access(5)
      Message 2 of 3 , Aug 29, 2009
        On Sun, 30 Aug 2009, Olivier Nicole wrote:

        > Is there a way (policy?) to have POstfix check for the user's Unix
        > quota before delivering a local mail?

        Sure.

        > I am using procmail as MDA, so when procmail finds that the mail
        > cannot be delivered because the user is over quota, it's too late.

        Indeed! Backscatter is bad.

        > Hence I would like to have a sort of
        > smtpd_end_of_data_restrictions = check_policy_service something
        > that could accept/reject the mail before it is being handled to the MDA.

        You could write a policy service to do this, or simply use a utility outside
        of Postfix to update an access(5) map that sends 4xx or 5xx responses for
        users that exceed quota.

        --
        Sahil Tandon <sahil@...>
      • Olivier Nicole
        Hi, ... I have written the table, it send DUNNO or REJECT depending whether the user is over quota or not. Where is the best place to hook that table in
        Message 3 of 3 , Sep 1, 2009
          Hi,

          > > Hence I would like to have a sort of
          > > smtpd_end_of_data_restrictions = check_policy_service something
          > > that could accept/reject the mail before it is being handled to the MDA.
          >
          > You could write a policy service to do this, or simply use a utility outside
          > of Postfix to update an access(5) map that sends 4xx or 5xx responses for
          > users that exceed quota.

          I have written the table, it send DUNNO or REJECT depending whether
          the user is over quota or not.

          Where is the best place to hook that table in Postfix?

          smtpd_recipient_restrictions = check_recipient_access ldap:...

          May not be the best choice because it seems it is check before the aliases are expanded, so if a user over quota is part of an alias, the message will not boun ce for that user.

          Bests,

          Olivier


          alias_maps = hash:/etc/aliases, ldap:$config_directory/ldap_user_alias,
          ldap:$config_directory/ldap_deleted_alias, ldap:$config_directory/l
          dap_user_alias_fullname, ldap:$config_directory/ldap_deleted_alias_fullna
          me, ldap:$config_directory/ldap_alias
          command_directory = /usr/local/sbin
          config_directory = /usr/local/ETC
          content_filter = smtp-amavis:[localhost]:10024
          daemon_directory = /usr/local/libexec/postfix
          data_directory = /var/db/postfix
          debug_peer_level = 2
          home_mailbox = Maildir/
          html_directory = /usr/local/share/doc/postfix
          inet_interfaces = $myhostname, localhost
          local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
          local_recipient_maps = unix:passwd.byname, $alias_maps, ldap:$config_dir
          ectory/ldap_local_recipient
          mail_owner = postfix
          mailbox_command = /usr/local/bin/procmail -t -a $HOME
          mailq_path = /usr/local/bin/mailq
          manpage_directory = /usr/local/man
          masquerade_domains = cs.ait.ac.th
          masquerade_exceptions = root
          mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$my
          domain, ufo.$mydomain, banyan.$mydomain, ldap.$mydomain, door.$mydomain,
          firewall.$mydomain, dns.$mydomain, amanda.$mydomain, database.$mydomain, sysl
          .$mydomain, mailback.$mydomain, csim.ait.asia
          mydomain = cs.ait.ac.th
          mynetworks = 192.41.170.0/24, 203.159.32.0/32
          myorigin = $mydomain
          newaliases_path = /usr/local/bin/newaliases
          queue_directory = /var/spool/postfix
          readme_directory = /usr/local/share/doc/postfix
          recipient_canonical_maps = ldap:$config_directory/ldap_user_uncanonical,
          ldap:$config_directory/ldap_deleted_uncanonical
          relay_domains = cs.ait.ac.th, vgl-vforge.cs.ait.ac.th, ait.ac.th, dec.ait.ac.th,
          interlab.ait.ac.th, gmseenet.org
          sample_directory = /usr/local/etc
          sender_canonical_maps = ldap:$config_directory/ldap_canonical
          sendmail_path = /usr/local/sbin/sendmail
          setgid_group = maildrop
          smtp_tls_loglevel = 2
          smtp_tls_security_level = may
          smtp_tls_session_cache_database = btree:/var/run/postfix/smtp_scache
          smtp_tls_session_cache_timeout = 3600s
          ...skipping...
          smtpd_client_restrictions = check_client_access cidr:$config_directory/amavis_by
          pass
          smtpd_recipient_restrictions = check_recipient_access ldap:$config_directory/lda
          p_access permit_mynetworks permit_sasl_authenticated reject
          _unauth_destination check_policy_service inet:127.0.0.1:10023
          smtpd_sasl_auth_enable = yes
          smtpd_sasl_path = private/auth
          smtpd_sasl_type = dovecot
          smtpd_tls_CAfile = /usr/local/ssl/ca/ait-itserv.crt
          smtpd_tls_auth_only = yes
          smtpd_tls_cert_file = /usr/local/ssl/crt/combined/mail.cs.ait.ac.th.pem
          smtpd_tls_key_file = /usr/local/ssl/key/mail.cs.ait.ac.th.key
          smtpd_tls_loglevel = 1
          smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
          smtpd_tls_received_header = yes
          smtpd_tls_security_level = may
          smtpd_tls_session_cache_database = btree:/var/run/postfix/smtpd_scache
          smtpd_tls_session_cache_timeout = 3600s
          tls_daemon_random_bytes = 32
          tls_random_bytes = 32
          tls_random_exchange_name = /var/run/postfix/prng_exch
          tls_random_prng_update_period = 3600s
          tls_random_reseed_period = 3600s
          tls_random_source = dev:/dev/urandom
          transport_maps = hash:/usr/local/etc/transport
          unknown_local_recipient_reject_code = 550
        Your message has been successfully submitted and would be delivered to recipients shortly.