Loading ...
Sorry, an error occurred while loading the content.

Only check_policy_service for authenticated / relayed emails

Expand Messages
  • Tobia Conforto
    Hello Can I configure Postfix 2.7 to only run check_policy_service for SASL authenticated emails? My purpose for doing so is to have a quota policy in place
    Message 1 of 2 , Oct 31, 2012
    • 0 Attachment
      Hello

      Can I configure Postfix 2.7 to only run check_policy_service for SASL authenticated emails?

      My purpose for doing so is to have a quota policy in place (max amount of email relayed by unit of time, for each authenticated user) in case one of my users' accounts get compromised, so that the attacker cannot relay huge amounts of spam before I have a chance to disable the compromised account.

      My recipient restrictions currently are as follows:

      smtpd_recipient_restrictions =
      reject_non_fqdn_recipient
      check_policy_service inet:127.0.0.1:10031
      permit_sasl_authenticated
      permit_mynetworks
      reject_unauth_destination
      reject_unlisted_recipient
      reject_non_fqdn_sender
      permit

      This clearly checks all email against the policy server.

      Can I have Postfix check SASL authenticated emails only?

      Better yet, can I have it only check emails that would be relayed outside the system by authenticated users? That would be ideal.

      -Tobia
    • Ralf Hildebrandt
      ... Not really. You can if SASL authenticated email come in via an alternate port. As an alternative you can make your policy daemon CHECK for the attributes
      Message 2 of 2 , Oct 31, 2012
      • 0 Attachment
        * Tobia Conforto <tobia.conforto@...>:
        > Hello
        >
        > Can I configure Postfix 2.7 to only run check_policy_service for SASL authenticated emails?

        Not really. You can if SASL authenticated email come in via an
        alternate port.

        As an alternative you can make your policy daemon CHECK for the
        attributes

        sasl_method
        sasl_username
        sasl_sender

        --
        [*] sys4 AG

        http://sys4.de, +49 (89) 30 90 46 64
        Franziskanerstraße 15, 81669 München

        Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
        Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
        Aufsichtsratsvorsitzender: Joerg Heidrich
      Your message has been successfully submitted and would be delivered to recipients shortly.