Re: Policy delegation after alias expansion
- Reinaldo Gil Lima de Carvalho:
> On Wed, Nov 14, 2012 at 9:15 PM, Wietse Venema <wietse@...> wrote:I suggest that you try to solve the quota problem with an access map.
> > Reinaldo de Carvalho:
> > > Is possible call a policy daemon after alias expansion?
> > local_recipient_maps and reject_unverified_recipient will verify
> > that the alias exist, but won't look at the result of expansion.
> Then I need make the alias expansion in the policy daemon to check quota
> availability on my cyrus cluster (returning temp error keeping message on
> sender queue).
> And I need add support to many backends like ldap, mysql, postgresql,
> etc. Would
> be great if postfix could do this and take postfix tables lookup
Aliases can nest, redirect via .forward files, and so on. Figuring
all that out can use up a lot of resources Your suggestion has
great potential for DOS attacks, where very cheap RCPT TO commands
at the SMTP port can bring a server to its knees.
The Postfix solution would be a variation on the address verify
cache, where delivery agents maintain a success/failure database
for certain actions, and where the SMTP server can be configured
to query that database. But this is harder than address verification
- now, Postfix must also be able to recognize WHY a down-stream
(LMTP) server is rejecting mail.