Loading ...
Sorry, an error occurred while loading the content.

Re: Policy delegation after alias expansion

Expand Messages
  • Wietse Venema
    ... I suggest that you try to solve the quota problem with an access map. Aliases can nest, redirect via .forward files, and so on. Figuring all that out can
    Message 1 of 5 , Nov 14, 2012
    • 0 Attachment
      Reinaldo Gil Lima de Carvalho:
      > On Wed, Nov 14, 2012 at 9:15 PM, Wietse Venema <wietse@...> wrote:
      >
      > > Reinaldo de Carvalho:
      > > > Is possible call a policy daemon after alias expansion?
      > >
      > > local_recipient_maps and reject_unverified_recipient will verify
      > > that the alias exist, but won't look at the result of expansion.
      > >
      > >
      > Then I need make the alias expansion in the policy daemon to check quota
      > availability on my cyrus cluster (returning temp error keeping message on
      > sender queue).
      >
      > And I need add support to many backends like ldap, mysql, postgresql,
      > etc. Would
      > be great if postfix could do this and take postfix tables lookup
      > proficiency.

      I suggest that you try to solve the quota problem with an access map.

      Aliases can nest, redirect via .forward files, and so on. Figuring
      all that out can use up a lot of resources Your suggestion has
      great potential for DOS attacks, where very cheap RCPT TO commands
      at the SMTP port can bring a server to its knees.

      The Postfix solution would be a variation on the address verify
      cache, where delivery agents maintain a success/failure database
      for certain actions, and where the SMTP server can be configured
      to query that database. But this is harder than address verification
      - now, Postfix must also be able to recognize WHY a down-stream
      (LMTP) server is rejecting mail.

      Wietse
    Your message has been successfully submitted and would be delivered to recipients shortly.