Loading ...
Sorry, an error occurred while loading the content.

Re: Virtual Aliases + check_policy_service

Expand Messages
  • Wietse Venema
    ... Unknown user is not a Postfix response. You must be getting that text from the policy service. Wietse
    Message 1 of 4 , Jul 13 5:09 PM
    • 0 Attachment
      Cassidy Larson:
      > I'm trying to get check_policy_service working right by returning an error
      > on a full mailbox to avoid back scatter. The check_policy_service works
      > fine, except when it comes to virtual alias mappings. When running the
      > check_policy_service on the virtual alias user my
      > smtpd_recipient_restrictions throws back a:
      >
      > 554 5.7.1 <alias@...>: Recipient address rejected: Unknown user

      "Unknown user" is not a Postfix response. You must be getting
      that text from the policy service.

      Wietse

      > smtpd_recipient_restrictions =
      > reject_non_fqdn_recipient,
      > reject_unlisted_recipient,
      > reject_unauth_destination,
      > check_policy_service inet:10.10.10.10:12340,
      > permit_auth_destination,
      > reject
      >
      > Is there any way of permitting virtual users before the check_policy_user
      > on the smtpd_recipient_restrictions? Or is there another place I should be
      > doing the check_policy_service Quota check?
      >
      > The goal is to reject over-quota mailboxes before the message is accepted,
      > but currently it's rejecting valid Virtual Alias addresses.
      >
      > Any solutions or pointers?
      >
      > Thanks,
      >
      > -c
    • Cassidy Larson
      Figured it out. Returning a DUNNO from the policy service for valid under-quota and unknown users causes postfix to proceed to the checking of aliases/users.
      Message 2 of 4 , Jul 13 5:13 PM
      • 0 Attachment
        Figured it out. Returning a "DUNNO" from the policy service for valid under-quota and unknown users causes postfix to proceed to the checking of aliases/users.  This allows the mailbox over-quota rejection to work successfully for valid users, and allows virtual aliases to be accepted while denying messages to over-quota users.   Although aliases that deliver to an over-quota user are also accepted, but that's another investigative trip to the manual. Thanks.


        On Sat, Jul 13, 2013 at 6:09 PM, Wietse Venema <wietse@...> wrote:
        Cassidy Larson:
        > I'm trying to get check_policy_service working right by returning an error
        > on a full mailbox to avoid back scatter.  The check_policy_service works
        > fine, except when it comes to virtual alias mappings. When running the
        > check_policy_service on the virtual alias user my
        > smtpd_recipient_restrictions throws back a:
        >
        > 554 5.7.1 <alias@...>: Recipient address rejected: Unknown user

        "Unknown user" is not a Postfix response. You must be getting
        that text from the policy service.

                Wietse

        > smtpd_recipient_restrictions =
        >   reject_non_fqdn_recipient,
        >   reject_unlisted_recipient,
        >   reject_unauth_destination,
        >   check_policy_service inet:10.10.10.10:12340,
        >   permit_auth_destination,
        >   reject
        >
        > Is there any way of permitting virtual users before the check_policy_user
        > on the smtpd_recipient_restrictions?  Or is there another place I should be
        > doing the check_policy_service Quota check?
        >
        > The goal is to reject over-quota mailboxes before the message is accepted,
        > but currently it's rejecting valid Virtual Alias addresses.
        >
        > Any solutions or pointers?
        >
        > Thanks,
        >
        > -c

      • Wietse Venema
        ... You may be able to reject over-quota aliased recipients by using reject_unverified_recipient . This requires that the message store rejects mail for
        Message 3 of 4 , Jul 13 5:51 PM
        • 0 Attachment
          Cassidy Larson:
          > Figured it out. Returning a "DUNNO" from the policy service for valid
          > under-quota and unknown users causes postfix to proceed to the checking of
          > aliases/users. This allows the mailbox over-quota rejection to work
          > successfully for valid users, and allows virtual aliases to be accepted
          > while denying messages to over-quota users. Although aliases that deliver
          > to an over-quota user are also accepted, but that's another investigative
          > trip to the manual. Thanks.

          You may be able to reject over-quota aliased recipients by using
          "reject_unverified_recipient". This requires that the message store
          rejects mail for over-quota recipients without accepting the message.

          reject_unverified_recipient uses a cache, so it is not significantly
          more expensive than asking a policy daemon.

          See also: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient

          Wietse
        Your message has been successfully submitted and would be delivered to recipients shortly.