Loading ...
Sorry, an error occurred while loading the content.

Re: Virtual Aliases + check_policy_service

Expand Messages
  • Cassidy Larson
    Figured it out. Returning a DUNNO from the policy service for valid under-quota and unknown users causes postfix to proceed to the checking of aliases/users.
    Message 1 of 4 , Jul 13, 2013
    • 0 Attachment
      Figured it out. Returning a "DUNNO" from the policy service for valid under-quota and unknown users causes postfix to proceed to the checking of aliases/users.  This allows the mailbox over-quota rejection to work successfully for valid users, and allows virtual aliases to be accepted while denying messages to over-quota users.   Although aliases that deliver to an over-quota user are also accepted, but that's another investigative trip to the manual. Thanks.


      On Sat, Jul 13, 2013 at 6:09 PM, Wietse Venema <wietse@...> wrote:
      Cassidy Larson:
      > I'm trying to get check_policy_service working right by returning an error
      > on a full mailbox to avoid back scatter.  The check_policy_service works
      > fine, except when it comes to virtual alias mappings. When running the
      > check_policy_service on the virtual alias user my
      > smtpd_recipient_restrictions throws back a:
      >
      > 554 5.7.1 <alias@...>: Recipient address rejected: Unknown user

      "Unknown user" is not a Postfix response. You must be getting
      that text from the policy service.

              Wietse

      > smtpd_recipient_restrictions =
      >   reject_non_fqdn_recipient,
      >   reject_unlisted_recipient,
      >   reject_unauth_destination,
      >   check_policy_service inet:10.10.10.10:12340,
      >   permit_auth_destination,
      >   reject
      >
      > Is there any way of permitting virtual users before the check_policy_user
      > on the smtpd_recipient_restrictions?  Or is there another place I should be
      > doing the check_policy_service Quota check?
      >
      > The goal is to reject over-quota mailboxes before the message is accepted,
      > but currently it's rejecting valid Virtual Alias addresses.
      >
      > Any solutions or pointers?
      >
      > Thanks,
      >
      > -c

    • Wietse Venema
      ... You may be able to reject over-quota aliased recipients by using reject_unverified_recipient . This requires that the message store rejects mail for
      Message 2 of 4 , Jul 13, 2013
      • 0 Attachment
        Cassidy Larson:
        > Figured it out. Returning a "DUNNO" from the policy service for valid
        > under-quota and unknown users causes postfix to proceed to the checking of
        > aliases/users. This allows the mailbox over-quota rejection to work
        > successfully for valid users, and allows virtual aliases to be accepted
        > while denying messages to over-quota users. Although aliases that deliver
        > to an over-quota user are also accepted, but that's another investigative
        > trip to the manual. Thanks.

        You may be able to reject over-quota aliased recipients by using
        "reject_unverified_recipient". This requires that the message store
        rejects mail for over-quota recipients without accepting the message.

        reject_unverified_recipient uses a cache, so it is not significantly
        more expensive than asking a policy daemon.

        See also: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient

        Wietse
      Your message has been successfully submitted and would be delivered to recipients shortly.