Loading ...
Sorry, an error occurred while loading the content.

Re: Best practice for implementing an policy service on submission port

Expand Messages
  • Quanah Gibson-Mount
    --On Wednesday, September 04, 2013 3:21 PM -0500 /dev/rob0 ... Yeah, we do it this way currently, and in looking at this, it did occur to me that we really
    Message 1 of 4 , Sep 4, 2013
    • 0 Attachment
      --On Wednesday, September 04, 2013 3:21 PM -0500 "/dev/rob0"
      <rob0@...> wrote:

      > On Wed, Sep 04, 2013 at 01:06:52PM -0700, Quanah Gibson-Mount wrote:
      >> Previous to Postfix 2.10 and the split between
      >> smtpd_relay_restrictions and smtpd_recipient_restrictions, our
      >> policy service check was in smtpd_recipient_restrictions, and
      >> applied to both incoming and outgoing mail. With 2.10, in my
      >> efforts to do things correctly, I have left the policy service on
      >> port 25 with smtpd_recipient_restrictions, but for the submission
      >> port I have:
      >> -o smtpd_recipient_restrictions=
      >> to strip it out. However, one of the things the policy service
      >> (cluebringer/cpbolicyd) offers is rate limiting, which some clients
      >> want to implement on their outgoing email.
      >> Now, I could modify master.cf so it has:
      >> -o smtpd_recipient_restrictions=<policy service bits>
      >> but I was wondering if, for the submission port, there was a
      >> different recommended method.
      > Do you have the same cbpolicyd handling both submission and MX? I
      > suppose that's fine, but it makes your policies a bit harder to
      > maintain and master.

      Yeah, we do it this way currently, and in looking at this, it did occur to
      me that we really should have two separate instances, one for incoming and
      one for outgoing, in the long term.

      > If so, I think I'd move it off to some other restriction stage that
      > could be shared among both/all smtpd instances.
      > smtpd_sender_restrictions=<policy service bits>
      > (and no -o to unset it for submission)

      Ok, thanks!



      Quanah Gibson-Mount
      Lead Engineer
      Zimbra, Inc
      Zimbra :: the leader in open source messaging and collaboration
    Your message has been successfully submitted and would be delivered to recipients shortly.