Re: Best practice for implementing an policy service on submission port
- --On Wednesday, September 04, 2013 3:21 PM -0500 "/dev/rob0"
> On Wed, Sep 04, 2013 at 01:06:52PM -0700, Quanah Gibson-Mount wrote:Yeah, we do it this way currently, and in looking at this, it did occur to
>> Previous to Postfix 2.10 and the split between
>> smtpd_relay_restrictions and smtpd_recipient_restrictions, our
>> policy service check was in smtpd_recipient_restrictions, and
>> applied to both incoming and outgoing mail. With 2.10, in my
>> efforts to do things correctly, I have left the policy service on
>> port 25 with smtpd_recipient_restrictions, but for the submission
>> port I have:
>> -o smtpd_recipient_restrictions=
>> to strip it out. However, one of the things the policy service
>> (cluebringer/cpbolicyd) offers is rate limiting, which some clients
>> want to implement on their outgoing email.
>> Now, I could modify master.cf so it has:
>> -o smtpd_recipient_restrictions=<policy service bits>
>> but I was wondering if, for the submission port, there was a
>> different recommended method.
> Do you have the same cbpolicyd handling both submission and MX? I
> suppose that's fine, but it makes your policies a bit harder to
> maintain and master.
me that we really should have two separate instances, one for incoming and
one for outgoing, in the long term.
> If so, I think I'd move it off to some other restriction stage thatOk, thanks!
> could be shared among both/all smtpd instances.
> smtpd_sender_restrictions=<policy service bits>
> (and no -o to unset it for submission)
Zimbra :: the leader in open source messaging and collaboration