--On Friday, November 21, 2008 7:49 PM -0800 Quanah Gibson-Mount
<[EMAIL PROTECTED]> wrote:
So, I'm guessing not breaking recipient validation means adding aliases,
which I can't do, or the above bit about the domain and query, which I
also apparently can't do. I'll look into a policy service, thanks!
Ok, I've written a simple perl script policy service, that queries our LDAP
server if they are using an alias domain, and verifies the recipient
account exists. If it does, it returns "dunno" as the action to take.
What's the correct action to take if the account doesn't exist? Currently
I have "defer_if_permit Service temporarily unavailable".
Our smtpd_recipient_restrictions are: reject_non_fqdn_recipient,
permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination,
reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender,
check_policy_service unix:private/policy, permit
Finally, although I can test the script just fine from the command line,
I'm not 100% sure postfix is actually executing it. I added to master.cf:
policy unix - n n - 0 spawn
user=nobody argv=/usr/bin/perl /opt/zimbra/libexec/zmpostfixpolicyd
-v
and I modified the smtpd_recipient_restrictions as above, plus added
policy_time_limit = 3600 to main.cf.
I verified the unix socket exists:
[EMAIL PROTECTED] spool]# cd /opt/zimbra/data/postfix/spool/private/
[EMAIL PROTECTED] private]# ls -l policy
srw-rw-rw- 1 postfix postfix 0 Nov 25 11:59 policy
We have: queue_directory = /opt/zimbra/data/postfix/spool so that should be
the correct location.
However, when I connect to the SMTP port and send an email to a user, I
don't see that zmpostfixpolicyd is run. Shouldn't it be running on all
emails that come in, regardless of whether or not it takes action?
Thanks!
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
