On Wed, Sep 19, 2012 at 02:24:13PM +1000, Brock Henry wrote: > I have created a policy service, which checks quota, returning > 'reject' if the mailbox is full, and 'dunno' otherwise. > > smtpd_(data|recipient)_restrictions = > check_policy_service unix:private/checkfull > > And it's all working fine. > > However, I only want that policy to trigger for incoming mail - > mail for which I am the final destination. > > For outgoing mail (from my customers to elsewhere), I don't want to > trigger that policy at all. > > I can't work out how I can do that.
This can be done with restriction classes. http://www.postfix.org/RESTRICTION_CLASS_README.html It's also a good illustrator of why you should separate your submission and MX streams. The simple way is to force all users onto the submission port, to beat your users into submission, you might say. :) Different -o options to the different smtpd(8) instances in master.cf makes this all rather easy. It can also be done with submitting users on port 25 (ugh), by separating the IP addresses. Publish one port 25 as your MX, give users another one for submission. > Related info. > 'My customers' may be sasl, mynetworks, or OK'd via an access file. Um, this access file does not sound like a good idea, but since no information was provided, I won't comment further. And the rest of your post seems irrelevant. > I am using virtual users, and virtual domains. > virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf > virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf > virtual_transport = dovecot > > It _works_ as I currently have it, but the policy is performing > unnecessary ldap lookups, which I'd like to (and probably NEED to) > avoid. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
