Wietse Venema:
> On Wed, Sep 19, 2012 at 02:24:13PM +1000, Brock Henry wrote:
> > I have created a policy service, which checks quota, returning
> > 'reject' if the mailbox is full, and 'dunno' otherwise.
> >
> > smtpd_(data|recipient)_restrictions =
> > check_policy_service unix:private/checkfull
> >
> > And it's all working fine.
> >
> > However, I only want that policy to trigger for incoming mail -
> > mail for which I am the final destination.
> >
> > For outgoing mail (from my customers to elsewhere), I don't want to
> > trigger that policy at all.
> >
> > I can't work out how I can do that.
>
> Short reply:
>
> Use the check_policy_service command after reject_unauth_destination.
Note: check_policy_service will inspect individual recipients only
when used under smtpd_{client,helo,sender,recipient}_restrictions.
For example:
smtpd_recipient_restrictions =
...
reject_unauth_destination
check_policy_service
...
However when used under smtpd_data_restrictions, check_policy_service
will inspect only one recipient (single-recipient mail) or none at all
(multi-recipient mail). There is no way to inspect multiple recipients
at "data" or "end-of-data" time. Primarily, because SMTP doesn't allow
different replies for different recipients at this protocol stage.
Wietse
> Long reply:
>
> Conceptually, smtpd_mumble_restrictions implements a sequence of
> filters.
>
> In this case, reject_unauth_destination filters out all destinations
> that you aren't primary or backup MX host for.
>
> So, by the time that evaluation reaches check_policy_service after
> reject_unauth_destination, there are no outgoing mail destinations.
>
> Wietse
>
