Figured it out. Returning a "DUNNO" from the policy service for valid under-quota and unknown users causes postfix to proceed to the checking of aliases/users. This allows the mailbox over-quota rejection to work successfully for valid users, and allows virtual aliases to be accepted while denying messages to over-quota users. Although aliases that deliver to an over-quota user are also accepted, but that's another investigative trip to the manual. Thanks.
On Sat, Jul 13, 2013 at 6:09 PM, Wietse Venema <wie...@porcupine.org> wrote: > Cassidy Larson: > > I'm trying to get check_policy_service working right by returning an > error > > on a full mailbox to avoid back scatter. The check_policy_service works > > fine, except when it comes to virtual alias mappings. When running the > > check_policy_service on the virtual alias user my > > smtpd_recipient_restrictions throws back a: > > > > 554 5.7.1 <al...@host.com>: Recipient address rejected: Unknown user > > "Unknown user" is not a Postfix response. You must be getting > that text from the policy service. > > Wietse > > > smtpd_recipient_restrictions = > > reject_non_fqdn_recipient, > > reject_unlisted_recipient, > > reject_unauth_destination, > > check_policy_service inet:10.10.10.10:12340, > > permit_auth_destination, > > reject > > > > Is there any way of permitting virtual users before the check_policy_user > > on the smtpd_recipient_restrictions? Or is there another place I should > be > > doing the check_policy_service Quota check? > > > > The goal is to reject over-quota mailboxes before the message is > accepted, > > but currently it's rejecting valid Virtual Alias addresses. > > > > Any solutions or pointers? > > > > Thanks, > > > > -c >
