Hi, So I rate limit my own users via postfwd in case a bot steals their credentials and sends spam via SMTP auth, sadly I don't yet have a good solution for limiting mails coming in via maildrop.
From what I see most people just replace the sendmail executable with a rate limited version, but I believe that can only reject mails, which most software probably won't handle correctly. Some also run another postfix instance (on the same system) so the originally maildroped mails now come in via SMTP, but that feels like a rather bad hack. Am I missing something obvious here or is there really no good solution yet? Assuming there isn't, here's my idea: What do you think about adding a simpler pickup_restrictions option and extending the SMTP policy protocol a bit by adding a userid field which in case of pickup (I believe only maildrop/sendmail/postdrop go into pickup) contains the id of the sending user? pickup_restrictions could work similar to smtpd_*_restrictions, except rejecting a mail should probably create a bounce to the sender since we can't reject anything at this stage, but what I'd really want is putting stuff on hold. As for the restrictions supported by pickup_restrictions, I think most smtp restrictions (maybe no rbl or helo checks) could be adapted. Does that sound like an idea worth implementing? PS: I don't see restrictions support for QMQP in the manpage so might make sense to add it there too.
signature.asc
Description: OpenPGP digital signature
