On Thu, Apr 10, 2014 at 02:38:32AM +0000, Rob Tanner wrote:
> The policyd daemon is a perfect tool for setting quotas (i.e., number
> of message per hour, day, etc). The problem is that we depend
> heavily of Postfix's extraordinary ability to do LDAP based aliasing
> of groups and when it each resulting message get counting against
> the sender. Is there some nice trick I can do so that the
> check_policy_service runs only once, before the lists are exploded?
You can run the relevant policy check from smtpd_data_restrictions
instead of smtpd_recipient_restrictions. The alias expansion clearly
takes place upstream since policyd processing in smtpd(8) preceeds
virtual alias expansion in cleanup(8).
> smtpd_recipient_restrictions =
> hash:/etc/postfix/protected_destinations,proxy:ldap:limittag
> check_client_access hash:/etc/postfix/client_checks
> check_policy_service inet:127.0.0.1:10031
> permit_mynetworks
> reject_unauth_destination
> reject_invalid_hostname
> reject_non_fqdn_recipient
> reject_unknown_sender_domain
> reject_unknown_recipient_domain
> reject
>
> smtpd_end_of_data_restrictions =
> check_policy_service inet:127.0.0.1:10031
This is both too early and too late. Apply the relevant check in
smtpd_data_restrictions, however you won't see each recipient in
turn. It may also be possible to detect multiple recipients for
the same envelope in a policy request and consildate the counts.
--
Viktor.
