On Sep 17, 2014, at 2:19 PM, Wietse Venema <wie...@porcupine.org> wrote:
>> CSS: >> Quick question? >> >> I finally decided to build a web UI for our support guys to be >> able to manually kill relaying for compromised accounts using the >> new check_sasl_access >> (http://www.postfix.org/postconf.5.html#check_sasl_access) feature >> introduced in 2.11. >> >> A thread regarding this is here: >> http://thread.gmane.org/gmane.mail.postfix.user/245474 >> >> So this does work - in my main mail account db table I added a >> column. If it's empty, then the user is OK. If it contains >> something like 'REJECT 5.7.1 Account Compromised' then that error >> is returned to the sender, and all is well. > > Postfix does not accept empty responses. If you want to report "not > found" then that is what the database should respond with. If you > cannot do that, then return DUNNO for the Postfix access map, and > return something else human users. Got it. Just did a quick test and DUNNO as a response seems to work. I manually set my policyd tracking to look like Id sent 8,000 emails in the last 30 minutes and my checks properly went past the DUNNO and on to the REJECT from the policyd service. I often get confused about the difference between responses from a policy check and an access check. I guess they are basically the same. Thanks so much, Charles > > Wietse
