Hi We have a setup where we use a check_policy_service in smtpd_end_of_data_restrictions to track the rate users are receiving emails.
Recently a user came under attack from someone using a distributed set of compromised websites. Fortunately it was fairly easy to find a header in the majority of emails to block on, so I added a pcre REJECT rule in our header_checks. The problem is that even though the REJECT in header_checks works to have the email rejected, the check_policy_service still runs in the smtpd_end_of_data_restrictions phase, which increases the receipt count for that user, even though we didn't actually accept the email. Now I can see that running the check_policy_service is still actually the right thing to do, and thought that something would be passed in one of the parameters to the policy service with a "current_action" or something like that, but from what I can see, there is no such parameter. Am I missing something? Is there no way to tell in the smtpd_end_of_data_restrictions check_policy_service request if the message is going to be REJECTed by header_checks anyway? Or are the header_checks run after the smtpd_end_of_data_restrictions? Is there any way to have them run before? Can we add a "current_action" parameter to the policy protocol so a policy daemon knows if the message is going to be REJECTed or not? -- Rob Mueller r...@fastmail.fm
