Thank you very much, this is most useful.
One more question, if I may - besides full mailboxes, there is also a
problem with domain aliases containing non-existent mailboxes.
For example, I have this definition in virtual_mailbox_domains:
@prefix.domain.com @domain.com
That means mail to u...@prefix.domain.com is delivered to u...@domain.com.
However, if u...@domain.com does not exist, the Postfix that handles
incoming mail accepts the mail, passes it to DSpam, and only Dovecot-lda
finds out that the actual mailbox does not exist, and an error mail is
generated.
I would like to limit backscatter mail generated by my server, because I
have found out that there are attacks employing bogus domains that put
the target machine into their MX records and then send mails from these
bogus domains to users with full mailboxes, etc, which results in
flooding of the target server with backscatter mail.
So, is there a way for the postfix to determine that a particular
mailbox @prefix.domain.com will accept the incoming mail, before it
accepts the mail and hands it over to DSpam?
I am sorry, I have the feeling that I have overlooked something basic
here, but I have spent much time on this problem, and I promise this is
my last question regarding the topic.
Thank you very much in advance for any hints.
--
S pozdravem,
Daniel Ryšlink
System Administrator
Dial Telecom a. s.
Křižíkova 36a/237
186 00 Praha 3, Česká Republika
Tel.:+420.226204627
daniel.rysl...@dialtelecom.cz
-----------------------------------------------
www.dialtelecom.cz
Dial Telecom, a.s.
Jednoduše se připojte
-----------------------------------------------
On 18.9.2017 14:31, Christian Kivalo wrote:
On 2017-09-18 14:21, Daniel Ryšlink wrote:
Hello,
I am trying to solve a problem with error mails clogging my queue on a
system with the following components:
Incoming mail -> Postfix -> DSpam -> reinjection back to postfix queue
-> Dovecot LDA
The system also handles outgoing mail for non-local users, for any
mail address not found in a table of local users, Postfix just tries
to deliver it according to the MX records.
However, the Postfix handling the incoming messages for local users
(before DSpam) has incomplete information whether the local delivery
will be successful. I would like to immediately reject mails for
mailboxes that are full, for example, but the Postfix does not have
this information. That means that the mail is initially accepted,
passed to DSPam, and only the Dovecot LDA founds out that the mailbox
is full, and generates an error mail message, that is often not
deliverable and clogs the mailqueue.
I would like to reject as many mails as possible during the intial
SMTP session, as a part of the "check_recipient_access" phase. Is
there any way for Postfix to ask dovecot-lda "Will you be able to
locally deliver a message to this user"? I have read dovecot-lda man
page, but did not find any option of "dry" or test delivery. I
understand that Postfix can use a "policy server" - an external script
or daemon that could query dovecot for this information, but so far I
have failed to find a proper way to query dovecot to find out if a
specific mail would be deliverable.
Dovecot provides a quota service, a policy service that can be used by
postfix.
Take a look at the dovecot wiki for the quota service:
https://wiki2.dovecot.org/Quota
From the wiki:
Quota service
The quota service allows postfix to check quota before delivery:
service quota-status {
executable = quota-status -p postfix
inet_listener {
port = 12340
# You can choose any port you want
}
client_limit = 1
}
And then have postfix check_policy_service check that:
smtpd_recipient_restrictions =
...
check_policy_service inet:mailstore.example.com:12340
For more about this service see
https://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/
I know I will be probably referred to Dovecot mailing lists, but I
thought some of you could know the answer.
Thank you in advance for any hint or advice.
--
S pozdravem,
Daniel Ryšlink
System Administrator
Dial Telecom a. s.
Křižíkova 36a/237
186 00 Praha 3, Česká Republika
Tel.:+420.226204627
daniel.rysl...@dialtelecom.cz
-----------------------------------------------
www.dialtelecom.cz
Dial Telecom, a.s.
Jednoduše se připojte
-----------------------------------------------
