Re: TLS - Certificate not Trusted
> >> On Mon, 2010-01-11 at 11:04 -0500, Dennis Putnam wrote: > >>> I want to enforce TLS but I don't care what certificate the receiver > >>> uses. Thanks. > >> Apart from the fact that enforcing TLS with SMTP is usually a bad idea, > >> [..] Why is TLS w/ SMTP a bad idea? -- Noah Sheppard Assistant Computer Resource Manager Taylor University CSE Department nshep...@cse.taylor.edu
Re: SMTP AUTH issue
On Wed, Jan 13, 2010 at 05:21:09AM +0530, Atevewr wrote: > [..] > If smtp authentication is on & the client connects through a EHLO > session, then the authentication goes fine and the user is > authenticated, but if he connects through a simple HELO session, then > he is able to send a mail without any authentication? > How can i disable the HELO command or basically only allow EHLO sessions? >From what you've said, it sounds like you actually just want to prevent sending mail without authentication. If that is the case, use smtpd_client_restrictions = permit_sasl_authenticated, reject Only authenticated clients will be allowed to send mail. Cheers, -- Noah Sheppard Assistant Computer Resource Manager Taylor University CSE Department nshep...@cse.taylor.edu
Re: Email address with leading whitespace rejected
On Fri, Jan 22, 2010 at 09:40:58AM -0330, Doug Robbins wrote: > Is there something I can do to avoid these rejections (other than > the obvious -- get dba...@example2.com to fix his address book)? A milter could remove recipients with spaces and add back ones without spaces. To do it completely cleanly, I think you'd also need to mess with message headers (so that all recipients saw corrected To and Cc headers, since smfi_addrcpt and smfi_delrcpt mess with the envelope, not the headers). Much, much better would be to get dbaron to fix his address book :) -- Noah Sheppard Assistant Computer Resource Manager Taylor University CSE Department nshep...@cse.taylor.edu
sane filesystem quotas with maildir
Postfix users,
I am attempting to set up postfix such that using filesystem quotas on
users' mail spaces (a directory whose subdirectories are maildirs).
After RTF{manual, google, list archives}, I haven't been able to find
any good way to do this.
A problematic requirement is that we can't let the user go over their
soft quota, because if they do and their grace runs out, they will be
unable to free up space via IMAP, since common IMAP clients try to copy
messages to Trash as part of the deletion process.
I've thought through the following possibilities, with the given
problems:
1-mailbox_size_limit: ineffective; I'm using maildir, and that's not
filesystem-based anyway.
1-A milter/access policy which checks per recipient to make sure this
message will not put them over quota: fail, we don't know the size of
the message at the point in the SMTP exchange where we can reject
individual users.
2-Same as (1) but assume that the message is message_size_limit large:
annoying because it essentially makes an amount of the users's space
unusable
2-A milter/access policy which checks after end of data to make sure
this message won't put users over quota: fails because this would mean
rejecting the message for all local recipients just because one was over
quota.
3-Just setting quotas and letting procmail fail to deliver the message
and generate a bounce message: fails because postfix keeps trying to
deliver the message for a long time; we would like a relatively quick
fail and notification.
4-Another item in our mailbox_command pipeline which checks the users'
quota and rejects if the message would put them over it: kind of works,
but there is no return code for the command to use to tell procmail that
the delivery failed due to quota issues, causing a proper DSN 5.2.2 to
be returned. Also, the bounce message this generates is a type of
backscatter, though it may be unavoidable because of how the SMTP
protocol works (recipients before message size).
(4) seems to me to be the most promising, if there were a way to have my
quota-checking script tell Postfix to send a 5.2.2 DSN.
Has anybody else dealt with this and prevailed?
Thanks much,
--
Noah Sheppard
Assistant Computer Resource Manager
Taylor University CSE Department
nshep...@cse.taylor.edu
Re: sane filesystem quotas with maildir
On Thu, Dec 17, 2009 at 05:53:13PM -0500, Wietse Venema wrote: > Noah Sheppard: > > [..] postfix keeps trying to deliver the message for a long time > > procmail returns a TEMPORARY error condition to Postfix. > Don't blame Postfix for procmail brain damage. > Understood. Actually, this was our fault as we have the '-t' switch on our procmail command, so procmail exits with EX_TEMPFAIL rather than EX_CANTCREAT. As there is no exit code to tell postfix that delivery failed due to quota issues, is there any other way to insert a hook which checks and rejects on a per-user basis after we know the size of the message, and can tell postfix to return a 5.2.2 DSN? Thanks, -- Noah Sheppard Assistant Computer Resource Manager Taylor University CSE Department nshep...@cse.taylor.edu
Re: sane filesystem quotas with maildir
On Fri, Dec 18, 2009 at 10:46:13AM -0500, Wietse Venema wrote: > > As there is no exit code to tell postfix that delivery failed due to > > [..] is there any other way to [..] tell postfix to return a 5.2.2 DSN? > > [..] sending something to stdout that begins with a 5.2.2 status code. Thanks. This does exactly what I'm looking for. -- Noah Sheppard Assistant Computer Resource Manager Taylor University CSE Department nshep...@cse.taylor.edu
