postfix-amavis-cyrus on multidomain ldap
Bron Gondwana
brong at fastmail.fm
Tue Aug 5 02:22:25 EDT 2014
On Mon, Aug 4, 2014, at 11:47 PM, Dan White wrote:
> On 08/04/14 11:42 +0200, Gabriele Bulfon wrote:
> >Hi,
> >I've been using postfix-amavis-cyrus for years, with normal passwd+aliases mode.
> >We recently switched to virtual domains using ldap.
> >Because we don't want to mantain a virtual mailbox map for postfix, we decided to have
> >a vmailbox file like:
> >@domain1 allow
> >@domain2 allow
> >and have cyrus detect wrong destinations, via ldap.
> >What happens here, is that any quarantined mail by amavis (having very high score, that should
> >not even be reconsidered once qurantined) get back to postfix in some way, devliered to cyrus,
> >which in many cases is a wrong invented mailbox, so back to postfix wich sends back en error.
> >This was not happening before: a quarantined mail by amavis would be just quarantined.
> >No answer back. No delivery in the spam folder.
> >So first, my question is: why the mail is being delivered to postfix even if it's quarantined and
> >have a very high score?
> >Last question is about configuring vmailbox to lookup ldap.
> >I've seen many examples, but they all look for a single domain, while I have multiple domains
> >both in cyrus,ldap and postfix.
> >Exemples like this:
> >server_host = localhost
> >search_base = ou=Users,dc=example,dc=com
> >version = 3
> >scope = sub
> >query_filter = (mail=%s)
> >result_attribute = mail
> >are for just the example.com domain
> >How should I write the vmailbox ldap file to query different domains?
>
> That approach, even if properly configured, may still lead to accepting and
> queueing messages for mailboxes that are over quota.
>
> A better approach is to use Postfix policy script which can query mailbox
> state before accepting the message, such as by communicating with the smmap
> socket.
This is what we do at FastMail - quota rejects at the edge using smmapd lookups,
and noquota on the lmtp deliveries internally. Sure the user might accidentally get
over quota a bit, but it means we never generate bounce emails, so we can't be
used for backscatter in this way.
Bron.
--
Bron Gondwana
brong at fastmail.fm
More information about the Info-cyrus
mailing list