postfix-amavis-cyrus on multidomain ldap

Egoitz Aurrekoetxea egoitz at ramattack.net
Wed Aug 6 05:14:53 EDT 2014 

Hi!,

Take a look to : http://postfixquotareject.ramattack.net/

Best regards,

El 05/08/2014, a las 08:22, Bron Gondwana <brong at fastmail.fm> escribió:

> On Mon, Aug 4, 2014, at 11:47 PM, Dan White wrote:
>> On 08/04/14 11:42 +0200, Gabriele Bulfon wrote:
>>> Hi,
>>> I've been using postfix-amavis-cyrus for years, with normal passwd+aliases mode.
>>> We recently switched to virtual domains using ldap.
>>> Because we don't want to mantain a virtual mailbox map for postfix, we decided to have
>>> a vmailbox file like:
>>> @domain1 allow
>>> @domain2 allow
>>> and have cyrus detect wrong destinations, via ldap.
>>> What happens here, is that any quarantined mail by amavis (having very high score, that should
>>> not even be reconsidered once qurantined) get back to postfix in some way, devliered to cyrus,
>>> which in many cases is a wrong invented mailbox, so back to postfix wich sends back en error.
>>> This was not happening before: a quarantined mail by amavis would be just quarantined.
>>> No answer back. No delivery in the spam folder.
>>> So first, my question is: why the mail is being delivered to postfix even if it's quarantined and
>>> have a very high score?
>>> Last question is about configuring vmailbox to lookup ldap.
>>> I've seen many examples, but they all look for a single domain, while I have multiple domains
>>> both in cyrus,ldap and postfix.
>>> Exemples like this:
>>> server_host = localhost
>>> search_base = ou=Users,dc=example,dc=com
>>> version = 3
>>> scope = sub
>>> query_filter = (mail=%s)
>>> result_attribute = mail
>>> are for just the example.com domain
>>> How should I write the vmailbox ldap file to query different domains?
>> 
>> That approach, even if properly configured, may still lead to accepting and
>> queueing messages for mailboxes that are over quota.
>> 
>> A better approach is to use Postfix policy script which can query mailbox
>> state before accepting the message, such as by communicating with the smmap
>> socket.
> 
> This is what we do at FastMail - quota rejects at the edge using smmapd lookups,
> and noquota on the lmtp deliveries internally.  Sure the user might accidentally get
> over quota a bit, but it means we never generate bounce emails, so we can't be
> used for backscatter in this way.
> 
> Bron.
> -- 
>  Bron Gondwana
>  brong at fastmail.fm
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20140806/39d285b8/attachment.html

More information about the Info-cyrus mailing list