Re: postfix-amavis-cyrus on multidomain ldap

Egoitz Aurrekoetxea <egoitz@xxxxxxxxxxxxx> · Wed, 6 Aug 2014 11:14:53 +0200

Hi!,
Take a look to : http://postfixquotareject.ramattack.net/

Best regards,

El 05/08/2014, a las 08:22, Bron Gondwana <brong@xxxxxxxxxxx> escribió:

On Mon, Aug 4, 2014, at 11:47 PM, Dan White wrote:
On 08/04/14 11:42 +0200, Gabriele Bulfon wrote:
Hi,
I've been using postfix-amavis-cyrus for years, with normal passwd+aliases mode.
We recently switched to virtual domains using ldap.
Because we don't want to mantain a virtual mailbox map for postfix, we decided to have
a vmailbox file like:
@domain1 allow
@domain2 allow
and have cyrus detect wrong destinations, via ldap.
What happens here, is that any quarantined mail by amavis (having very high score, that should
not even be reconsidered once qurantined) get back to postfix in some way, devliered to cyrus,
which in many cases is a wrong invented mailbox, so back to postfix wich sends back en error.
This was not happening before: a quarantined mail by amavis would be just quarantined.
No answer back. No delivery in the spam folder.
So first, my question is: why the mail is being delivered to postfix even if it's quarantined and
have a very high score?
Last question is about configuring vmailbox to lookup ldap.
I've seen many examples, but they all look for a single domain, while I have multiple domains
both in cyrus,ldap and postfix.
Exemples like this:
server_host = localhost
search_base = ou=Users,dc=example,dc=com
version = 3
scope = sub
query_filter = (mail=%s)
result_attribute = mail
are for just the example.com domain
How should I write the vmailbox ldap file to query different domains?

That approach, even if properly configured, may still lead to accepting and
queueing messages for mailboxes that are over quota.

A better approach is to use Postfix policy script which can query mailbox
state before accepting the message, such as by communicating with the smmap
socket.

This is what we do at FastMail - quota rejects at the edge using smmapd lookups,
and noquota on the lmtp deliveries internally.  Sure the user might accidentally get
over quota a bit, but it means we never generate bounce emails, so we can't be
used for backscatter in this way.

Bron.
-- 
 Bron Gondwana
 brong@xxxxxxxxxxx
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus