feat(submission): check user quota recipient restriction
Check the users quota before accepting the mail for delivery.
If the user belongs to the server, the user wont send the message,
nor save it for it only to be rejected at a later stage.
Current rules and order as follows:
1. reject_non_fqdn_recipient
Require recipient to be in FQDN format so the message can
be routed.
2. reject_unknown_recipient_domain
Prevent mail from being sent to a random location that can't
be found.
3. check_policy_service,unix:private/quota
If the mail is for a local user and their mailbox is full, reject
the mail.
This allows the sender not to recieve a bounce message for
a message that wasn't actually sent.
4. permit_sasl_authenticated
A user of the mail server can send E-Mail to anyone as long as
it passes the filters above.
5. reject
Reject any further mail, as they clearly are not a user of the
mail server.
MR !7
This commit is contained in:
@ -28,7 +28,7 @@ submission inet n - y - - smtpd
|
||||
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
|
||||
-o smtpd_sender_login_maps=ldap:/etc/postfix/ldap/smtpd_sender_login_maps,ldap:/etc/postfix/ldap/smtpd_sender_login_maps_groups
|
||||
-o smtpd_sender_restrictions=reject_sender_login_mismatch
|
||||
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
|
||||
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,check_policy_service,unix:private/quota,permit_sasl_authenticated,reject
|
||||
-o cleanup_service_name=privacy
|
||||
-o content_filter=amavis:[127.0.0.1]:10023
|
||||
|
||||
|
||||
Reference in New Issue
Block a user