--On Wednesday, September 04, 2013 3:21 PM -0500 "/dev/rob0"
<[email protected]> wrote:
On Wed, Sep 04, 2013 at 01:06:52PM -0700, Quanah Gibson-Mount wrote:
Previous to Postfix 2.10 and the split between
smtpd_relay_restrictions and smtpd_recipient_restrictions, our
policy service check was in smtpd_recipient_restrictions, and
applied to both incoming and outgoing mail. With 2.10, in my
efforts to do things correctly, I have left the policy service on
port 25 with smtpd_recipient_restrictions, but for the submission
port I have:
-o smtpd_recipient_restrictions=
to strip it out. However, one of the things the policy service
(cluebringer/cpbolicyd) offers is rate limiting, which some clients
want to implement on their outgoing email.
Now, I could modify master.cf so it has:
-o smtpd_recipient_restrictions=<policy service bits>
but I was wondering if, for the submission port, there was a
different recommended method.
Do you have the same cbpolicyd handling both submission and MX? I
suppose that's fine, but it makes your policies a bit harder to
maintain and master.
Yeah, we do it this way currently, and in looking at this, it did occur to
me that we really should have two separate instances, one for incoming and
one for outgoing, in the long term.
If so, I think I'd move it off to some other restriction stage that
could be shared among both/all smtpd instances.
smtpd_sender_restrictions=<policy service bits>
(and no -o to unset it for submission)
Ok, thanks!
--Quanah
--
Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
