Rahul Dhesi:
> On Fri, 5 Feb 2021, Wietse Venema wrote:
>
> > Postfix is a pipeline of processes; some processes transform addresses
> > before a message is queued (canonical_maps, virtual_alias_maps),
> > and some transform addresses in the delivery agent (alias_maps,
> > $HOME/.forward files). It is not practical for an SMTP daeamon to
> > predict what all those transformations will do without gaping
> > security holes like opensmtpd. ...
>
> Thanks. I was hoping there might be some easy way to duplicate what the
> Postfix smtpd does when it does check_recipient_access or when it rejects
> a recipient not found in the local recipient table. Because I think in
> these cases it is doing all or almost all table lookups.
SMTPD does NOT know what user is receiving the message.
SMTPD asks if the RCPT TO address exists in canonical_maps, or
in virtual_alias_maps, or maybe if the localpart exists in
alias_maps and /etc/passwd.
For quota control, it is necessary to know EXACTLY what local user(s)
will receive the email. That means EXACTLY processing canonical_maps,
virtual_alias_maps, alias_maps and $HOME/.forward.
So how would you propose for SMTPD to figure that out? I mentioned
the idea of maintaining a cache with RCPT TO -> mailbox mappings.
> My fallback may be to have a cron job periodically query quotas and add a
> rejection entry that check_recipient_access will find. But a lot of
> overhead there.
If you aliasing is simple enough, you can query the virtual alias
map from the policy server. But I repeat myself.
Wiets
