-
Notifications
You must be signed in to change notification settings - Fork 1
Postfix Policy Server Notes
dbmail-postfix-policyd tries not to cause any lost mail. It will only refuse to accept a message when it can identify all recipients of the message (including recursive mail forwards / alias lookups), and every one of them would exceed their quota if the message were allowed.
In testing, if dbmail-postfix-policyd dies, postfix will temporarily refuse to accept new mail, so no mail is actually lost, it would only be delayed.
I noticed behavior in postfix that will cause dbmail-postfix-policyd to not check quotas at times. Postfix can check a policy server at RCPT time, for each individual recipient, but it doesn't always know the message size at this point (it's up to the client to provide that, which doesn't always happen, nor is it completely trustworthy). It can also check a policy server at END-OF-MESSAGE time, once for all recipients, and the message size is always known. However when checking at END-OF-MESSAGE for multiple recipients, the recipient list is not available, only a total recipient_count.
So if a ESMTP client provides the message size, we can reject it on a per-recipient basis, but if it doesn't, and the message has multiple recipients, we can't check anything and must accept it. If you still see some undeliverable over-quota bounces in your mail queue, this could be why. I'd be interested in workarounds.