1

I'm trying to solve problem with some blackscatter-like attacks, when spammer send email with real person From or Reply-To address to an account with quota exceeded.
This situation previously generated bounce message from Dovecot, being send to that person (and occasionally marked as SPAM) so I implemented dovecot as a policy service (check_policy_service) which checks if account in "To" field has some free space for messages, otherwise it returns 550 during SMTP connection.
Unfortunately it doesn't work when there is an alias in "To" field, which may forward message to one or more real accounts. So first check returns OK but then after message was queued, when it goes to real account which quota is full, there is bounce message generated again.

I can write an SQL checking if any of alias destinations has quota exceeded, but it could cause revoking connection to alias which is connected to many accounts but only one with quota exceeded.

Is there any good solution to this?

Dawid Moś
  • 226
  • 1
  • 8
  • I think you're on the right track, did you see http://dovecot.2317879.n4.nabble.com/Postfix-aliases-with-quota-status-service-td43511.html – Jacob Evans Dec 14 '16 at 15:16
  • Yes, but it works only if message is addressed to physical account (not to an alias). We have situations when one alias redirects messages to multiple accounts. What then? – Dawid Moś Dec 14 '16 at 15:20
  • I updated a second link, looks like they used an ldap filter, where are your users stored? – Jacob Evans Dec 14 '16 at 15:21
  • In MySQL database. The problem is that redirecting email from alias to physical accounts is made asynchronously (after disconnecting client server) and there is no error code generation possible during the client connection but bounce message instead. – Dawid Moś Dec 14 '16 at 15:25
  • right, the forum suggests you make all accounts (alias or user) in dovecot and not postfix. – Jacob Evans Dec 14 '16 at 15:38
  • What do you mean "make account"? Accounts exists in database and are used by both postfix and dovecot. – Dawid Moś Dec 14 '16 at 15:40
  • The URL posted above on nabble.com is no longer available, but can be found in the Internet Archive at https://web.archive.org/web/20140228060356/http://dovecot.2317879.n4.nabble.com/Postfix-aliases-with-quota-status-service-td43511.html – FliesLikeABrick Dec 09 '22 at 03:01

0 Answers0