I installed and integrated policyd v2 (cluebringer) into my postfix installation. I use it for ratelimit sasl authenticated email senders (quota module) and greylisting not authenticated incoming mails.
The problem is, that I have to put the policy server in front of the smtpd_recipient_restrictions like that:
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unlisted_recipient
With this configuration the greylisting tracking of cluebringer gets filled with triples of recipients which does not have a corresponding virtual mailbox entry. The mails for these recipients could be rejected before the policy server checks greylisting and/or other things via cluebringer.
Setting reject_unauth_destination to the top will also reject sasl authenticated users. Setting also permit_sasl_authenticated to the top, then reject_unauth_destination and on third position check_policy_service inet:127.0.0.1:10031 it would resolve the greylisting problem, but then it is not possible to set a quota and/or accounting limit for sasl authenticated users in cluebringer.
Is there a way to optimize this configuation?
Thanks
