Postfix as Relay for Exchange, User overquota

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix as Relay for Exchange, User overquota

stefan novak
Hello!

we are using Postfix as our MX Server for several mailservers, mostly
dovecot. We have now implemented an exchange Server as well.

We are using the reject_unverified_recipient in combination with smtp
transport-table to submit the E-mail back to the exchange Server.
With our dovecot backends we can use the dovecot quota service in
combination with the check_policy_service that Mails from full
Mailboxes get rejected. How can i achieve this with our exchange
backend? Now the Mails get bounced, which is not very nice :/

Is there a way to tell postfix to accept the E-Mail only when the
exchange Server also wants to deliver it. Best will be when this works
only on quota, since somietims its good when the postfix in front
queue's the E-Mail. (Backend-Server reboot for patching...)

kind regards and sorry for my english ;)
Stefan
_______________________
www.epb.at - Your IT Partner in East Austria
Reply | Threaded
Open this post in threaded view
|

Re: Postfix as Relay for Exchange, User overquota

Wietse Venema
stefan novak:
> Is there a way to tell postfix to accept the E-Mail only when the
> exchange Server also wants to deliver it.

Postfix uses the RCPT TO command to find out if a server is willing
to accept the message.

In the case of Dovecot, there is a way to find out if a user is
over quota (talk to the quota service).

Unless there is a way to ask the Exchange server about quota status,
Postfix cannot find out whether a user isoverr their mail quota.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Postfix as Relay for Exchange, User overquota

Robert Schetterer-2
In reply to this post by stefan novak
Am 02.01.2018 um 19:59 schrieb stefan novak:

> Hello!
>
> we are using Postfix as our MX Server for several mailservers, mostly
> dovecot. We have now implemented an exchange Server as well.
>
> We are using the reject_unverified_recipient in combination with smtp
> transport-table to submit the E-mail back to the exchange Server.
> With our dovecot backends we can use the dovecot quota service in
> combination with the check_policy_service that Mails from full
> Mailboxes get rejected. How can i achieve this with our exchange
> backend? Now the Mails get bounced, which is not very nice :/
>
> Is there a way to tell postfix to accept the E-Mail only when the
> exchange Server also wants to deliver it. Best will be when this works
> only on quota, since somietims its good when the postfix in front
> queue's the E-Mail. (Backend-Server reboot for patching...)
>
> kind regards and sorry for my english ;)
> Stefan
> _______________________
> www.epb.at - Your IT Partner in East Austria
>

try this

https://sys4.de/de/blog/2013/04/08/postfix-dovecot-mailbox-quota/

but be aware aliases etc may not have a mailbox quota, also the blog is
old ,things may have changed , you may should cover the used port by vpn
, ssltunnel etc

more

https://www.dovecot.org/list/dovecot/2016-July/104830.html
https://wiki2.dovecot.org/Quota


Best Regards
MfG Robert Schetterer

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Reply | Threaded
Open this post in threaded view
|

Re: Postfix as Relay for Exchange, User overquota

stefan novak
thx, i've implemented that already for dovecot.

but i have the quota problem with users that are on our exchange
server backend (it doesnt support this quota service)

is there a way to tell postfix that it accepts only mail on the
frontend when the backend server (transport smtp destination) says
that everything with this dst address is ok?
a advanced "reject_unverified_recipient" method with the full header
or something like that?

kind regards,
Stefan
_______________________
www.epb.at - Your IT Partner in East Austria
Reply | Threaded
Open this post in threaded view
|

Re: Postfix as Relay for Exchange, User overquota

Wietse Venema
stefan novak:

> thx, i've implemented that already for dovecot.
>
> but i have the quota problem with users that are on our exchange
> server backend (it doesnt support this quota service)
>
> is there a way to tell postfix that it accepts only mail on the
> frontend when the backend server (transport smtp destination) says
> that everything with this dst address is ok?
> a advanced "reject_unverified_recipient" method with the full header
> or something like that?

If you want Postfix to block mail for an over-quota EXCHANGE user,
then Postfix needs to find out whether an EXCHANGE user is over
quota. Does EXCHANGE support such queries? Dovecot does, though a
quota service.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Postfix as Relay for Exchange, User overquota

Matus UHLAR - fantomas
In reply to this post by stefan novak
On 02.01.18 19:59, stefan novak wrote:
>We are using the reject_unverified_recipient in combination with smtp
>transport-table to submit the E-mail back to the exchange Server.
>With our dovecot backends we can use the dovecot quota service in
>combination with the check_policy_service that Mails from full
>Mailboxes get rejected. How can i achieve this with our exchange
>backend? Now the Mails get bounced, which is not very nice :/

does exchange use temporary rejection for over-quota accounts?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Remember half the people you know are below average.
Reply | Threaded
Open this post in threaded view
|

Re: Postfix as Relay for Exchange, User overquota

Viktor Dukhovni
On Wed, Jan 03, 2018 at 02:42:58PM +0100, Matus UHLAR - fantomas wrote:
> On 02.01.18 19:59, stefan novak wrote:
> > We are using the reject_unverified_recipient in combination with smtp
> > transport-table to submit the E-mail back to the exchange Server.
> > With our dovecot backends we can use the dovecot quota service in
> > combination with the check_policy_service that Mails from full
> > Mailboxes get rejected. How can i achieve this with our exchange
> > backend? Now the Mails get bounced, which is not very nice :/
>
> does exchange use temporary rejection for over-quota accounts?

More precisely, the OP should report the complete (unmodified except
for the recipient address where it is fine to hide the localpart)
response from the exchange server for an over-quota mailbox, and a
second response for a non-existent mailbox.

It should be possible to configure the address verification transport
used with Exchange (with care) to treat these appropriately, while
ignoring most other failures:

    http://www.postfix.org/postconf.5.html#smtp_delivery_status_filter
    http://www.postfix.org/postconf.5.html#default_delivery_status_filter

The address-verification positive cache time would need to be
sufficiently short to detect most quota-violations promptly.

Inbound quota violations could be made less frequent by having a
separate (lower) hard limit for sending mail than for receving
mail.  A user who exceeds the "send" hard limit would be unable to
send mail until disk-usage is reduced below the quota soft limit,
but would still be able to receive mail.   Presumably users would
take prompt action to be able to send email, and would then avoid
having any inbound email bounced.

I don't know whether Exchange supports limits of this type.

--
        Viktor.