Hi there, OS version is Ubuntu 16.04.6 LTS ISPConfig version is 3.1dev I run a catchall email service and I recently had a mail user create a fetch of his own email (the ispconf3 email assigned to him) which caused the whole system to eventually lock up/loop trying to deliver his email to him. They are also a high traffic user 20-40GB traffic a month which just made it worse. I went and deleted the fetch config for him and am currently clearing out the queue for all getmail@mail...(thinks the email is a link and wont let me post it) but was wondering is it possible to put domain restrictions on the fetch feature to prevent this from happening in the future? Thanks
Implementing imapsync would resolve that for IMAP accounts. I don't see how to implement domain restrictions. Eg. when using fetchmail, usually the username is the same on the old and new server, and usually includes the domain. Limiting the name of the remote server might be of limited use, eg. a mail server could refuse to pull mail if the remote server name is identical to the hostname (or is localhost) and the username = destination the mailbox name. It's pretty easy to think of valid use cases which use the address' domain in the server name, or using IP addresses, or router port forwards that make this less trivial than it might seem at first. But maybe come up with very specific parameters on when to not allow fetchmail, and file a feature request. On a related note, dovecot can deduplicate folders which you could do from a cron job. I don't see that it can be done at message delivery time right offhand.
The issue was when the guy was fetching his own inbox i.e. fetch mail@catchall to mail@catchall Its working fine for mail@domain1, mail@domain2, mail@domain3, mail@domain4, mail@domain5 to mail@catchall I guess I just need to prevent someone from fetching the same email account as the one they are logged into as when the last guy did it I ended up had to purge over 807k emails from queue (stuck in loop and around 25GB). I also dont give access to the ispconfig panel but have them use the webmail plugin. If I cant restrict it in ispconfig I might have to look into editing the plugin. Will look through the code and see if its possible as I would prefer it on ispconfig end vs the plugin.
