Hi I'm looking into limiting the amount of sent email per month or day from my server. I found two addons for postfix. PolicyD and postfwd2. I'm want to use postfwd but don't find some info. I know that I can limit the amount of send mails for everyone. But I need exclude some accounts from this rule. Can this be done with postfwd with rule priority that the rule that gives a user a higher limit, has higher priority than the lower rate limit for all users? Or do I need PolicyD for this?
I used only policyd until now to limit the amount of email, but it may work with postfwd as well, just try it out.
The limiting works in postfwd, but I can't find how to "disable" or give a bigger limit for specific emali in domain that has limit. id=RULE001; sasl_username=[email protected]; action=rate(sasl_username/5/600/REJECT only 5 recipients per 10 min for $$sasl_username); id=RULE002 sender_domain=mydomain.si action=rate(sender_domain/1/300/REJECT only 1 recipients per 5 min for $$sender_domain) So anyone knows if it's possible? I don't wan't to waste time on trying to figure out the imposible if I can try with a different program.
Ok I have not found a way to write a rule with postfwd that excludes a user from a specific rule. And I didn't get any awnser if this is possible with PolicyD (cluebringer). I also see that PolicyD uses a web interface and this can be a problem because I have a multiserver install that has web&mysql on first server and email on the second. So when using this http://wiki.policyd.org/installing guide should I install all on my web&mysql server and than on my mail server add check_policy_service inet:<web&mysql IP>:10031 instead of 127.0.0.1? Will the install guide work on Ubuntu 14.04. server, the database part?
Policyd has a configuration file which contains the mysql login details. So I would just install policyd locally on the mail server and then edit the policyd config file to use the mysql database on the first server. The web interface must have a config file as well, so you can install it on the web server and configure it to use the right database as well.
Ok... I think it's installed as you suggested. MAIL server: apt-get install postfix-cluebringer vi /etc/cluebringer/cluebringer.conf DSN=DBI:mysql:database=policyd;host=<hostname_of_db_server> DB_Type=mysql DB_Host=<hostname_of_db_server> DB_Port=3306 DB_Name=policyd Username=policyd Password=<password> Postfix /etc/postfix/main.cf: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_policy_service inet:127.0.0.1:10031, .... smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 WEB&MYSQL server: apt-get install postfix-cluebringer-mysql postfix-cluebringer-webui created the database added the user and imported the db tables. Edited /etc/cluebringer/cluebringer-webui.conf $DB_DSN="mysql:host=localhost;dbname=policyd"; $DB_USER="policyd"; $DB_PASS="<password>"; and created a alias so I can access the webui from mydomain.si/cluebringer I can create policies and they are stored correctly in the DB, but when I try to send mail I get errors: postfix/submission/smtpd[12655]: NOQUEUE: reject: RCPT from web.mydomain.si[ip]: 450 4.7.1 <[email protected]>: Recipient address rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ip> postfix/submission/smtpd[13012]: A24F3A0B09: reject: END-OF-MESSAGE from web.mydomain.si[ip]: 450 4.7.1 <END-OF-MESSAGE>: End-of-data rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ip> Any one any idea what I messed up?
I think I have. In my roundcube config.ini.php: $config['smtp_server'] = 'tls://bckmail.mydomain.si'; $config['smtp_port'] = 587; $config['smtp_user'] = '%u'; $config['smtp_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), ); $config['smtp_auth_type'] = 'PLAIN'; $config['smtp_pass'] = '%p'; Is $config['smtp_auth_type'] = 'PLAIN'; what you mean?
plain should be ok as auth mechanism. Does it start working again when you remove policyd from postfix config?
I installed policyd on a server of a customer some years ago, at that time I used these settings in postfix: Code: smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
Used your settings and it's the same. Can you look at my main.cf setup if I messed up something? The <my_hostname> is just to cover up my hostname. Code: smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no append_dot_mydomain = no smtpd_tls_cert_file = /etc/postfix/ispserver.pem smtpd_tls_key_file = /etc/postfix/ispserver.pem smtpd_tls_CAfile = /etc/postfix/ispserver.pem smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = bckmail.<my_hostname>.si alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = $myhostname mydestination = bckmail.<my_hostname>.si, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virt ual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes # Za PolicyD oz. cluebringer smtpd_end_of_data_restrictions #smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 #smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = may #smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 #smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings message_size_limit = 0 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_mandatory_ciphers = medium tls_medium_cipherlist = AES128+EECDH:AES128+EDH # DKIM # -------------------------------------- milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891
Figured the problem for mail reject problem. I had only the db user created for localhost, so it could not connect from the mail server. Sorry for wasting your time Till. Now I just have to see if it works for limiting mail.
And I think the policys are not working. Tryed out 1 quota limit from this how to http://uname.pingveno.net/blog/inde...pam,-using-cluebringer-(policyd)-with-Postfix. When I'm sending emails in the database the session_tracking table is getting filled but the quotas_tracking table is empty. My log is: Code: [2016/11/30-14:29:37 - 1372] [CBPOLICYD] NOTICE: Policyd v2 / Cluebringer - v2.0.11a-debian [2016/11/30-14:29:37 - 1372] [CBPOLICYD] NOTICE: Initializing system modules. [2016/11/30-14:29:37 - 1372] [CBPOLICYD] NOTICE: System modules initialized. [2016/11/30-14:29:37 - 1372] [CBPOLICYD] NOTICE: Module load started... [2016/11/30-14:29:37 - 1372] [CORE] NOTICE: => AccessControl: enabled [2016/11/30-14:29:37 - 1372] [CORE] NOTICE: => CheckHelo: enabled [2016/11/30-14:29:37 - 1372] [CORE] NOTICE: => CheckSPF: enabled [2016/11/30-14:29:37 - 1372] [CORE] NOTICE: => Greylisting: enabled [2016/11/30-14:29:37 - 1372] [CORE] NOTICE: => Quotas: enabled [2016/11/30-14:29:37 - 1372] [CORE] NOTICE: => Protocol(Postfix): enabled [2016/11/30-14:29:37 - 1372] [CORE] NOTICE: => Protocol(Bizanga): enabled [2016/11/30-14:29:37 - 1372] [CBPOLICYD] NOTICE: Module load done. [2016/11/30-14:29:37 - 1372] [CBPOLICYD] DEBUG: Opening syslog, destination = 'native', facility = 'mail'. [2016/11/30-14:29:37 - 1372] [CORE] NOTICE: 2016/11/30-14:29:37 cbp (type Net::Server::PreFork) starting! pid(1372) [2016/11/30-14:29:37 - 1372] [CORE] NOTICE: Binding to TCP port 10031 on host 127.0.0.1 with IPv4 [2016/11/30-14:29:37 - 1372] [CORE] INFO: Setting up serialization via flock [2016/11/30-14:29:37 - 1372] [CORE] INFO: Beginning prefork (4 processes) [2016/11/30-14:29:37 - 1372] [CORE] INFO: Starting "4" children [2016/11/30-14:29:37 - 1375] [CORE] DEBUG: Child Preforked (1375) [2016/11/30-14:29:37 - 1375] [CBPOLICYD] DEBUG: Starting up caching engine [2016/11/30-14:29:37 - 1372] [CORE] DEBUG: Parent ready for children. [2016/11/30-14:29:37 - 1377] [CORE] DEBUG: Child Preforked (1377) [2016/11/30-14:29:37 - 1377] [CBPOLICYD] DEBUG: Starting up caching engine [2016/11/30-14:29:37 - 1378] [CORE] DEBUG: Child Preforked (1378) [2016/11/30-14:29:37 - 1378] [CBPOLICYD] DEBUG: Starting up caching engine
I'm not that familar with policyd as I don't use it on my servers, you might want to ask the policyd developers if you need details on whch table contains which data for your configuration.
