NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2007-07

Re: Use of policyd

From: Alejandro Cabrera Obed (acabrerasintys.gov.ar)
Date: Fri Jul 27 2007 - 13:43:13 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

John Beaver wrote:
> Alejandro Cabrera Obed wrote:
>> John Beaver wrote:
>>> Alejandro Cabrera Obed wrote:
>>>> Dear people, I want to use policyd in order to set up message size
>>>> limits to my virtual domain mail users. I installed postfix-policyd,
>>>> configured postfix-policyd.conf for sender throttling, setup de
>>>> throttle
>>>> table from mysql with users/message_sizes but I don't know how to
>>>> set up
>>>> the main.cf from postfix.
>>>>
>>>> In my actual main.cf I have:
>>>>
>>>> smtpd_recipient_restrictions =
>>>> check_recipient_access hash:/etc/postfix/access
>>>> check_policy_service inet:127.0.0.1:10031
>>>> permit_mynetworks
>>>> reject_unauth_destination
>>>>
>>>> What rules do I have to add in the smtpd_recipient_restrictions and in
>>>> which order ???
>>> I answered you on the policyd list but I guess your still having
>>> issues.
>>> One thing I did not mention which could be an issue with you. Most
>>> email clients (read outlook, outlook express, and others) do NOT
>>> provide the size of the email during transmission.
>>>
>>> Check out this message for a solution for sender based quota's.
>>> http://sourceforge.net/mailarchive/message.php?msg_name=4446886E.1050908%40leaveittobeaver.net
>>>
>>>
>>>
>>> Here is the thread for all the gory details.
>>> http://sourceforge.net/mailarchive/forum.php?thread_name=443D67DF.1030903%40seven.com.br&forum_name=policyd-users
>>>
>>>
>>> John Beaver
>>
>> John and people from the list, thanks for your help. I was reading and
>> trying again with the postfix & postfix-policyd packages in order to do
>> only *THROTTLING*. I put in my main.cf as you mentioned:
>>
>> smtpd_recipient_restrictions =
>> check_recipient_access hash:/etc/postfix/access
>> permit_mynetworks
>> reject_unauth_destination
>>
>> smtpd_end_of_data_restrictions =
>> check_policy_service inet:127.0.0.1:10031
>> permit_mynetworks
>>
>> In postfix-policyd.conf I established the default message size limit:
>>
>> SENDERMSGSIZE=2840000
>>
>> But when I send a message to outbound using the ICEDOVE 1.5 mail client
>> I get the error: "The size of the message exceeds the global size limit
>> (10240000 bytes) of the server"....but my default limit was established
>> to 2840000 as I said, and it's not read I think. The 10240000 bytes is
>> the postfix default message size limikt, and this is read.....and
>> nothing appears in the debug log.
>
> Then it appears that you have sent a message that exceeds the size
> that postfix will allow so the message is rejected before continuing
> through the restrictions. Try a test message below the postfix limit,
> but above the policyd limit.
>
>> When I send a message without attach and send it to myself:
>>
>> Jul 27 11:37:01 mail2 postfix/smtpd[32683]: connect from
>> unknown[10.4.4.4]
>> Jul 27 11:37:01 mail2 postfix/smtpd[32683]: 7456C3DA9:
>> client=unknown[10.4.4.4]
>> Jul 27 11:37:01 mail2 postfix/cleanup[32236]: 7456C3DA9:
>> message-id=<46AA05A6.8090505sintys.gov.ar>
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11 select(): fd 11 is
>> ready for read
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd 11: w_read: returning
>> -2 after reading 484 bytes
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11
>> policy_array[11][0]:request=smtpd_access_policy
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11
>> policy_array[11][1]:protocol_state=end-of-message
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11
>> policy_array[11][2]:protocol_name=esmtp
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11
>> policy_array[11][3]:client_address=10.64.64.42
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11
>> policy_array[11][4]:client_name=unknown
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11
>> policy_array[11][5]:reverse_client_name=unknown
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11
>> policy_array[11][6]:helo_name=[10.64.64.42]
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11
>> policy_array[11][7]:sender=acabrerasintys.gov.ar
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11
>> policy_array[11][8]:recipient=acabrerasintys.gov.ar
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11
>> policy_array[11][9]:recipient_count=1
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11
>> policy_array[11][10]:queue_id=7456c3da9
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11
>> policy_array[11][11]:instance=7fab.46aa030d.6f8fa.0
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11
>> policy_array[11][12]:size=114229
>
> Note the size here passed by postfix here ...
>
> <snipped>
>
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11 checking throttle
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11 db_charquery():
>> SELECT _from,_count_max,_count_cur,_date,_quota_cur,_quota_max,
>> _time_limit,_mail_size,_count_tot,_rcpt_max,_rcpt_cur,_rcpt_tot,
>> _log_warn, _log_panic, _abuse_tot FROM throttle WHERE
>> _from='acabrerasintys.gov.ar' OR _from='sintys.gov.ar' ORDER BY
>> _priority DESC LIMIT 1
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11 row: 0 data:
>> acabrerasintys.gov.ar (recieved)
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11 row: 0 data:
>> acabrerasintys.gov.ar (extracted)
>
> <snipped>
>
>> Jul 27 11:37:01 mail2 postfix-policyd: DEBUG: fd: 11 checking
>> throttle-from
>> Jul 27 11:37:01 mail2 postfix-policyd: rcpt=227, throttle=update(a),
>> host=10.64.64.42, from=acabrerasintys.gov.ar,
>> to=acabrerasintys.gov.ar, size=114229/16000000, quota=121975/250000000,
>> count=5/512(12), rcpt=5/3600(12), threshold=0%|0%|0%
>
> Size is reported and compared to the quota correctly.
>
> Turn off debugging for a while and read through the normal policyd log
> entries and see if you are getting the values you are looking for.
> Turn off debug as it will not really help you with this. The regular
> logging should show what you need to get it figured out.
>
> john beaver
>
Thanks John, now I have the policyd running OK !!! You help me a lot,
thanks.

Just one more thing: the throttle table from the postfixpolicyd database
is filled with mail accounts from Hotmail, Yahoo, etc....and I don't
want this because they get the default message size limit and so they
can't send me attachments bigger than that value. I want the throttle
table filled just with my local mail accounts.

How can I do this ????

Thanks in advance.

Alejandro

--
--------------------------------------------------------------------
Ing. Alejandro Cabrera Obed
Interconexion
SINTyS
Sistema de Identificación Nacional Tributario y Social
Consejo Nacional de Coordinación de Políticas Sociales
Presidencia de la Nación
Julio A. Roca 782 - Piso 5
Ciudad Autónoma de Bs. As.
Tel: (54 11) 4343-0181/89 interno 5172
4334-3676 4342-5648
acabrerasintys.gov.ar

NOTA DE RESPONSABILIDAD:
----------------------------------------------------------------------
Este mensaje proviene de Internet,tome los recaudos necesarios en su
manejo.
El contenido del presente mensaje y sus adjuntos es privado,
estrictamente confidencial y exclusivo para su destinatario, pudiendo
contener información protegida por normas legales y de secreto
profesional.
Bajo ninguna circunstancia su contenido puede ser transmitido o revelado a
terceros ni divulgado en forma alguna. En consecuencia de haberlo recibido
solicitamos contactar al remitente y eliminarlo de su sistema.
--------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]