From: Sahil Tandon (sahiltandon.net)
Date: Mon Jul 13 2009 - 10:59:44 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jul 13, 2009, at 11:51 AM, "admingg-lab.net" <admingg-lab.net>
wrote:

> Hi,
>
>
> i don't think my situation keeps changing-
>
> That's simple: on my evinronment users can send email via CGI + PHP +
> SMTP (sasl), and i want to limit them "globally".
>
> Example: user giorgio can send 100 emails. I want him locked also on
> CGI, if he send 100 emails with PHP.
>
> I can't:
>
> - use a custom php sendmail wrapper -> it would only work with php
> - limit the sender -> a randomized from would broke my limit
> - limit the host -> all mail are sent from localhost
> - limit via sasl -> i can't request all users to authenticate
>
> Limiting the envelope user, is perfect for me. But, i'm asking if
> there is a simplier solution.

The postfwd policy server solution works with the envelope sender.
But for that to work you need mail coming in on an smtpd listener for
the policy server to be queried, which won't be the case when you have
mail being submitted via pickup service.

>
> 2009/7/13 Sahil Tandon <sahiltandon.net>:
>> On Jul 13, 2009, at 5:54 AM, "admingg-lab.net" <admingg-lab.net>
>> wrote:
>>
>>> Lucian, i saw that solution, but i want something that can globally
>>> limit EVERY mail sent:
>>>
>>> i'll also offer smtp access, and a sendmail wrapper isn't a
>>> solution.
>>>
>>> Benny: ok, so we are speaking about the evenlope sender, so, it
>>> seems
>>> this is the solution.
>>
>> What are you trying to do exactly? Your requirements and situation
>> keep
>> changing with every email. Use examples with all details to
>> explain exactly
>> what you want.
>>
>> Benny - postfwd is sasl_username aware.
>>
>>>
>>> 2009/7/13 Benny Pedersen <mejunc.org>:
>>>>
>>>> On Mon, July 13, 2009 09:51, admingg-lab.net wrote:
>>>>
>>>>> i want to limit mail sent via php mainly, so i can't limit via
>>>>> sasl
>>>>> simply because users aren't authenticated.
>>>>
>>>> remove 127.0.0.1 in mynetworks, and make sasl usage from all what
>>>> got
>>>> sent from this box, problem solved, next step is a policy
>>>> server that can handle sasl limits
>>>>
>>>> all else will fail
>>>>
>>>> another way is to seperate web and mail server so 127.0.0.1 is
>>>> another
>>>> box :)
>>>>
>>>>> Of course i can't limit the host ip (all mail sent from my
>>>>> webserver).
>>>>
>>>> as Obama says "yes we can" :)
>>>>
>>>>> The most beautiful thing would be limiting system user (each
>>>>> user has
>>>>> an entry in /etc/passwd). Limiting the sender would be unuseful,
>>>>> because all spammers randomiza the sender, bypassing the limit.
>>>>
>>>> randomize there from: but not envelope sender (apachemyhostname)
>>>>
>>>> and this email is unknown in my virtual alias for good reason,
>>>> apache is
>>>> local and stays here at so
>>>>
>>>>> Now, i know that cPanel with Exim has a limit of this tipe. I'll
>>>>> request them WHAT is exactly limited (maybe we can replicate with
>>>>> postfix).
>>>>
>>>> dont use cpanel here so cant say how thay mix up the problem
>>>>
>>>>> I'll also write to the postfix-policyd mailing list.
>>>>
>>>> i work on something to fail2ban, will need to write some php and
>>>> extend
>>>> policyd 1.80 more to handle this here, point is that none
>>>> have done it before so when i make it, it will be the best :)
>>>>
>>>>> Sahil, maybe we can continue here? Postfixfw rules are
>>>>> completely in
>>>>> topic and maybe we can help someone else...
>>>>
>>>> exactly
>>>>
>>>> --
>>>> xpoint
>>>>
>>>>
>>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]