Re: Hourly Limits

[Sahil Tandon]

On Jul 13, 2009, at 11:51 AM, "ad...@gg-lab.net" <ad...@gg-lab.net>  
wrote:

Hi,

i don't think my situation keeps changing-

That's simple: on my evinronment users can send email via CGI + PHP +
SMTP (sasl), and i want to limit them "globally".

Example: user giorgio can send 100 emails. I want him locked also on
CGI, if he send 100 emails with PHP.

I can't:

- use a custom php sendmail wrapper -> it would only work with php
- limit the sender -> a randomized from would broke my limit
- limit the host -> all mail are sent from localhost
- limit via sasl -> i can't request all users to authenticate

Limiting the envelope user, is perfect for me. But, i'm asking if
there is a simplier solution.

The postfwd policy server solution works with the envelope sender.   
But for that to work you need mail coming in on an smtpd listener for  
the policy server to be queried, which won't be the case when you have  
mail being submitted via pickup service.



2009/7/13 Sahil Tandon <sa...@tandon.net>:
On Jul 13, 2009, at 5:54 AM, "ad...@gg-lab.net" <ad...@gg-lab.net>  
wrote:

Lucian, i saw that solution, but i want something that can globally
limit EVERY mail sent:

i'll also offer smtp access, and a sendmail wrapper isn't a  
solution.

Benny: ok, so we are speaking about the evenlope sender, so, it  
seems
this is the solution.

What are you trying to do exactly?  Your requirements and situation  
keep
changing with every email.  Use examples with all details to  
explain exactly
what you want.

Benny - postfwd is sasl_username aware.


2009/7/13 Benny Pedersen <m...@junc.org>:

On Mon, July 13, 2009 09:51, ad...@gg-lab.net wrote:

i want to limit mail sent via php mainly, so i can't limit via  
sasl
simply because users aren't authenticated.

remove 127.0.0.1 in mynetworks, and make sasl usage from all what  
got
sent from this box, problem solved, next step is a policy
server that can handle sasl limits

all else will fail

another way is to seperate web and mail server so 127.0.0.1 is  
another
box :)

Of course i can't limit the host ip (all mail sent from my  
webserver).

as Obama says "yes we can" :)

The most beautiful thing would be limiting system user (each  
user has
an entry in /etc/passwd). Limiting the sender would be unuseful,
because all spammers randomiza the sender, bypassing the limit.

randomize there from: but not envelope sender (apa...@myhostname)

and this email is unknown in my virtual alias for good reason,  
apache is
local and stays here at so

Now, i know that cPanel with Exim has a limit of this tipe. I'll
request them WHAT is exactly limited (maybe we can replicate with
postfix).

dont use cpanel here so cant say how thay mix up the problem

I'll also write to the postfix-policyd mailing list.

i work on something to fail2ban, will need to write some php and  
extend
policyd 1.80 more to handle this here, point is that none
have done it before so when i make it, it will be the best :)

Sahil, maybe we can continue here? Postfixfw rules are  
completely in
topic and maybe we can help someone else...

exactly

--
xpoint