On Tue, 2015-09-22 at 12:37 +0200, Markus Benning wrote: > On Mon, Sep 21, 2015 at 07:25:53AM +0100, Kianoosh Kashefi wrote: > > I use Postfix with Postfwd as policy service. and I want to limit all > > outgoing messages with exceptions for several SASL users with HOLD verdict. > > I'm new to postfwd so I need configuration example for rate-limiting with > > HOLD verdict (for instance limit all users outgoing messages to 10 messages > > per minute and HOLD messages exceeding that limit) also I need the same > > configuration to apply only to certain SASL users again with HOLD verdict > > (for example limit a certain user's outgoing messages to 100 message per > > minute and HOLD messages exceeding that limit). I appreciate if you reply > > with full configuration examples for these two cases. > > It can be done with the Accounting/Quota support of mtpolicyd: > > https://www.mtpolicyd.org/getting-started.html#Mail::MtPolicyd::Cookbook::HowtoAccountingQuota > > First you'll have to setup an SQL database and configure it in mtpolicyd: > > db_dsn="dbi:mysql:mail" > db_user=mtpolicyd > db_password=secret > > Then configure the a VirtualHost with the accounting plugin to record mails > sent based on > sasl_username: > > <VirtualHost 12345> > name="rate-limit" > <Plugin AcctUser> > module = "Accounting" > fields = "sasl_username" > time_pattern = "%Y-%m-%d %H:%M" > </Plugin> > # more plugins come here later... > </VirtualHost> > > Then add a query to this policyd vhost in your postfix configuration: > > smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:12345 > > At this point mtpolicyd will create a table acct_sasl_username with the > first recieved mail and record accounting data in it. > > To limit the rate add the following Quota plugin configuration: > > <Plugin QuotaIP> > module = "Quota" > field = "sasl_username" > metric = "count" > threshold = 10 > action = "hold" > time_pattern = "%Y-%m-%d %H:%M" > </Plugin> > > This should limit the message count per sasl_username. > > To add different limits per user you can use the per user configuration > features of mtpolicyd. > > Create a database schema for it: > > CREATE TABLE `user_policy` ( > `id` int(11) NOT NULL auto_increment, > `desc` VARCHAR(64) NOT NULL, > `config` TEXT NOT NULL, > PRIMARY KEY (`id`) > ) ENGINE=InnoDB; > > // configuration is expected as JSON format hash > INSERT INTO user_policy VALUES(1, 'privileged user', > '{"rate-limit":"100"}'); > > CREATE TABLE `users` ( > `id` int(11) NOT NULL auto_increment, > `sasl_username` VARCHAR(64) NOT NULL, > `user_policy` int(11) NOT NULL, > PRIMARY KEY (`id`), > KEY `user_policy` (`user_policy`), > CONSTRAINT `users_ibfk_1` FOREIGN KEY (`user_policy`) REFERENCES > `user_policy` (`id`) > ) ENGINE=InnoDB; > > INSERT INTO users VALUES(NULL, 'kianoosh@saslauth', 1); > > Add a query to retrieve the user configuration _before_ the Quota plugin: > > <Plugin UserConfiguration> > module = "SqlUserConfig" > sql_query = "SELECT p.config FROM user_policy p JOIN users u ON > (u.relay_policy = p.id) WHERE u.sasl_username=?" > field = "sasl_username" > </Plugin> > > That will retrieve the user configuration by the sasl_username. > > Then edit the Quota plugin and add uc_threshold parameter: > > uc_threshold="rate-limit" > > This will overwrite the threshold option if there is a value for > "rate-limit" defined in the current session. > > > In my option the time slice is a little bit small with 1 minute. > I would use a per hour or per day limit. > > Markus >
Dear Markus Thank you for your help on mtpolicyd. but I need to know how this can be done using postfwd.I appreciate any help on postfwd configuration. Kianoosh Kashefi
