Just in case anyone cares.. I resolved my issue.
It matters in what order you put the entries within
smtpd_recipient_restrictions:
smtpd_recipient_restrictions =
check_policy_service inet:127.0.0.1:10040
permit_mynetworks
reject_unauth_destination
That works fine.
My issue before was that permit_mynetworks was the first thing Postfix checked,
and it returned an OK back from that, on an OK, it will stop processing further
restirctions.
With the PostFWD check_policy_service as the first entry, if it doesn’t match
any rules, it will return a DUNNO, instead of an OK, thus passing it off to the
next restriction check. But if it does match a rule and gets rate limited (in
my specific example), it returns a 421 rejection, and stops processing further
rules from that point.
Hope this helps for other people in the future.
-----Original Message-----
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of David Byrne
Sent: 19 October 2016 10:39
To: postfix-users@postfix.org
Subject: Postfix & PostFWD - Rate Limit Config
Hi there,
I know this is the postfix list, not the postfwd list, I’ve asked on there too,
but this list is busier and hopefully someone can help.
I have postfix v2.6.6, and postfwd v1.3.5. I have configured the following rule
set in postfwd:
[root@monitoringtest ~]# /usr/local/postfwd/sbin/postfwd -f
/etc/postfix/postfwd.cf -C
Rule 0: id->"davelimit001"; action->"rate(recipient_domain/10/1800/421 4.7.1
- Sorry, exceeded 10 messages in 30 minutes.)";
recipient_domain->"=;dave-byrne.co.uk"
Rule 1: id->"STRESS"; action->"dunno"; stress->"==;yes"
Rule 2: id->"WL_001"; action->"dunno"; client_address->"=;127.0.0.1/32"
[root@monitoringtest ~]#
I am trying to limit the number of mails destined for one specific domain to a
very small amount, 10 within 30minutes. Any other mails past 10 within 30mintes
get rejected (not delayed, I don’t want them to send later on, I want them to
be discarded).
I integrated with postfix:
[root@monitoringtest ~]# cat /etc/postfix/main.cf | tail -n 4
smtpd_recipient_restrictions = permit_mynetworks,
...,
reject_unauth_destination,
check_policy_service inet:127.0.0.1:10040 #postfwd
[root@monitoringtest ~]#
I then use another external test server, and telnet, to manually send 10, 15,
20 emails TO: ad...@dave-byrne.co.uk, and they all send… It never rate limits
them. Why is this?
Interestingly, in /var/log/maillog, I can see this:
Oct 19 09:01:58 monitoringtest postfwd[20426]: [STATS] postfwd 1.35: up since 0
days, 13:30:00 hours Oct 19 09:01:58 monitoringtest postfwd[20426]: [STATS]
Requests: 0 overall, 0 last interval, 0.0% cache hits, 0.0% rate hits Oct 19
09:01:58 monitoringtest postfwd[20426]: [STATS] Averages: 0.0 overall, 0.0 last
interval, 0.0 top Oct 19 09:01:58 monitoringtest postfwd[20426]: [STATS]
Contents: 2 rules, 0 cached requests, 0 cached dns results, 0 rate limits
It says 2 rules, and 0 rate limits… It should be 2 rules and 1 rate limit. Have
I configured my rate limit wrong? Below is my rate limit config in postfwd.cf:
#Dave - 10 messages in 1800 seconds (30mins)
id=davelimit001
recipient_domain=dave-byrne.co.uk
action=rate(recipient_domain/10/1800/421 4.7.1 - Sorry, exceeded 10
messages in 30 minutes.)
Any help is greatly appreciated. Thanks.
Best Regards,
Dave Byrne
Head of Technical Projects
Office: 01622 524 200
The Maidstone Studios | Vinters Business Park | New Cut Road | Maidstone | Kent
| ME14 5NZ
This communication and any attachments contain information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s) please note
that any form of disclosure, distribution, copying or use of this communication
or the information in it or in any attachments is strictly prohibited and may
be unlawful. If you have received this communication in error, please return it
with the title 'received in error' to david.by...@vooservers.com then delete
the email and destroy any copies of it. Email communications cannot be
guaranteed to be secure or error free, as information could be intercepted,
corrupted, amended, lost, destroyed, arrive late or incomplete, or contain
viruses. We do not accept liability for any such matters or their consequences.
Anyone who communicates with us by email is taken to accept the risks in doing
so. Opinions, conclusions and other information in this email and any
attachments which do not relate to VooServers are neither given nor endorsed by
it.
Best Regards,
Dave Byrne
Head of Technical Projects
Office: 01622 524 200
The Maidstone Studios | Vinters Business Park | New Cut Road | Maidstone | Kent
| ME14 5NZ
This communication and any attachments contain information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s) please note
that any form of disclosure, distribution, copying or use of this communication
or the information in it or in any attachments is strictly prohibited and may
be unlawful. If you have received this communication in error, please return it
with the title 'received in error' to david.by...@vooservers.com then delete
the email and destroy any copies of it. Email communications cannot be
guaranteed to be secure or error free, as information could be intercepted,
corrupted, amended, lost, destroyed, arrive late or incomplete, or contain
viruses. We do not accept liability for any such matters or their consequences.
Anyone who communicates with us by email is taken to accept the risks in doing
so. Opinions, conclusions and other information in this email and any
attachments which do not relate to VooServers are neither given nor endorsed by
it.
