Hi Nikolai,
Thanks a lot, was very helpful explanations.
I made the changes suggested in the mini-howto on Policies.
But, we are waiting for the full howto.
Clovis
Em 02-09-2009 14:41, Nikolai Bochev escreveu:
Hey Clovis,
Ok i will try to put it short :
When a mail arrives at the mta ( postfix for example ), policyd
determines where the email comes from and categorizes the email based on
the policies :
Policies -> Main :
1. Default -> matches *any* email that comes and goes.
2. Default Outbound -> matches outgoing emails.
3. Default Inbound -> matches incoming mails.
4. Default Internal -> matches emails sent from the mail server to the
mail server ( in the ideal case ).
So how does policyd do that ? Every policy has members ( Select the
policy and select "Members" from the dropdown above ).
You will see source, destination and disabled fields. I don't think
disabled needs any explanation.
Let's click on "Default Outbound".
It says "%internal_domains" in the Source field and "!%internal_domains"
in Destination field. This means that any email that comes with a Sender
address that is qualified as a member of an "internal" domain ( i.e. the
domain your mail server is serving ) and has a Recipient address that
doesn't match any of the internal domains will be classified as an
outbound ( outgoing ) email.
Let's click on "Policies -> Groups".
Looks familiar ? Here we define the "%internal_domains" - i.e. which
domains belong to this mail server. Note that you can use the
"internal_ips" if you want to base the qualification of "internal" mail
on the ip address that the email comes from.
Select "internal_domains" and select "Members" from the dropdown. You
will see "@example.com" and "@example.org" ( not sure but i think that's
the default ones ). What does that tell us ? All of the emails that were
sent from [email protected] and don't have Recipient address that belongs
to @example.com or example.org will be matched by the "Default Outbound"
policy.
The same rules apply for the "Default Inbound" policy, but instead there
you have Source -> "!%internal_domains" ( or "!%internal_ips" ) and
destination "%internal_domains" ( or "%internal_ips ). Ofcourse you can
combine internal_domains and internal_ips or create other groups and
base policies on them.
After you are done setting your policies, you need to configure all
other checks that policyd performs and link them to the policies you
wish.
That's the short version that i came up with while writing this email :)
For a longer and polished version you will have to wait for the weekend.
On Wed, 2009-09-02 at 09:55 -0300, Clovis Tristao wrote:
Hi Nikolai,
Thank you, I will follow your suggestion, but where to start?
You have a basic tutorial about it, Policies ( Main and Groups ).
Em 02-09-2009 02:05, Nikolai Bochev escreveu:
Wait a week and you'll have a nice tutorial to get you started.
But i would suggest getting familiar with Policies ( Main and Groups )
first.
On Tue, 2009-09-01 at 10:48 -0300, Clovis Tristao wrote:
Hi,
I need to put a server into production, but I am confused by this
interface web, do not know where to start.
Any idea?
Thank you very much,
Clóvis
Em 31-08-2009 09:20, ��¸�º�¾�»�°�¹ �‘�¾Ñ‡�µ�² escreveu:
Maybe next week when i get some free time i can put up a detailed howto.
I am using policyd v2 on several production environments already and it
does have a nice learning curve, once you figure out the basics :)
On Wed, 2009-08-19 at 10:51 +0000, Nigel Kukard wrote:
Herman Baumgarten wrote:
It would actually be nice if someone could give a tutorial on the whole
policyd v2
----- Original Message -----
From: "Clovis Tristao"<[email protected]>
To:<[email protected]>
Sent: Monday, August 17, 2009 8:42 PM
Subject: [policyd-users] Tutorial Policyd v2
Hi,
Someone could give a tutorial on Policyd v. 2.0, web interface
configuration?
Now, thanks
Any volunteers to write one? ;)
-N
__________________________________________________________________
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
--
Clovis Tristao - UNICAMP/Faculdade de Engenharia Agricola
Administrador de Redes - Secao de Informatica (SINFO)
E-mail: [email protected] http://www.feagri.unicamp.br
Fone(0xx19) 35211031-35211038 ou FAX(55xx19) 35211005/35211010
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
--
Clovis Tristao - UNICAMP/Faculdade de Engenharia Agricola
Administrador de Redes - Secao de Informatica (SINFO)
E-mail: [email protected] http://www.feagri.unicamp.br
Fone(0xx19) 35211031-35211038 ou FAX(55xx19) 35211005/35211010
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
