On 09/30/09 13:30, Shelley Waltz wrote: > On Tue, 29 Sep 2009, Shelley Waltz wrote: > > My configuration looks like below where I only ask to load > Core and Quotas module. I assumed I needed Core. > > > # > # Server configuration > # > [server] > > # Protocols to load > protocols=<<EOT > Postfix > EOT > > # Modules to load > modules=<<EOT > Core > Quotas > EOT > > # Modules to .not. load > #AccessControl > #CheckHelo > #CheckSPF > #Greylisting > > # User to run this daemon as > #user= > #group= > > # Filename to store pid of parent process > pid_file=/var/run/cbpolicyd.pid > > # Uncommenting the below option will prevent cbpolicyd going into the > background > #background=no > > # Preforking configuration > # > # min_server - Minimum servers to keep around > # min_spare_servers - Minimum spare servers to keep around ready to > # handle requests > # max_spare_servers - Maximum spare servers to have around doing > nothing > # max_servers - Maximum servers alltogether > # max_requests - Maximum number of requests each child will > serve > # > # One may want to use the following as a rough guideline... > # Small mailserver: 2, 2, 4, 10, 1000 > # Medium mailserver: 4, 4, 12, 25, 1000 > # Large mailserver: 8, 8, 16, 64, 1000 > # > min_servers=4 > min_spare_servers=4 > max_spare_servers=12 > max_servers=25 > max_requests=1000 > > # Log level: > # 0 - Errors only > # 1 - Warnings and errors > # 2 - Notices, warnings, errors > # 3 - Info, notices, warnings, errors > # 4 - Debugging > log_level=3 > > # File to log to instead of stdout > log_file=/var/log/cbpolicyd.log > > # Log destination for mail logs... > # main - log to policyd's main log mechanism > # maillog - log mail via syslog > log_mail=maillog > > # Things to log in extreme detail > # modules - Log detailed module running information > # tracking - Log detailed tracking information > # policies - Log policy resolution > # protocols - Log general protocol info, but detailed > # bizanga - Log the bizanga protocol > # > # There is no default for this configuration option. Options can be > # separated by commas. ie. protocols,modules > # > log_detail=modules,tracking,policies > > # IP to listen on, * for all > #host=* > > # Port to run on > #port=10031 > > # Timeout in communication with clients > #timeout=120 > > # cidr_allow/cidr_deny > # Comma, whitespace or semi-colon separated. Contains a CIDR block to > # compare the clients IP to. If cidr_allow or cidr_deny options are > # given, the incoming client must match a cidr_allow and not match a > # cidr_deny or the client connection will be closed. > #cidr_allow=0.0.0.0/0 > #cidr_deny= > > [database] > #DSN=DBI:SQLite:dbname=cluebringer.sqlite > DSN=DBI:mysql:database=policyd;host=localhost > Username=******** > Password=********* > # > > # What do we do when we have a database connection problem > # tempfail - Return temporary failure > # pass - Return success > bypass_mode=tempfail > > # How many seconds before we retry a DB connection > bypass_timeout=30 > > # Access Control module > [AccessControl] > enable=0 > > # Greylisting module > [Greylisting] > enable=0 > > # CheckHelo module > [CheckHelo] > enable=0 > > # CheckSPF module > [CheckSPF] > enable=0 > > # Quotas module > [Quotas] > enable=1 > > > > and the startup log shows ... > [2009/09/29-11:18:38 - 23658] [CORE] NOTICE: Process Backgrounded > [2009/09/29-11:18:38 - 23658] [CBPOLICYD] NOTICE: Policyd v2 / Cluebringer > - v2.0.7 > [2009/09/29-11:18:38 - 23658] [CBPOLICYD] NOTICE: Initializing system > modules. > [2009/09/29-11:18:38 - 23658] [CBPOLICYD] NOTICE: System modules > initialized. > [2009/09/29-11:18:38 - 23658] [CBPOLICYD] NOTICE: Module load started... > [2009/09/29-11:18:38 - 23658] [CORE] NOTICE: => Quotas: enabled > [2009/09/29-11:18:38 - 23658] [CORE] NOTICE: => Protocol(Postfix): > enabled > [2009/09/29-11:18:38 - 23658] [CBPOLICYD] NOTICE: Module load done. > [2009/09/29-11:18:38 - 23658] [CBPOLICYD] DEBUG: Opening syslog. > [2009/09/29-11:18:38 - 23658] [CBPOLICYD] DEBUG: Syslog open. > [2009/09/29-11:18:38 - 23658] [CORE] NOTICE: 2009/09/29-11:18:38 cbp (type > Net::Server::PreFork) starting! pid(23658) > [2009/09/29-11:18:38 - 23658] [CORE] NOTICE: Binding to TCP port 10031 on > host * > > When I bring up the webui, amavis configuration-> configure > shows > Policy Name Disabled > Default Default system amavis policy no > > > There are also amavis data in the mysql database > mysql> desc amavis_rules > -> ; > > +--------------------------------+---------------------+------+-----+---------+----------------+ > | Field | Type | Null | Key | > Default | Extra | > > +--------------------------------+---------------------+------+-----+---------+----------------+ > | ID | bigint(20) unsigned | NO | PRI | NULL > | auto_increment | > | PolicyID | bigint(20) unsigned | YES | MUL | NULL > | | > | Name | varchar(255) | NO | | NULL > | | > | bypass_virus_checks | smallint(6) | YES | | NULL > | | > | bypass_virus_checks_m | smallint(6) | NO | | 0 > | | > | bypass_banned_checks | smallint(6) | YES | | NULL > | | > | bypass_banned_checks_m | smallint(6) | NO | | 0 > | | > | bypass_spam_checks | smallint(6) | YES | | NULL > | | > | bypass_spam_checks_m | smallint(6) | NO | | 0 > | | > | bypass_header_checks | smallint(6) | YES | | NULL > | | > | bypass_header_checks_m | smallint(6) | NO | | 0 > | | > | spam_tag_level | float | YES | | NULL > | | > | spam_tag_level_m | smallint(6) | NO | | 0 > | | > | spam_tag2_level | float | YES | | NULL > | | > | spam_tag2_level_m | smallint(6) | NO | | 0 > | | > | spam_tag3_level | float | YES | | NULL > | | > | spam_tag3_level_m | smallint(6) | NO | | 0 > | | > | spam_kill_level | float | YES | | NULL > | | > | spam_kill_level_m | smallint(6) | NO | | 0 > | | > | spam_dsn_cutoff_level | float | YES | | NULL > | | > | spam_dsn_cutoff_level_m | smallint(6) | NO | | 0 > | | > | spam_quarantine_cutoff_level | float | YES | | NULL > | | > | spam_quarantine_cutoff_level_m | smallint(6) | NO | | 0 > | | > | spam_modifies_subject | smallint(6) | YES | | NULL > | | > | spam_modifies_subject_m | smallint(6) | NO | | 0 > | | > | spam_tag_subject | varchar(255) | YES | | NULL > | | > | spam_tag_subject_m | smallint(6) | NO | | 0 > | | > | spam_tag2_subject | varchar(255) | YES | | NULL > | | > | spam_tag2_subject_m | smallint(6) | NO | | 0 > | | > | spam_tag3_subject | varchar(255) | YES | | NULL > | | > | spam_tag3_subject_m | smallint(6) | NO | | 0 > | | > | max_message_size | bigint(20) | YES | | NULL > | | > | max_message_size_m | smallint(6) | NO | | 0 > | | > | banned_files | text | YES | | NULL > | | > | banned_files_m | smallint(6) | NO | | 0 > | | > | sender_whitelist | text | YES | | NULL > | | > | sender_whitelist_m | smallint(6) | NO | | 0 > | | > | sender_blacklist | text | YES | | NULL > | | > | sender_blacklist_m | smallint(6) | NO | | 0 > | | > | notify_admin_newvirus | varchar(255) | YES | | NULL > | | > | notify_admin_newvirus_m | smallint(6) | NO | | 0 > | | > | notify_admin_virus | varchar(255) | YES | | NULL > | | > | notify_admin_virus_m | smallint(6) | NO | | 0 > | | > | notify_admin_spam | varchar(255) | YES | | NULL > | | > | notify_admin_spam_m | smallint(6) | NO | | 0 > | | > | notify_admin_banned_file | varchar(255) | YES | | NULL > | | > | notify_admin_banned_file_m | smallint(6) | NO | | 0 > | | > | notify_admin_bad_header | varchar(255) | YES | | NULL > | | > | notify_admin_bad_header_m | smallint(6) | NO | | 0 > | | > | quarantine_virus | varchar(255) | YES | | NULL > | | > | quarantine_virus_m | smallint(6) | NO | | 0 > | | > | quarantine_banned_file | varchar(255) | YES | | NULL > | | > | quarantine_banned_file_m | smallint(6) | NO | | 0 > | | > | quarantine_bad_header | varchar(255) | YES | | NULL > | | > | quarantine_bad_header_m | smallint(6) | NO | | 0 > | | > | quarantine_spam | varchar(255) | YES | | NULL > | | > | quarantine_spam_m | smallint(6) | NO | | 0 > | | > | bcc_to | varchar(255) | YES | | NULL > | | > | bcc_to_m | smallint(6) | NO | | 0 > | | > | Comment | varchar(1024) | YES | | NULL > | | > | Disabled | smallint(6) | NO | | 0 > | | > > +--------------------------------+---------------------+------+-----+---------+----------------+ > 61 rows in set (0.00 sec) > > > > I do not need the amavis stuff, just quotas - why is this in by default? > Should I disable it? > >
Just ignore it, it is there to support Quotas if you enable the module. You created the tables more than likely using the howto, you could of only used the schema files you needed if you wanted :) > Leaving the above as is, and looking in my amavis.log file, I see > Sep 30 09:17:06 roadrunner.cabm.rutgers.edu /usr/sbin/amavisd[19965]: > (19965-19) policyd/process_policy: Starting > Sep 30 09:17:06 roadrunner.cabm.rutgers.edu /usr/sbin/amavisd[19965]: > (19965-19) policyd/process_policy: Getting session data from queue ID > '87DD411D8001' > Sep 30 09:17:06 roadrunner.cabm.rutgers.edu /usr/sbin/amavisd[19965]: > (19965-19) [TRACKING] DEBUG: Retreiving session data for triplet: > 87DD411D8001/192.76.178.8/[email protected] > Sep 30 09:17:06 roadrunner.cabm.rutgers.edu /usr/sbin/amavisd[19965]: > (19965-19) (!!)[TRACKING] ERROR: No session data > Sep 30 09:17:06 roadrunner.cabm.rutgers.edu /usr/sbin/amavisd[19965]: > (19965-19) (!)policyd/process_policy: No session data found > Policyd is not seeing the policy requests, what does the cbpolicyd debugging show you? > and the cbpolicyd.log file does not show the outbound policy hitting > the message and reiterates the session data missing. > > my postfix main .cf has ... > smtpd_helo_restrictions = > permit_mynetworks, > reject_invalid_hostname, > check_helo_access hash:/etc/postfix/helo_access, > permit > smtpd_recipient_restrictions = > permit_sasl_authenticated, > permit_mynetworks, > reject_unauth_destination, > reject_rbl_client zen.spamhaus.org, > reject_rbl_client bl.spamcop.net, > reject_rbl_client psbl.surriel.com, > check_policy_service inet:127.0.0.1:10031, > permit > smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 > Well, there is more than likely your problem .... you are permitting sasl authenticated and mynetworks BEFORE your policy check. If the mail is from either of these two, its not going to get the the policy check because you've already permitted it. -N _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
