On 11/07/11 19:31, Nigel Kukard wrote:
> On 07/11/11 02:42, Juan Rossi wrote:
>> Hi,
>>
>>
>> I have the following policies (priority: name):
>>
>>
>> Prio:25 - Default unauthenticated, !%internal_ips,
>> !%unauthenticated_src_whitelist, !%unauthenticated_dest_white
>>
>> Prio:35 - Default authenticated,!%authenticated_whitelist
>>
>>
>> I have the greylisting module enabled (greylist name: policy):
>>
>> Do not Greylist: Default authenticated,!%authenticated_whitelist
>>
>> Greylist: Default unauthenticated, !%internal_ips,
>> !%unauthenticated_src_whitelist, !%unauthenticated_dest_whitelist
>>
>>
>> And Quotas module (quota name : Policy)
>>
>> Default Authenticated Quota: Default authenticated,!%authenticated_whitelist
>>
>>
>> Everithing works fine, but still I have the following problem:
>>
>> I wish to greylist unathenticated email (inbound email), as a first
>> stage, but when the greylisting is valid (5 minutes passed), I wish to
>> specify the veredict filter, So it goes to my content filter (filter spam).
>>
>> The access control module gives the veredict before greylisting always.
>> So the greylisting stops working. I have also tried to do this with the
>> access module, and a secondary policy so it has different priority, but
>> does not seem to be working.
>>
>> Am I missing something, or it is not possible what I am asking?
>>
>> I am trying to save some cpu cicles by only content filtering inbound
>> emails only after greylisting.
>>
>
> Could you enable full debugging and paste the logs from a test mail?
>
> -N
>
Sure, here we go, with a second policy, that has more priority:
Prio:25 - Default unauthenticated, !%internal_ips,
!%unauthenticated_src_whitelist, !%unauthenticated_dest_white
Prio:26 - Default Filter unauthenticated, that do not come from internal
ips, and are not whilisted as unauthenticated sources or destinations
Prio:35 - Default authenticated,!%authenticated_whitelist
I have the greylisting module enabled (greylist name: policy):
Do not Greylist: Default authenticated,!%authenticated_whitelist
Greylist: Default unauthenticated, !%internal_ips,
!%unauthenticated_src_whitelist, !%unauthenticated_dest_whitelist
Access module configured with (name: policy: veredict: data)
spamfiltering : Default Filter unauthenticated, that do not come from
internal ips, and are not whilisted as unauthenticated sources or
destinations : FILTER : spamassassin:dummy
The log is the following, the bits important I think they are on the
scope of:
[2011/07/12-02:22:24 - 31441] [CBPOLICYD] DEBUG: Got request, running
modules...
[2011/07/12-02:22:24 - 31441] [CBPOLICYD] DEBUG: Running module: Access
Control Plugin
[2011/07/12-02:22:24 - 31441] [CBPOLICYD] DEBUG: Done with modules
Seems that policies do not get resolved one after another, the access
module, even dough that is in second priority takes over:
debug log:
[2011/07/12-02:22:24 - 31441] [CORE] INFO: 2011/07/12-02:22:24 CONNECT
TCP Peer: "127.0.0.1:44366" Local: "127.0.0.1:10031"
[2011/07/12-02:22:24 - 31412] [CORE] INFO: Starting "1" children
[2011/07/12-02:22:24 - 31441] [TRACKING] DEBUG: No session tracking data
exists for request: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => '',
'sasl_sender' => '',
'size' => '1094',
'_timestamp' => 1310437344,
'helo_name' => 'mail.rimuhosting.com',
'reverse_client_name' => 'mail.rimuhosting.com',
'queue_id' => '',
'encryption_cipher' => '',
'encryption_protocol' => '',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'RCPT',
'stress' => '',
'recipient' => '[email protected]',
'sasl_username' => '',
'instance' => '14f.4e1bafe0.e9450.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '0',
'recipient_count' => '0',
'ccert_issuer' => '',
'sender' => '[email protected]',
'client_name' => 'mail.rimuhosting.com',
'client_address' => '206.123.102.5',
'_protocol_transport' => 'Postfix'
};
[2011/07/12-02:22:24 - 31441] [TRACKING] DEBUG: Added session tracking
information for: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => '',
'sasl_sender' => '',
'size' => '1094',
'_timestamp' => 1310437344,
'helo_name' => 'mail.rimuhosting.com',
'reverse_client_name' => 'mail.rimuhosting.com',
'queue_id' => '',
'encryption_cipher' => '',
'encryption_protocol' => '',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'RCPT',
'stress' => '',
'recipient' => '[email protected]',
'sasl_username' => '',
'instance' => '14f.4e1bafe0.e9450.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '0',
'recipient_count' => '0',
'ccert_issuer' => '',
'sender' => '[email protected]',
'client_name' => 'mail.rimuhosting.com',
'client_address' => '206.123.102.5',
'_protocol_transport' => 'Postfix'
};
[2011/07/12-02:22:24 - 31441] [TRACKING] DEBUG: Protocol state is
'RCPT', resolving policy...
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: Going to resolve session
data into policy: $VAR1 = {
'Recipient' => '[email protected]',
'SASLUsername' => '',
'QueueID' => '',
'RecipientData' => '',
'Instance' => '14f.4e1bafe0.e9450.0',
'EncryptionCipher' => '',
'Size' => '2',
'EncryptionKeySize' => '0',
'EncryptionProtocol' => '',
'Helo' => 'mail.rimuhosting.com',
'ClientAddress' => '206.123.102.5',
'ClientName' => 'mail.rimuhosting.com',
'Sender' => '[email protected]',
'SASLSender' => '',
'Protocol' => 'ESMTP',
'ClientReverseName' => 'mail.rimuhosting.com',
'SASLMethod' => ''
};
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: Found policy member with
ID '1' in policy 'Default'
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: Found policy member with
ID '6' in policy 'Default authenticated,!%authenticated_whitelist'
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: Found policy member with
ID '7' in policy 'Default unauthenticated, !%internal_ips,
!%unauthenticated_src_whitelist, !%unauthenticated_dest_whitelist'
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: Found policy member with
ID '8' in policy 'Default Filter unauthenticated, that do not come from
internal ips, and are not whilisted as unauthenticated sources or
destinations'
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:1/Name:Default]:
Source not defined or 'any', explicit match: matched=1
[2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:1/Name:Default]:
Source matching result: matched=1
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:1/Name:Default]:
Destination not defined or 'any', explicit match: matched=1
[2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:1/Name:Default]:
Destination matching result: matched=1
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:6/Name:Default
authenticated,!%authenticated_whitelist]: Main policy sources
'$*,!%authenticated_whitelist'
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:6/Name:Default
authenticated,!%authenticated_whitelist]: - Resolved source '$*' to a
SASL user specification, match = 0
[2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:6/Name:Default
authenticated,!%authenticated_whitelist]: Source matching result: matched=0
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]: Main policy sources
'$-,!%internal_ips,!%unauthenticated_src_whitelist'
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]: - Resolved source '$-' to a SASL user
specification, match = 1
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]: Group 'internal_ips' has 1 source(s)
=> 127.0.0.0/8
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]=>(group:internal_ips): - Resolved
source '127.0.0.0/8' to a IP/CIDR specification, match = 0
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]=>(group:internal_ips): Source group
result: matched=0
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]: Group 'unauthenticated_src_whitelist'
has 0 source(s) =>
[2011/07/12-02:22:24 - 31441] [POLICIES] WARNING: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]: No group members for source group
'unauthenticated_src_whitelist'
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]=>(group:unauthenticated_src_whitelist):
Source
group result: matched=0
[2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]: Source matching result: matched=1
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]: Main policy destinations
'!%unauthenticated_dest_whitelist'
[2011/07/12-02:22:24 - 339] [CORE] DEBUG: Child Preforked (339)
[2011/07/12-02:22:24 - 339] [CBPOLICYD] DEBUG: Starting up caching engine
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]: Group
'unauthenticated_dest_whitelist' has 0 destination(s) =>
[2011/07/12-02:22:24 - 31441] [POLICIES] WARNING: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]: No group members for destination
group 'unauthenticated_dest_whitelist'
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]=>(group:unauthenticated_dest_whitelist):
Destination group result: matched=0
[2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:7/Name:Default
unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
!%unauthenticated_dest_whitelist]: Destination matching result: matched=1
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
Filter unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or destinations]: Main policy
sources '$-,!%internal_ips,!%unauthenticated_src_whitelist'
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
Filter unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or destinations]: - Resolved source
'$-' to a SASL user specification, match = 1
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
Filter unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or destinations]: Group
'internal_ips' has 1 source(s) => 127.0.0.0/8
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
Filter unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or
destinations]=>(group:internal_ips): - Resolved source '127.0.0.0/8' to
a IP/CIDR specification, match = 0
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
Filter unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or
destinations]=>(group:internal_ips): Source group result: matched=0
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
Filter unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or destinations]: Group
'unauthenticated_src_whitelist' has 0 source(s) =>
[2011/07/12-02:22:24 - 31441] [POLICIES] WARNING: [ID:8/Name:Default
Filter unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or destinations]: No group members
for source group 'unauthenticated_src_whitelist'
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
Filter unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or
destinations]=>(group:unauthenticated_src_whitelist): Source group
result: matched=0
[2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:8/Name:Default Filter
unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or destinations]: Source matching
result: matched=1
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
Filter unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or destinations]: Main policy
destinations '!%unauthenticated_dest_whitelist'
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
Filter unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or destinations]: Group
'unauthenticated_dest_whitelist' has 0 destination(s) =>
[2011/07/12-02:22:24 - 31441] [POLICIES] WARNING: [ID:8/Name:Default
Filter unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or destinations]: No group members
for destination group 'unauthenticated_dest_whitelist'
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
Filter unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or
destinations]=>(group:unauthenticated_dest_whitelist): Destination group
result: matched=0
[2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:8/Name:Default Filter
unauthenticated, that do not come from internal ips, and are not
whilisted as unauthenticated sources or destinations]: Destination
matching result: matched=1
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: END RESULT: prio=0 =>
policy ids: 1
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: END RESULT: prio=25 =>
policy ids: 7
[2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: END RESULT: prio=26 =>
policy ids: 8
[2011/07/12-02:22:24 - 31441] [TRACKING] DEBUG: Policy resolved into:
$VAR1 = {
'25' => [
'7'
],
'0' => [
'1'
],
'26' => [
'8'
]
};
[2011/07/12-02:22:24 - 31441] [TRACKING] DEBUG: Request translated into
session data: $VAR1 = {
'Recipient' => '[email protected]',
'SASLUsername' => '',
'QueueID' => '',
'RecipientData' => '',
'Instance' => '14f.4e1bafe0.e9450.0',
'EncryptionCipher' => '',
'Size' => '2',
'EncryptionKeySize' => '0',
'ParsedClientAddress' => {
'Broadcast_Long' => 3464193541,
'Network' => '206.123.102.5',
'IP_Long' => 3464193541,
'Broadcast' => '206.123.102.5',
'IP' => '206.123.102.5',
'Mask_Long' => 4294967295,
'Network_Long' => 3464193541
},
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => '',
'Helo' => 'mail.rimuhosting.com',
'ClientAddress' => '206.123.102.5',
'ClientName' => 'mail.rimuhosting.com',
'Sender' => '[email protected]',
'SASLSender' => '',
'Timestamp' => 1310437344,
'ProtocolState' => 'RCPT',
'Policy' => {
'25' => [
'7'
],
'0' => [
'1'
],
'26' => [
'8'
]
},
'Protocol' => 'ESMTP',
'ClientReverseName' => 'mail.rimuhosting.com',
'SASLMethod' => ''
};
[2011/07/12-02:22:24 - 31441] [CBPOLICYD] DEBUG: Got request, running
modules...
[2011/07/12-02:22:24 - 31441] [CBPOLICYD] DEBUG: Running module: Access
Control Plugin
[2011/07/12-02:22:24 - 31441] [CBPOLICYD] DEBUG: Done with modules
[2011/07/12-02:22:26 - 32158] [CORE] INFO: 2011/07/12-02:22:26 CONNECT
TCP Peer: "127.0.0.1:44367" Local: "127.0.0.1:10031"
[2011/07/12-02:22:26 - 32158] [TRACKING] DEBUG: Protocol state is
'END-OF-MESSAGE', decoding policy...
[2011/07/12-02:22:26 - 32158] [TRACKING] DEBUG: Decoded into: $VAR1 = {
'[email protected]' => {
'25' => [
'7'
],
'0' => [
'1'
],
'26' => [
'8'
]
}
};
[2011/07/12-02:22:26 - 32158] [TRACKING] DEBUG: Request translated into
session data: $VAR1 = {
'SASLUsername' => '',
'QueueID' => '02F94604BD',
'RecipientData' => '/<[email protected]>#25=7;0=1;26=8;',
'EncryptionCipher' => '',
'Instance' => '14f.4e1bafe0.e9450.0',
'Size' => '2',
'EncryptionKeySize' => '0',
'ParsedClientAddress' => {
'Broadcast_Long' => 3464193541,
'Network' => '206.123.102.5',
'IP_Long' => 3464193541,
'Broadcast' => '206.123.102.5',
'IP' => '206.123.102.5',
'Mask_Long' => 4294967295,
'Network_Long' => 3464193541
},
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => '',
'Helo' => 'mail.rimuhosting.com',
'ClientAddress' => '206.123.102.5',
'ClientName' => 'mail.rimuhosting.com',
'Sender' => '[email protected]',
'SASLSender' => '',
'Timestamp' => 1310437346,
'ProtocolState' => 'END-OF-MESSAGE',
'_Recipient_To_Policy' => {
'[email protected]' => {
'25' => [
'7'
],
'0' => [
'1'
],
'26' => [
'8'
]
}
},
'Protocol' => 'ESMTP',
'ClientReverseName' => 'mail.rimuhosting.com',
'SASLMethod' => ''
};
[2011/07/12-02:22:26 - 32158] [CBPOLICYD] DEBUG: Got request, running
modules...
[2011/07/12-02:22:26 - 32158] [CBPOLICYD] DEBUG: Running module: Access
Control Plugin
[2011/07/12-02:22:26 - 32158] [CBPOLICYD] DEBUG: Running module:
HELO/EHLO Check Plugin
[2011/07/12-02:22:26 - 32158] [CBPOLICYD] DEBUG: Running module:
Greylisting Plugin
[2011/07/12-02:22:26 - 32158] [CBPOLICYD] DEBUG: Running module: Quotas
Plugin
[2011/07/12-02:22:26 - 32158] [CBPOLICYD] DEBUG: Done with modules
[2011/07/12-02:23:06 - 31412] [CORE] INFO: Killing "1" children
[2011/07/12-02:23:06 - 339] [CBPOLICYD] DEBUG: Shutting down caching
engine (339)
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
