On 08/01/11 16:12, Osmany Goderich wrote: > Ok. So I finally have policyd working on my Postfix MTA with amavisd-new and > I can see in the maillogs the interaction of policyd with the e-mails. But > there is some testing that I would like to do and I can't figure out how to > set a message size limit for a specific user. This is what I have so far and > the message always goes out. I set the limit to 1MB and I intentionally send > a message with a 3MB attachment. > > This is what I have in my Test Policy: > > Test > Priority: 50 > Source: [email protected] > Desination: ANY > > > This is the quota I've configured > > Policy: Test > Track: Sender:user@domain > Period: 0 > > I associated a limit: > > Type: MessageCumulativeSize > Counter Limit: 1000000 > > > Now, I send an email to any address from [email protected] with a 3MB file > attached and it goes through as if there isn't any policy there. I'm sure > I'm missing something but right now I'm just blind. > > Here is what I have in my logs: > > Maillog: > > cbpolicyd[69946]: module=Quotas, mode=update, host=10.25.80.8, > helo=mail.es.quimefa.cu, [email protected], to=o > [email protected], reason=quota_update, policy=5, quota=3, limit=4, > track=Sender:[email protected], counter=MessageCumulativeSize, quota= > 0/1000000 (0.0%) > cbpolicyd[69947]: module=Quotas, mode=update, host=10.25.80.8, > helo=mail.es.quimefa.cu, [email protected], to=o > [email protected], reason=quota_update, policy=5, quota=3, limit=4, > track=Sender:[email protected], counter=MessageCumulativeSize, quota= > 1967277/1000000 (196.7%) > > Cbpolicyd.log: > > [CORE] INFO: 2011/08/01-11:48:15 CONNECT TCP Peer: "127.0.0.1:12187" Local: > "127.0.0.1:10031" > [2011/08/01-11:48:15 - 69946] [PROTOCOLS/Postfix] DEBUG: Possible Postfix > protocol > [2011/08/01-11:48:15 - 69946] [PROTOCOLS/Postfix] INFO: Identified Postfix > protocol > [2011/08/01-11:48:15 - 69946] [TRACKING] DEBUG: No session tracking data > exists for request: $VAR1 = { > 'size' => '1967277', > '_timestamp' => 1312213695, > 'helo_name' => 'mail.es.quimefa.cu', > 'reverse_client_name' => 'unknown', > 'queue_id' => '', > 'etrn_domain' => '', > 'request' => 'smtpd_access_policy', > 'protocol_state' => 'RCPT', > 'stress' => 'yes', > 'recipient' => '[email protected]', > 'instance' => '11299.4e36cabf.ef191.0', > 'protocol_name' => 'ESMTP', > 'recipient_count' => '0', > 'sender' => '[email protected]', > 'client_name' => 'unknown', > 'client_address' => '10.25.80.8', > '_protocol_transport' => 'Postfix' > }; > [2011/08/01-11:48:15 - 69946] [TRACKING] DEBUG: Added session tracking > information for: $VAR1 = { > 'size' => '1967277', > '_timestamp' => 1312213695, > 'helo_name' => 'mail.es.quimefa.cu', > 'reverse_client_name' => 'unknown', > 'queue_id' => '', > 'etrn_domain' => '', > 'request' => 'smtpd_access_policy', > 'protocol_state' => 'RCPT', > 'stress' => 'yes', > 'recipient' => '[email protected]', > 'instance' => '11299.4e36cabf.ef191.0', > 'protocol_name' => 'ESMTP', > 'recipient_count' => '0', > 'sender' => '[email protected]', > 'client_name' => 'unknown', > 'client_address' => '10.25.80.8', > '_protocol_transport' => 'Postfix' > }; > [2011/08/01-11:48:15 - 69946] [TRACKING] DEBUG: Protocol state is 'RCPT', > resolving policy... > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: Going to resolve session > data into policy: $VAR1 = { > 'Recipient' => '[email protected]', > 'SASLUsername' => undef, > 'QueueID' => '', > 'RecipientData' => '', > 'Instance' => '11299.4e36cabf.ef191.0', > 'EncryptionCipher' => undef, > 'Size' => '1967277', > 'EncryptionKeySize' => undef, > 'EncryptionProtocol' => undef, > 'Helo' => 'mail.es.quimefa.cu', > 'ClientAddress' => '10.25.80.8', > 'ClientName' => 'unknown', > 'Sender' => '[email protected]', > 'SASLSender' => undef, > 'Protocol' => 'ESMTP', > 'ClientReverseName' => 'unknown', > 'SASLMethod' => undef > }; > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: Found policy member with ID > '1' in policy 'Default' > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: Found policy member with ID > '2' in policy 'Default Outbound' > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: Found policy member with ID > '3' in policy 'Default Inbound' > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: Found policy member with ID > '4' in policy 'Default Internal' > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: Found policy member with ID > '5' in policy 'Test' > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:1/Name:Default]: Source > not defined or 'any', explicit match: matched=1 > [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:1/Name:Default]: Source > matching result: matched=1 > [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:1/Name:Default]: Source > matching result: matched=1 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:1/Name:Default]: > Destination not defined or 'any', explicit match: matched=1 > [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:1/Name:Default]: > Destination matching result: matched=1 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default > Outbound]: Main policy sources '%internal_ips,%internal_domains' > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default > Outbound]: Group 'internal_ips' has 1 source(s) => 10.0.0.0/8 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default > Outbound]=>(group:internal_ips): - Resolved source '10.0.0.0/8' to a IP/CI > DR specification, match = 1 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default > Outbound]=>(group:internal_ips): Source group result: matched=1 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default > Outbound]: Group 'internal_domains' has 2 source(s) => @example.org,@examp > le.com > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default > Outbound]=>(group:internal_domains): - Resolved source '@example.org' to a > email address specification, match = 0 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default > Outbound]=>(group:internal_domains): - Resolved source '@example.com' to a > email address specification, match = 0 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default > Outbound]=>(group:internal_domains): Source group result: matched=0 > [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:2/Name:Default Outbound]: > Source matching result: matched=0 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]: > Main policy sources '!%internal_ips,!%internal_domains' > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]: > Group 'internal_ips' has 1 source(s) => 10.0.0.0/8 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:3/Name:Default > Inbound]=>(group:internal_ips): - Resolved source '10.0.0.0/8' to a IP/CID > R specification, match = 1 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:3/Name:Default > Inbound]=>(group:internal_ips): Source group result: matched=1 > [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:3/Name:Default Inbound]: > Source matching result: matched=0 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default > Internal]: Main policy sources '%internal_ips,%internal_domains' > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default > Internal]: Group 'internal_ips' has 1 source(s) => 10.0.0.0/8 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default > Internal]=>(group:internal_ips): - Resolved source '10.0.0.0/8' to a IP/CI > DR specification, match = 1 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default > Internal]=>(group:internal_ips): Source group result: matched=1 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default > Internal]: Group 'internal_domains' has 2 source(s) => @example.org,@examp > le.com > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default > Internal]=>(group:internal_domains): - Resolved source '@example.org' to a > email address specification, match = 0 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default > Internal]=>(group:internal_domains): - Resolved source '@example.com' to a > email address specification, match = 0 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default > Internal]=>(group:internal_domains): Source group result: matched=0 > [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:4/Name:Default Internal]: > Source matching result: matched=0 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:5/Name:Test]: Main > policy sources '[email protected]' > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:5/Name:Test]: - Resolved > source '[email protected]' to a email address specification, > match = 1 > [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:5/Name:Test]: Source > matching result: matched=1 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:5/Name:Test]: > Destination not defined or 'any', explicit match: matched=1 > [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:5/Name:Test]: Destination > matching result: matched=1 > [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: END RESULT: prio=0 => policy > ids: 1,5 > [2011/08/01-11:48:15 - 69946] [TRACKING] DEBUG: Policy resolved into: $VAR1 > = { > '0' => [ > '1', > '5' > ] > }; > [2011/08/01-11:48:15 - 69946] [TRACKING] DEBUG: Request translated into > session data: $VAR1 = { > 'Recipient' => '[email protected]', > 'SASLUsername' => undef, > 'QueueID' => '', > 'RecipientData' => '', > 'Instance' => '11299.4e36cabf.ef191.0', > 'EncryptionCipher' => undef, > 'Size' => '1967277', > 'EncryptionKeySize' => undef, > 'ParsedClientAddress' => { > 'Broadcast_Long' => 169431048, > 'Network' => '10.25.80.8', > 'IP_Long' => 169431048, > 'Broadcast' => '10.25.80.8', > 'IP' => '10.25.80.8', > 'Mask_Long' => 4294967295, > 'Network_Long' => 169431048 > }, > 'ProtocolTransport' => 'Postfix', > 'EncryptionProtocol' => undef, > 'Helo' => 'mail.es.quimefa.cu', > 'ClientAddress' => '10.25.80.8', > 'ClientName' => 'unknown', > 'Sender' => '[email protected]', > 'SASLSender' => undef, > 'Timestamp' => 1312213695, > 'ProtocolState' => 'RCPT', > 'Policy' => { > '0' => [ > '1', > '5' > ] > }, > 'Protocol' => 'ESMTP', > 'ClientReverseName' => 'unknown', > 'SASLMethod' => undef > }; > [2011/08/01-11:48:15 - 69946] [CBPOLICYD] DEBUG: Got request, running > modules... > [2011/08/01-11:48:15 - 69946] [CBPOLICYD] DEBUG: Running module: Access > Control Plugin > [2011/08/01-11:48:15 - 69946] [CBPOLICYD] DEBUG: Running module: HELO/EHLO > Check Plugin > [2011/08/01-11:48:15 - 69946] [CBPOLICYD] DEBUG: Running module: Greylisting > Plugin > [2011/08/01-11:48:15 - 69946] [CBPOLICYD] DEBUG: Running module: Quotas > Plugin > [2011/08/01-11:48:16 - 69946] [CBPOLICYD] DEBUG: Done with modules >
What did you set the verdict to? Did you try send a message after that one went through? Mail only gets verdict if at the time of sending it exceeds the quota, the quota was at 0%, it was then pushed above limit which means the next message will get the verdict you've defined. -N
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
