On 09/14/11 07:18, Daniel Sepeur wrote: > Hello, > > i am a cluebringer newbie and hope, you can help me out in my questions. > Yesterday, i struggled the whole day around with cluebringers quotas. > But its not working as expected. > I have running Postfix with MySQL, Amavis and Greylist (from David > Schweikert). > My cluebringer version is: 2.0.11 > Now i would like to prevent that users on my host can sent alot of mails > via PHP's mail function. Therefore i tried to use cluebringer with > Quotas per sender@domain. > > Before i write more, let me ask one question in front of all: Is it a > MUST to configure cluebringers Amavis-Plugin if i run Amavis already or > is it a nice to have? > > Okay ... now let me proceed. > I installed cluebringer without Amavis-Plugin and setup Quotas via webui > as like this: > > Quotas: > > +----+----------+-----------------------------+--------------------+--------+---------+------+-----------------+----------+ > > | ID | PolicyID | Name | Track | Period | > Verdict | Data | Comment | Disabled | > > +----+----------+-----------------------------+--------------------+--------+---------+------+-----------------+----------+ > > | 5 | 2 | [email protected] | Sender:user@domain | > 3600 | REJECT | | 1 mail per hour | 0 | > > +----+----------+-----------------------------+--------------------+--------+---------+------+-----------------+----------+ > > > Quotas Limits: > > +----+----------+--------------+--------------+-------------------------+----------+ > | ID | QuotasID | Type | CounterLimit | Comment | > Disabled | > +----+----------+--------------+--------------+-------------------------+----------+ > | 5 | 5 | MessageCount | 1 | Nur eine Mail zulaessig | > 0 | > +----+----------+--------------+--------------+-------------------------+----------+ > > > Now i sent some emails through Thunderbird and nothing happens. > I can sent so much mails as i want and cluebringer does not stops me. > > This is my Postfix configuration: > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > append_dot_mydomain = no > biff = no > broken_sasl_auth_clients = yes > config_directory = /etc/postfix > content_filter = amavis:[127.0.0.1]:10024 > debug_peer_level = 5 > home_mailbox = Maildir/ > inet_interfaces = all > inet_protocols = all > mailbox_command = > mailbox_size_limit = 0 > mydestination = apophis, localhost, localhost.localdomain > myhostname = apophis.endofinternet.org > mynetworks = 127.0.0.0/8 192.168.0.0/24 > myorigin = /etc/mailname > proxy_read_maps = $local_recipient_maps $mydestination > $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps > $virtual_mailbox_domains $relay_recipient_maps $relay_domains > $canonical_maps $sender_canonical_maps $recipient_canonical_maps > $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps > readme_directory = no > receive_override_options = no_address_mappings > recipient_delimiter = + > relayhost = > smtp_tls_note_starttls_offer = yes > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > smtp_use_tls = yes > smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) > smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 > smtpd_recipient_restrictions = check_policy_service > inet:127.0.0.1:10031,permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination > smtpd_sasl_auth_enable = yes > smtpd_sasl_authenticated_header = yes > smtpd_sasl_local_domain = > smtpd_sasl_security_options = noanonymous > smtpd_sender_restrictions = check_policy_service inet:127.0.0.1:10031 > smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem > smtpd_tls_auth_only = no > smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt > smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > smtpd_tls_session_cache_timeout = 3600s > smtpd_use_tls = yes > tls_random_source = dev:/dev/urandom > transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf > virtual_alias_domains = > virtual_alias_maps = > proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, > mysql:/etc/postfix/mysql-virtual_email2email.cf > virtual_gid_maps = static:5000 > virtual_mailbox_base = /home/vmail > virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf > virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf > virtual_uid_maps = static:5000 > > I strengthen up postfix logging to see what happens. It seems, that > postfix is communicating with cluebringer. Here a piece of its log: > > Sep 13 13:51:01 apophis postfix/smtpd[16196]: >>> START Sender address > RESTRICTIONS <<< > Sep 13 13:51:01 apophis postfix/smtpd[16196]: generic_checks: > name=check_policy_service > Sep 13 13:51:01 apophis postfix/smtpd[16196]: trying... [127.0.0.1] > Sep 13 13:51:01 apophis postfix/smtpd[16196]: auto_clnt_open: connected > to 127.0.0.1:10031 > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr request = > smtpd_access_policy > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr protocol_state = > RCPT > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr protocol_name = > ESMTP > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr client_address = > 192.168.0.33 > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr client_name = > apophis.endofinternet.org > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr > reverse_client_name = apophis.endofinternet.org > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr helo_name = > apophis.endofinternet.org > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr sender = > [email protected] > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr recipient = > [email protected] > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr recipient_count = 0 > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr queue_id = > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr instance = > 3f44.4e6f43a5.44e7.0 > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr size = 595 > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr etrn_domain = > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr stress = > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr sasl_method = PLAIN > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr sasl_username = > [email protected] > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr sasl_sender = > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr ccert_subject = > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr ccert_issuer = > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr ccert_fingerprint = > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr > encryption_protocol = TLSv1 > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr > encryption_cipher = DHE-RSA-AES256-SHA > Sep 13 13:51:01 apophis postfix/smtpd[16196]: send attr > encryption_keysize = 256 > Sep 13 13:51:01 apophis postfix/smtpd[16196]: 127.0.0.1:10031: wanted > attribute: action > Sep 13 13:51:01 apophis postfix/smtpd[16196]: input attribute name: action > Sep 13 13:51:01 apophis postfix/smtpd[16196]: input attribute value: DUNNO > Sep 13 13:51:01 apophis postfix/smtpd[16196]: 127.0.0.1:10031: wanted > attribute: (list terminator) > Sep 13 13:51:01 apophis postfix/smtpd[16196]: input attribute name: (end) > Sep 13 13:51:01 apophis postfix/smtpd[16196]: check_table_result: > inet:127.0.0.1:10031 DUNNO policy query > Sep 13 13:51:01 apophis postfix/smtpd[16196]: generic_checks: > name=check_policy_service status=0 > Sep 13 13:51:01 apophis postfix/smtpd[16196]: >>> END Sender address > RESTRICTIONS <<< > > After the communication with cluebringer, postfix delivers the mail to > Amavis and no restriction will prevent to send alot of emails via the > given sender address. > As i can see in table "quotas_tracking" its always empty: > > mysql> select * from quotas_tracking; > Empty set (0.00 sec) > > It seems, that cluebringer is not tracking mails for the given sender. > > Can someone point me to the right way? It could be, that i make a > mistake in my configuration. > >
Postfix does not generate policy requests for local submission, you need to use SMTP. -N
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
