I am conntecting through outlook from a network not listed in mynetworks. But I don't understand you !! should I add this network to mynetwors in order to apply policy ? or I miss understand ?
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Simon Hobson Sent: Thursday, February 09, 2012 1:48 PM To: [email protected] Subject: Re: [policyd-users] limit number of messages sent to domain Amira Othman wrote: >I set quota with 1 message in 1 minute to a domain and then tried to send >two message.postfix sends it normally without check the policy and there is >no cbpolicyd written in postfix log file Firstly, you still haven't said how you are sending the messages. Is this local on the machine (eg using the mail command, local on the machine by telneting to port 25, from another machine, or something different ? Also, 1 minute is a bit short, it can be tricky going through stuff without the quota resetting while you are looking at the logs. Finally, when debugging, I've found that the Postfix debugging options are really useful. Adding : debug_peer_level = 2 debug_peer_list = w.x.y.z to main.cf (obviously putting an appropriate address in) means that a lot of debugging information is written to the mail log - and you can see what steps Postfix is taking. Now, absent an answer to the first question, I've have a guess. >mynetworks = *.*.*.*/24, 127.0.0.0/8 >smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 >smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated >reject_unauth_destination check_policy_service inet:127.0.0.1:10031 Now I'm not too sure about the EOD restrictions - it ought to be caling the policy service. But for your SMTP recipient restrictions, the policy server will not be consulted under quite a lot of circumstances. Most notably, if you are connecting from any address in mynetworks, then none of the other checked will be reached. Ditto if you are authenticating with SASL. So if you want to use PolicyD with internal & authenticated mail, then you need to shuffle the order of restrictions a bit : smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031 permit_mynetworks permit_sasl_authenticated reject_unauth_destination That may not be what you want, but it illustrates that you need to consider the order of the checks. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
