Re: [policyd-users] not matching all sasl-authenticated users

[Nigel Kukard]

On 05/08/2012 21:17, CSS wrote:

On Jul 26, 2012, at 3:11 AM, Robert Anderson wrote:

On 25/07/2012 10:16, CSS wrote:

I've run into a small issue with my very basic "match all sasl-authenticated 
users" policy (ID 6 below in both the policies and policy_members tables).

sqlite>   select * from policies;
1|Default|0|Default System Policy|0
6|outbound mail|10|put sasl-auth and any other outbound groups here|0
7|outbound-test|20|testing|1

sqlite>   select * from policy_members;
1|1||||0
6|6|$*|any|match sasl-auth users|0
7|7|$sp...@foo.com|any|testing|0

I see normal users that are connecting with a mail client being tracked, and I 
think I'm grabbing all of them.  However I just enabled smtp-auth in roundcube 
so I can also track my webmail users.   According to Postfix, this is working:

Jul 25 03:58:31 hc1 postfix/smtpd[25015]: connect from hc2.foo.com[x.x.x.x]
Jul 25 03:58:32 hc1 postfix/smtpd[25015]: F40808FD9D: 
client=hc2.foo.com[x.x.x.x], sasl_method=PLAIN, 
sasl_username=billingarch...@foo.com

And compared to another message I sent as another user via a normal MUA:

Jul 25 03:49:50 hc1 postfix/smtpd[23814]: connect from y.y.y.y[y.y.y.y]
Jul 25 03:49:51 hc1 cbpolicyd[23779]: module=Quotas, mode=update, host=y.y.y.y, 
helo=frankentosh.foo.com, from=sp...@foo.com, to=c...@foo.com, 
reason=quota_update, policy=6, quota=3, limit=4, 
track=SASLUsername:sp...@foo.com, counter=MessageCount, quota=1.00/100 (1.0%)
Jul 25 03:49:51 hc1 postfix/smtpd[23814]: 218D178B5D: client=y.y.y.y[y.y.y.66], 
sasl_method=PLAIN, sasl_username=sp...@foo.com

What might account for the difference?

The only thing of note here is that the IP that the mail server, smtpd and 
roundcube are using are all the same IP.  Could this be triggering some type of 
ignore?

With the log level set to 3, I'm not seeing anything in the cbpolicyd.log on 
these connections.

Would you mind posting the output of postconf?

Also below, do let me know if you want to see anything else...


smtpd_recipient_restrictions = permit_mynetworks,                       
check_policy_service inet:x.x.x.216:10031,                  
permit_sasl_authenticated,                      check_client_access 
regexp:/usr/local/etc/postfix/maps/relaying_stoplist,                       
reject_invalid_hostname,                        reject_non_fqdn_sender,         
        reject_non_fqdn_recipient,                      
reject_unknown_sender_domain,                   
reject_unknown_recipient_domain,                        
reject_unauth_destination,                      permit

-N

This is probably the issue, your roundcube server is in your 'mynetworks'? move the policy check to the first check done.

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Users mailing list
Users@lists.policyd.org
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org