Osmany Goderich wrote: > I really need to separate different message size limits for different domains. > Someone suggested that one should limit cumulative message size per time > period but I am not interested in that approach.
Well to start with, any limit you apply will need to be "per some time period" - otherwise you'd limit a customer to <some quantity> and once they hit that then no more for the rest of time ! You'll need several policies to achieve what you want. Setup a group listing the domains you want a different limit for - this will be quite complicated if you want lots of different limits as you'll see in a second. Your main policy will match inbound mail and exclude members of the group. A second will match inbound mail to members of the group. Policy3 matches outbound mail excluding members of the group. And policy4 matches outbound mail and members of your group. You now have 4 mutually exclusive policies - you may need more if there are other categories of mail you want to control - this is where the matches start getting complicated. You can also see that it wouldn't be too hard to extend this to offer 3 levels - but your matching conditions can need a bit of thought. Ideally you need to keep all policies mutually exclusive - otherwise you'll find more than one policy being applied to mails that fit more than one set of policy match conditions. Now apply a quota to each policy, matching on recipient domain for inbound mail, and sender domain for outbound mail. So most customers will share a pair of inbound and outbound quotas, while customers you list in the group will share a different pair. For outbound mail, you may be better matching on SASL username (if you use that), if you match on sender address, then the user can simply fake that (use a different domain) and bypass your quota. For the quota module, you need to think about both the quantity and time period. If a user has been idle, then the quantity is in effect a burst allowance. For example, suppose you allowed 360 messages per 3600 seconds - that's one message per 10 seconds average. The user could connect and send about 360 messages very quickly without any limiting. During this time, the tracking value will increase until it passes 360 - and then the system will start throttling them. Over time, the tracking value reduces and more mail is let through. Think of it like a leaky bucket - if it's empty then you can toss in a whole bucket, but once it's full you can only put in what's dribbled out. The same average rate can be achieved with limits of (say) 3600 messages every 36000 seconds. Except that now the initial burst can be 3600 messages. The burst can only be used if there was an idle period prior to it (eg allowing the bucket to empty for a while) - so over a longer time, the user cannot exceed the average you set. _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
