Hi,
I'm having some trouble getting an outbound quota to work with PolicyD
and Postfix. I've attached the log, and some of the database contents.
While I can see that PolicyD is being invoked for outgoing email,
nothing appears in quotas_tracking. At one point, to test things, I
switched the quota from the "Outgoing" policy to the "Default" policy.
When I did that, entries appeared in quotas_tracking for incoming
emails, but not outgoing. So somehow my outgoing emails are not showing
up.
Is this due to the use of a post-queue content filter (Spamassassin) or
dkimproxy? I'm attaching my master.cf to illustrate, but I'm wondering
if that could be the cause of the problem. (although that should still
fall under "internal_ips"...)
Jeff
[2013/10/21-12:28:40 - 3241] [CBPOLICYD] INFO: Got request #1
[2013/10/21-12:28:40 - 3241] [CBPOLICYD] DEBUG: Running module: Access Control
Plugin
[2013/10/21-12:28:40 - 3241] [CBPOLICYD] DEBUG: Module 'Access Control Plugin'
returned CBP_CONTINUE
[2013/10/21-12:28:40 - 3241] [CBPOLICYD] DEBUG: Running module: HELO/EHLO Check
Plugin
[2013/10/21-12:28:40 - 3241] [CBPOLICYD] DEBUG: Module 'HELO/EHLO Check Plugin'
returned CBP_CONTINUE
[2013/10/21-12:28:40 - 3241] [CBPOLICYD] DEBUG: Running module: SPF Check Plugin
[2013/10/21-12:28:41 - 3241] [CHECKSPF] DEBUG: SPF result: barak-online.net: No
applicable sender policy available
[2013/10/21-12:28:41 - 3241] [CBPOLICYD] DEBUG: Module 'SPF Check Plugin'
returned CBP_CONTINUE
[2013/10/21-12:28:41 - 3241] [CBPOLICYD] DEBUG: Running module: Greylisting
Plugin
[2013/10/21-12:28:41 - 3241] [CBPOLICYD] DEBUG: Module 'Greylisting Plugin'
returned CBP_CONTINUE
[2013/10/21-12:28:41 - 3241] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
[2013/10/21-12:28:41 - 3241] [CBPOLICYD] DEBUG: Module 'Quotas Plugin' returned
CBP_CONTINUE
[2013/10/21-12:28:41 - 3241] [CBPOLICYD] DEBUG: Running module: Accounting
Plugin
[2013/10/21-12:28:41 - 3241] [CBPOLICYD] DEBUG: Module 'Accounting Plugin'
returned CBP_CONTINUE
[2013/10/21-12:28:41 - 3241] [CBPOLICYD] DEBUG: Done with modules
[2013/10/21-12:29:00 - 846] [TRACKING] DEBUG: No session tracking data exists
for request: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => 'CRAM-MD5',
'sasl_sender' => '',
'size' => 348,
'_timestamp' => 1382372940,
'helo_name' => 'Cardinal.local',
'reverse_client_name' => 'unknown',
'queue_id' => '5CB59114002',
'encryption_cipher' => 'ECDHE-RSA-AES256-SHA',
'encryption_protocol' => 'TLSv1',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'END-OF-MESSAGE',
'stress' => '',
'_peer_address' => '::ffff:127.0.0.1',
'sasl_username' => '[email protected]',
'recipient' => 'riâ¦[email protected]',
'ccert_pubkey_fingerprint' => '',
'instance' => '428.5265564a.51241.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '256',
'recipient_count' => '1',
'ccert_issuer' => '',
'sender' => '[email protected]',
'client_name' => 'unknown',
'client_address' => '156.40.117.1',
'_protocol_transport' => 'Postfix'
};
[2013/10/21-12:29:00 - 846] [TRACKING] DEBUG: Protocol state is
'END-OF-MESSAGE', decoding policy...
[2013/10/21-12:29:00 - 846] [TRACKING] DEBUG: Decoded into: $VAR1 = undef;
[2013/10/21-12:29:00 - 846] [TRACKING] DEBUG: Request translated into session
data: $VAR1 = {
'SASLUsername' => '[email protected]',
'QueueID' => '5CB59114002',
'RecipientData' => '',
'Instance' => '428.5265564a.51241.0',
'EncryptionCipher' => 'ECDHE-RSA-AES256-SHA',
'Size' => '1',
'EncryptionKeySize' => '256',
'UnixTimestamp' => 1382372940,
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => 'TLSv1',
'Helo' => 'Cardinal.local',
'ClientAddress' => '156.40.117.1',
'ClientName' => 'unknown',
'Sender' => '[email protected]',
'SASLSender' => '',
'_ClientAddress' => bless( {
'raw_ip' => '156.40.117.1',
'ip' => '156.40.117.1',
'ip_version' => 4,
'cidr' => 32
}, 'awitpt::netip' ),
'ProtocolState' => 'END-OF-MESSAGE',
'Protocol' => 'ESMTP',
'ClientReverseName' => 'unknown',
'SASLMethod' => 'CRAM-MD5'
};
[2013/10/21-12:29:00 - 846] [CBPOLICYD] INFO: Got request #4 (pipelined)
[2013/10/21-12:29:00 - 846] [CBPOLICYD] DEBUG: Running module: Access Control
Plugin
[2013/10/21-12:29:00 - 846] [CBPOLICYD] DEBUG: Module 'Access Control Plugin'
returned CBP_SKIP
[2013/10/21-12:29:00 - 846] [CBPOLICYD] DEBUG: Running module: HELO/EHLO Check
Plugin
[2013/10/21-12:29:00 - 846] [CBPOLICYD] DEBUG: Module 'HELO/EHLO Check Plugin'
returned CBP_SKIP
[2013/10/21-12:29:00 - 846] [CBPOLICYD] DEBUG: Running module: SPF Check Plugin
[2013/10/21-12:29:00 - 846] [CBPOLICYD] DEBUG: Module 'SPF Check Plugin'
returned CBP_SKIP
[2013/10/21-12:29:00 - 846] [CBPOLICYD] DEBUG: Running module: Greylisting
Plugin
[2013/10/21-12:29:00 - 846] [CBPOLICYD] DEBUG: Module 'Greylisting Plugin'
returned CBP_SKIP
[2013/10/21-12:29:00 - 846] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
[2013/10/21-12:29:00 - 846] [CBPOLICYD] DEBUG: Module 'Quotas Plugin' returned
CBP_SKIP
[2013/10/21-12:29:00 - 846] [CBPOLICYD] DEBUG: Running module: Accounting Plugin
[2013/10/21-12:29:00 - 846] [CBPOLICYD] DEBUG: Module 'Accounting Plugin'
returned CBP_SKIP
[2013/10/21-12:29:00 - 846] [CBPOLICYD] DEBUG: Done with modules
[2013/10/21-12:29:00 - 851] [TRACKING] DEBUG: No session tracking data exists
for request: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => '',
'sasl_sender' => '',
'size' => 1392,
'_timestamp' => 1382372940,
'helo_name' => 'finity.org',
'reverse_client_name' => 'localhost',
'queue_id' => '7C509114003',
'encryption_cipher' => '',
'encryption_protocol' => '',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'END-OF-MESSAGE',
'stress' => '',
'_peer_address' => '::ffff:127.0.0.1',
'sasl_username' => '',
'recipient' => 'riâ¦[email protected]',
'ccert_pubkey_fingerprint' => '',
'instance' => '202.5265564c.7c308.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '0',
'recipient_count' => '1',
'ccert_issuer' => '',
'sender' => '[email protected]',
'client_name' => 'localhost',
'client_address' => '127.0.0.1',
'_protocol_transport' => 'Postfix'
};
[2013/10/21-12:29:00 - 851] [TRACKING] DEBUG: Protocol state is
'END-OF-MESSAGE', decoding policy...
[2013/10/21-12:29:00 - 851] [TRACKING] DEBUG: Decoded into: $VAR1 = undef;
[2013/10/21-12:29:00 - 851] [TRACKING] DEBUG: Request translated into session
data: $VAR1 = {
'SASLUsername' => '',
'QueueID' => '7C509114003',
'RecipientData' => '',
'Instance' => '202.5265564c.7c308.0',
'EncryptionCipher' => '',
'Size' => '2',
'EncryptionKeySize' => '0',
'UnixTimestamp' => 1382372940,
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => '',
'Helo' => 'finity.org',
'ClientAddress' => '127.0.0.1',
'ClientName' => 'localhost',
'Sender' => '[email protected]',
'SASLSender' => '',
'_ClientAddress' => bless( {
'raw_ip' => '127.0.0.1',
'ip' => '127.0.0.1',
'ip_version' => 4,
'cidr' => 32
}, 'awitpt::netip' ),
'ProtocolState' => 'END-OF-MESSAGE',
'Protocol' => 'ESMTP',
'ClientReverseName' => 'localhost',
'SASLMethod' => ''
};
[2013/10/21-12:29:00 - 851] [CBPOLICYD] INFO: Got request #4 (pipelined)
[2013/10/21-12:29:00 - 851] [CBPOLICYD] DEBUG: Running module: Access Control
Plugin
[2013/10/21-12:29:00 - 851] [CBPOLICYD] DEBUG: Module 'Access Control Plugin'
returned CBP_SKIP
[2013/10/21-12:29:00 - 851] [CBPOLICYD] DEBUG: Running module: HELO/EHLO Check
Plugin
[2013/10/21-12:29:00 - 851] [CBPOLICYD] DEBUG: Module 'HELO/EHLO Check Plugin'
returned CBP_SKIP
[2013/10/21-12:29:00 - 851] [CBPOLICYD] DEBUG: Running module: SPF Check Plugin
[2013/10/21-12:29:00 - 851] [CBPOLICYD] DEBUG: Module 'SPF Check Plugin'
returned CBP_SKIP
[2013/10/21-12:29:00 - 851] [CBPOLICYD] DEBUG: Running module: Greylisting
Plugin
[2013/10/21-12:29:00 - 851] [CBPOLICYD] DEBUG: Module 'Greylisting Plugin'
returned CBP_SKIP
[2013/10/21-12:29:00 - 851] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
[2013/10/21-12:29:00 - 851] [CBPOLICYD] DEBUG: Module 'Quotas Plugin' returned
CBP_SKIP
[2013/10/21-12:29:00 - 851] [CBPOLICYD] DEBUG: Running module: Accounting Plugin
[2013/10/21-12:29:00 - 851] [CBPOLICYD] DEBUG: Module 'Accounting Plugin'
returned CBP_SKIP
[2013/10/21-12:29:00 - 851] [CBPOLICYD] DEBUG: Done with modulespolicyd.policies
+----+------------------+----------+--------------------------------+----------+
| ID | Name | Priority | Description | Disabled |
+----+------------------+----------+--------------------------------+----------+
| 1 | Default | 0 | Default System Policy | 0 |
| 2 | Default Outbound | 10 | Default Outbound System Policy | 0 |
| 3 | Default Inbound | 10 | Default Inbound System Policy | 0 |
| 4 | Default Internal | 20 | Default Internal System Policy | 0 |
+----+------------------+----------+--------------------------------+----------+
policyd.policy_members
+----+----------+-----------------------------------+--------------------+---------+----------+
| ID | PolicyID | Source | Destination |
Comment | Disabled |
+----+----------+-----------------------------------+--------------------+---------+----------+
| 1 | 1 | NULL | NULL | NULL
| 0 |
| 2 | 2 | %internal_ips,%internal_domains | !%internal_domains | NULL
| 0 |
| 3 | 3 | !%internal_ips,!%internal_domains | %internal_domains | NULL
| 0 |
| 4 | 4 | %internal_ips,%internal_domains | %internal_domains | NULL
| 0 |
+----+----------+-----------------------------------+--------------------+---------+----------+
policyd.quota
+----+----------+------------------------+--------------------+--------+---------+------+-----------+---------+----------+
| ID | PolicyID | Name | Track | Period |
Verdict | Data | LastQuota | Comment | Disabled |
+----+----------+------------------------+--------------------+--------+---------+------+-----------+---------+----------+
| 5 | 2 | Default Outbound Quota | Sender:user@domain | 3600 | REJECT
| 0 | 0 | | 0 |
+----+----------+------------------------+--------------------+--------+---------+------+-----------+---------+----------+
policyd.quotas_limits
+----+----------+--------------+--------------+---------+----------+
| ID | QuotasID | Type | CounterLimit | Comment | Disabled |
+----+----------+--------------+--------------+---------+----------+
| 6 | 5 | MessageCount | 5 | | 0 |
+----+----------+--------------+--------------+---------+----------+
# Spamassassin post-queue filter
smtp inet n - y - 20 smtpd
-o content_filter=spamassassin
submission inet n - - - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o receive_override_options=no_address_mappings
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o content_filter=dkimsign:[127.0.0.1]:10027
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n -
1 scache
discard unix - - n -
- discard
tlsmgr unix - - n 1000? 1 tlsmgr
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
dkimsign unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime,starttls
# for Spamassassin post-queue filter
spamassassin unix - n n - - pipe
user=debian-spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f
${sender} -d ${recipient}
# Receives email from dkimproxy_in (listening on 10025) and dkimproxy_out
(listening on 10027)
127.0.0.1:10026 inet n - y - 10 smtpd
-o content_filter=
-o myhostname=dkimproxy.finity.org
-o smtpd_proxy_filter=
-o mynetworks=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o strict_rfc821_envelopes=yes_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
