I want to try to use policyd with a logic rule of:
"allow sasl authenticated users to send only 60 emails per 3600 seconds".
I have tried to do that in the past but I am not sure if I did something
wrong.
(If there is an exact list of things I better get then I want it.)
This is the policies from mysql and the debug output:
mysql> select * from policies;
+----+------------------+----------+--------------------------------+----------+
| ID | Name | Priority | Description |
Disabled |
+----+------------------+----------+--------------------------------+----------+
| 1 | Default | 0 | Default System Policy |
0 |
| 2 | Default Outbound | 10 | Default Outbound System Policy |
0 |
| 3 | Default Inbound | 10 | Default Inbound System Policy |
1 |
| 4 | Default Internal | 20 | Default Internal System Policy |
1 |
| 5 | Test | 50 | Test policy |
1 |
+----+------------------+----------+--------------------------------+----------+
5 rows in set (0.00 sec)
mysql> select * from quotas;
+----+----------+-------------------+-----------------------+--------+---------+-------------------------------------------------------------------+---------+----------+
| ID | PolicyID | Name | Track | Period |
Verdict | Data
| Comment | Disabled |
+----+----------+-------------------+-----------------------+--------+---------+-------------------------------------------------------------------+---------+----------+
| 1 | 5 | Recipient quotas | Recipient:user@domain | 3600 |
REJECT | NULL
| NULL | 1 |
| 2 | 5 | Quota on all /24s | SenderIP:/24 | 3600 |
REJECT | NULL
| NULL | 1 |
| 4 | 2 | sasl | SASLUsername | 3600 |
REJECT | You have been blocked due to abusive usage of the email
service. | | 0 |
| 5 | 1 | auth_limit1 | SASLUsername | 60 |
REJECT |
| | 1 |
+----+----------+-------------------+-----------------------+--------+---------+-------------------------------------------------------------------+---------+----------+
4 rows in set (0.00 sec)
mysql> select * from quotas_limits;
+----+----------+-----------------------+--------------+---------+----------+
| ID | QuotasID | Type | CounterLimit | Comment |
Disabled |
+----+----------+-----------------------+--------------+---------+----------+
| 1 | 1 | MessageCount | 10 | NULL |
0 |
| 2 | 1 | MessageCumulativeSize | 8000 | NULL |
0 |
| 3 | 2 | MessageCount | 12 | NULL |
0 |
| 5 | 4 | MessageCount | 2 | |
0 |
| 6 | 5 | MessageCount | 2 | |
0 |
+----+----------+-----------------------+--------------+---------+----------+
5 rows in set (0.00 sec)
mysql> select * from quotas_tracking;
+----------------+-----------------------------------+------------+---------+
| QuotasLimitsID | TrackKey | LastUpdate |
Counter |
+----------------+-----------------------------------+------------+---------+
| 5 | SASLUsername: | 1383825542 |
2.8455 |
| 6 | SASLUsername: | 1382973395 |
1.0000 |
| 5 | SASLUsername:[email protected] | 1383825726 |
NULL |
+----------------+-----------------------------------+------------+---------+
3 rows in set (0.00 sec)
mysql> select * from policcy_members;
ERROR 1146 (42S02): Table 'policydv2.policcy_members' doesn't exist
mysql> select * from policy_members;
+----+----------+-----------------------------------+--------------------+---------+----------+
| ID | PolicyID | Source | Destination
| Comment | Disabled |
+----+----------+-----------------------------------+--------------------+---------+----------+
| 1 | 1 | NULL | NULL
| NULL | 1 |
| 2 | 2 | %internal_ips,%internal_domains | !%internal_domains
| NULL | 1 |
| 3 | 3 | !%internal_ips,!%internal_domains | %internal_domains
| NULL | 0 |
| 4 | 4 | %internal_ips,%internal_domains | %internal_domains
| NULL | 0 |
| 5 | 5 | @example.net | NULL
| NULL | 1 |
| 6 | 2 | any | any
| | 0 |
| 10 | 5 | $* | any
| | 0 |
| 11 | 1 | $* | any
| | 0 |
| 12 | 2 | $* | any
| | 0 |
+----+----------+-----------------------------------+--------------------+---------+----------+
9 rows in set (0.00 sec)
mysql> select * from policy_groups;
+----+------------------+----------+---------+
| ID | Name | Disabled | Comment |
+----+------------------+----------+---------+
| 1 | internal_ips | 0 | NULL |
| 2 | internal_domains | 0 | NULL |
| 3 | ALL | 1 | |
| 4 | sasl | 0 | |
+----+------------------+----------+---------+
4 rows in set (0.00 sec)
[2013/11/07-14:02:06 - 20640] [CORE] INFO: 2013/11/07-14:02:06 CONNECT
TCP Peer: "[::ffff:127.0.0.1]:44623" Local: "[::ffff:127.0.0.1]:10031"
[2013/11/07-14:02:06 - 20640] [PROTOCOLS/Postfix] DEBUG: Possible
Postfix protocol
[2013/11/07-14:02:06 - 20640] [PROTOCOLS/Postfix] INFO: Identified
Postfix protocol
[2013/11/07-14:02:06 - 20672] [CORE] DEBUG: Child Preforked (20672)
[2013/11/07-14:02:06 - 20672] [CBPOLICYD] DEBUG: Starting up caching engine
[2013/11/07-14:02:06 - 20640] [TRACKING] DEBUG: No session tracking data
exists for request: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => 'PLAIN',
'sasl_sender' => '',
'size' => 375,
'_timestamp' => 1383825726,
'helo_name' => '[192.168.10.108]',
'reverse_client_name' => 'unknown',
'queue_id' => '',
'encryption_cipher' => '',
'encryption_protocol' => '',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'RCPT',
'stress' => '',
'recipient' => '[email protected]',
'sasl_username' => '[email protected]',
'instance' => '4fb3.527b813e.6170.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '0',
'recipient_count' => '0',
'ccert_issuer' => '',
'sender' => '[email protected]',
'client_name' => 'unknown',
'client_address' => '192.168.10.108',
'_protocol_transport' => 'Postfix'
};
[2013/11/07-14:02:06 - 20640] [TRACKING] DEBUG: Added session tracking
information for: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => 'PLAIN',
'sasl_sender' => '',
'size' => 375,
'_timestamp' => 1383825726,
'helo_name' => '[192.168.10.108]',
'reverse_client_name' => 'unknown',
'queue_id' => '',
'encryption_cipher' => '',
'encryption_protocol' => '',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'RCPT',
'stress' => '',
'recipient' => '[email protected]',
'sasl_username' => '[email protected]',
'instance' => '4fb3.527b813e.6170.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '0',
'recipient_count' => '0',
'ccert_issuer' => '',
'sender' => '[email protected]',
'client_name' => 'unknown',
'client_address' => '192.168.10.108',
'_protocol_transport' => 'Postfix'
};
[2013/11/07-14:02:06 - 20640] [TRACKING] DEBUG: Protocol state is
'RCPT', resolving policy...
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: Going to resolve session
data into policy: $VAR1 = {
'Recipient' => '[email protected]',
'SASLUsername' => '[email protected]',
'QueueID' => '',
'RecipientData' => '',
'Instance' => '4fb3.527b813e.6170.0',
'EncryptionCipher' => '',
'Size' => '1',
'EncryptionKeySize' => '0',
'EncryptionProtocol' => '',
'Helo' => '[192.168.10.108]',
'ClientAddress' => '192.168.10.108',
'ClientName' => 'unknown',
'Sender' => '[email protected]',
'SASLSender' => '',
'Protocol' => 'ESMTP',
'ClientReverseName' => 'unknown',
'SASLMethod' => 'PLAIN'
};
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: Found policy member with
ID '11' in policy 'Default'
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: Found policy member with
ID '6' in policy 'Default Outbound'
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: Found policy member with
ID '12' in policy 'Default Outbound'
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: [ID:11/Name:Default]:
Main policy sources '$*'
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: [ID:11/Name:Default]: -
Resolved source '$*' to a SASL user specification, match = 1
[2013/11/07-14:02:06 - 20640] [POLICIES] INFO: [ID:11/Name:Default]:
Source matching result: matched=1
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: [ID:11/Name:Default]:
Destination not defined or 'any', explicit match: matched=1
[2013/11/07-14:02:06 - 20640] [POLICIES] INFO: [ID:11/Name:Default]:
Destination matching result: matched=1
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: [ID:6/Name:Default
Outbound]: Source not defined or 'any', explicit match: matched=1
[2013/11/07-14:02:06 - 20640] [POLICIES] INFO: [ID:6/Name:Default
Outbound]: Source matching result: matched=1
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: [ID:6/Name:Default
Outbound]: Destination not defined or 'any', explicit match: matched=1
[2013/11/07-14:02:06 - 20640] [POLICIES] INFO: [ID:6/Name:Default
Outbound]: Destination matching result: matched=1
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: [ID:12/Name:Default
Outbound]: Main policy sources '$*'
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: [ID:12/Name:Default
Outbound]: - Resolved source '$*' to a SASL user specification, match = 1
[2013/11/07-14:02:06 - 20640] [POLICIES] INFO: [ID:12/Name:Default
Outbound]: Source matching result: matched=1
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: [ID:12/Name:Default
Outbound]: Destination not defined or 'any', explicit match: matched=1
[2013/11/07-14:02:06 - 20640] [POLICIES] INFO: [ID:12/Name:Default
Outbound]: Destination matching result: matched=1
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: END RESULT: prio=0 =>
policy ids: 1
[2013/11/07-14:02:06 - 20640] [POLICIES] DEBUG: END RESULT: prio=10 =>
policy ids: 2,2
[2013/11/07-14:02:06 - 20640] [TRACKING] DEBUG: Policy resolved into:
$VAR1 = {
'0' => [
'1'
],
'10' => [
'2',
'2'
]
};
[2013/11/07-14:02:06 - 20640] [TRACKING] DEBUG: Request translated into
session data: $VAR1 = {
'Recipient' => '[email protected]',
'SASLUsername' => '[email protected]',
'QueueID' => '',
'RecipientData' => '',
'Instance' => '4fb3.527b813e.6170.0',
'EncryptionCipher' => '',
'Size' => '1',
'EncryptionKeySize' => '0',
'ParsedClientAddress' => {
'Broadcast_Long' => 3232238188,
'Network' => '192.168.10.108',
'IP_Long' => 3232238188,
'Broadcast' => '192.168.10.108',
'IP' => '192.168.10.108',
'Mask_Long' => 4294967295,
'Network_Long' => 3232238188
},
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => '',
'Helo' => '[192.168.10.108]',
'ClientAddress' => '192.168.10.108',
'ClientName' => 'unknown',
'Sender' => '[email protected]',
'SASLSender' => '',
'Timestamp' => 1383825726,
'ProtocolState' => 'RCPT',
'Policy' => {
'0' => [
'1'
],
'10' => [
'2',
'2'
]
},
'Protocol' => 'ESMTP',
'ClientReverseName' => 'unknown',
'SASLMethod' => 'PLAIN'
};
[2013/11/07-14:02:06 - 20640] [CBPOLICYD] DEBUG: Got request, running
modules...
[2013/11/07-14:02:06 - 20640] [CBPOLICYD] DEBUG: Running module: Access
Control Plugin
[2013/11/07-14:02:06 - 20640] [CBPOLICYD] DEBUG: Running module:
HELO/EHLO Check Plugin
[2013/11/07-14:02:06 - 20640] [CBPOLICYD] DEBUG: Running module: SPF
Check Plugin
[2013/11/07-14:02:06 - 20640] [CBPOLICYD] DEBUG: Running module:
Greylisting Plugin
[2013/11/07-14:02:06 - 20640] [CBPOLICYD] DEBUG: Running module: Quotas
Plugin
Use of uninitialized value in multiplication (*) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 177, <$read> line 21.
Use of uninitialized value in subtraction (-) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 182, <$read> line 21.
Use of uninitialized value in multiplication (*) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 177, <$read> line 21.
Use of uninitialized value in addition (+) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 253, <$read> line 21.
Use of uninitialized value in addition (+) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 310, <$read> line 21.
[2013/11/07-14:02:06 - 20640] [CORE] INFO: module=Quotas, mode=update,
host=192.168.10.108, helo=[192.168.10.108], [email protected],
[email protected], reason=quota_update, policy=2, quota=4,
limit=5, track=SASLUsername:[email protected], counter=MessageCount,
quota=2.00/2 (100.0%)
Use of uninitialized value in addition (+) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 253, <$read> line 21.
Use of uninitialized value in addition (+) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 253, <$read> line 21.
Use of uninitialized value in addition (+) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 310, <$read> line 21.
Use of uninitialized value in addition (+) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 310, <$read> line 21.
[2013/11/07-14:02:06 - 20640] [CORE] INFO: module=Quotas, mode=update,
host=192.168.10.108, helo=[192.168.10.108], [email protected],
[email protected], reason=quota_update, policy=2, quota=4,
limit=5, track=SASLUsername:[email protected], counter=MessageCount,
quota=0.00/2 (0.0%)
[2013/11/07-14:02:06 - 20640] [CBPOLICYD] DEBUG: Done with modules
[2013/11/07-14:02:07 - 20302] [CORE] INFO: 2013/11/07-14:02:07 CONNECT
TCP Peer: "[::ffff:127.0.0.1]:44625" Local: "[::ffff:127.0.0.1]:10031"
[2013/11/07-14:02:07 - 20302] [PROTOCOLS/Postfix] DEBUG: Possible
Postfix protocol
[2013/11/07-14:02:07 - 20302] [PROTOCOLS/Postfix] INFO: Identified
Postfix protocol
[2013/11/07-14:02:07 - 20302] [TRACKING] DEBUG: Protocol state is
'END-OF-MESSAGE', decoding policy...
[2013/11/07-14:02:07 - 20302] [TRACKING] DEBUG: Decoded into: $VAR1 = {
'[email protected]' => {
'0' => [
'1'
],
'10' => [
'2',
'2'
]
}
};
[2013/11/07-14:02:07 - 20302] [TRACKING] DEBUG: Request translated into
session data: $VAR1 = {
'SASLUsername' => '[email protected]',
'QueueID' => '2F8AA1444DA1',
'RecipientData' => '/<[email protected]>#0=1;10=2,2;',
'EncryptionCipher' => '',
'Instance' => '4fb3.527b813e.6170.0',
'Size' => '1',
'EncryptionKeySize' => '0',
'ParsedClientAddress' => {
'Broadcast_Long' => 3232238188,
'Network' => '192.168.10.108',
'IP_Long' => 3232238188,
'Broadcast' => '192.168.10.108',
'IP' => '192.168.10.108',
'Mask_Long' => 4294967295,
'Network_Long' => 3232238188
},
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => '',
'Helo' => '[192.168.10.108]',
'ClientAddress' => '192.168.10.108',
'ClientName' => 'unknown',
'Sender' => '[email protected]',
'SASLSender' => '',
'Timestamp' => 1383825727,
'ProtocolState' => 'END-OF-MESSAGE',
'_Recipient_To_Policy' => {
'[email protected]' => {
'0' => [
'1'
],
'10' => [
'2',
'2'
]
}
},
'Protocol' => 'ESMTP',
'ClientReverseName' => 'unknown',
'SASLMethod' => 'PLAIN'
};
[2013/11/07-14:02:07 - 20302] [CBPOLICYD] DEBUG: Got request, running
modules...
[2013/11/07-14:02:07 - 20302] [CBPOLICYD] DEBUG: Running module: Access
Control Plugin
[2013/11/07-14:02:07 - 20302] [CBPOLICYD] DEBUG: Running module:
HELO/EHLO Check Plugin
[2013/11/07-14:02:07 - 20302] [CBPOLICYD] DEBUG: Running module: SPF
Check Plugin
[2013/11/07-14:02:07 - 20302] [CBPOLICYD] DEBUG: Running module:
Greylisting Plugin
[2013/11/07-14:02:07 - 20302] [CBPOLICYD] DEBUG: Running module: Quotas
Plugin
[2013/11/07-14:02:07 - 20302] [CBPOLICYD] DEBUG: Done with modules
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
