OK so this patch did not do well...
What it did was to add an entry to the quotas_tracking which was nulled
(so I removed it and retested my rules logic).
like this:
mysql> select * from quotas_tracking;
+----------------+-----------------------------------+------------+---------+
| QuotasLimitsID | TrackKey | LastUpdate |
Counter |
+----------------+-----------------------------------+------------+---------+
| NULL | NULL | NULL |
1.0000 |
| NULL | NULL | NULL |
1.0000 |
| NULL | NULL | NULL |
1.0000 |
| NULL | NULL | NULL |
1.0000 |
+----------------+-----------------------------------+------------+---------+
4 rows in set (0.00 sec)
I have tried to reorganize the rules groups and policies.
What I got to was this(which works):
mysql> select * from policies;
+----+------------------+----------+--------------------------------+----------+
| ID | Name | Priority | Description |
Disabled |
+----+------------------+----------+--------------------------------+----------+
| 1 | Default | 0 | Default System Policy |
1 |
| 2 | Default Outbound | 10 | Default Outbound System Policy |
0 |
| 3 | Default Inbound | 10 | Default Inbound System Policy |
1 |
| 4 | Default Internal | 20 | Default Internal System Policy |
1 |
| 5 | Test | 50 | Test policy |
1 |
+----+------------------+----------+--------------------------------+----------+
5 rows in set (0.00 sec)
mysql> select * from policy_members;
+----+----------+-----------------------------------+--------------------+---------+----------+
| ID | PolicyID | Source | Destination
| Comment | Disabled |
+----+----------+-----------------------------------+--------------------+---------+----------+
| 1 | 1 | NULL | NULL
| NULL | 1 |
| 2 | 2 | %internal_ips,%internal_domains | !%internal_domains
| NULL | 1 |
| 3 | 3 | !%internal_ips,!%internal_domains | %internal_domains
| NULL | 0 |
| 4 | 4 | %internal_ips,%internal_domains | %internal_domains
| NULL | 0 |
| 5 | 5 | @example.net | NULL
| NULL | 1 |
| 6 | 2 | any | any
| | 1 |
| 10 | 5 | $* | any
| | 0 |
| 11 | 1 | $* | any
| | 0 |
| 12 | 2 | $* | any
| | 0 |
+----+----------+-----------------------------------+--------------------+---------+----------+
9 rows in set (0.00 sec)
mysql> select * from policy_groups;
+----+------------------+----------+---------+
| ID | Name | Disabled | Comment |
+----+------------------+----------+---------+
| 1 | internal_ips | 1 | NULL |
| 2 | internal_domains | 1 | NULL |
| 3 | ALL | 1 | |
| 4 | sasl | 0 | |
+----+------------------+----------+---------+
4 rows in set (0.00 sec)
mysql> select * from policy_group_members;
+----+---------------+----------------+----------+---------+
| ID | PolicyGroupID | Member | Disabled | Comment |
+----+---------------+----------------+----------+---------+
| 1 | 1 | 10.0.0.0/8 | 0 | NULL |
| 2 | 3 | $sasl_username | 0 | |
| 3 | 4 | $* | 0 | |
+----+---------------+----------------+----------+---------+
3 rows in set (0.00 sec)
mysql> select * from quotas;
+----+----------+-------------------+-----------------------+--------+---------+-------------------------------------------------------------------+---------+----------+
| ID | PolicyID | Name | Track | Period |
Verdict | Data
| Comment | Disabled |
+----+----------+-------------------+-----------------------+--------+---------+-------------------------------------------------------------------+---------+----------+
| 1 | 5 | Recipient quotas | Recipient:user@domain | 3600 |
REJECT | NULL
| NULL | 1 |
| 2 | 5 | Quota on all /24s | SenderIP:/24 | 3600 |
REJECT | NULL
| NULL | 1 |
| 4 | 2 | sasl | SASLUsername | 3600 |
REJECT | You have been blocked due to abusive usage of the email
service. | | 0 |
| 5 | 1 | auth_limit1 | SASLUsername | 60 |
REJECT |
| | 1 |
+----+----------+-------------------+-----------------------+--------+---------+-------------------------------------------------------------------+---------+----------+
4 rows in set (0.00 sec)
mysql> select * from quotas_limits;
+----+----------+-----------------------+--------------+---------+----------+
| ID | QuotasID | Type | CounterLimit | Comment |
Disabled |
+----+----------+-----------------------+--------------+---------+----------+
| 1 | 1 | MessageCount | 10 | NULL |
0 |
| 2 | 1 | MessageCumulativeSize | 8000 | NULL |
0 |
| 3 | 2 | MessageCount | 12 | NULL |
0 |
| 5 | 4 | MessageCount | 60 | |
0 |
| 6 | 5 | MessageCount | 2 | |
0 |
+----+----------+-----------------------+--------------+---------+----------+
5 rows in set (0.00 sec)
mysql> select * from quotas_tracking;
+----------------+-----------------------------------+------------+---------+
| QuotasLimitsID | TrackKey | LastUpdate |
Counter |
+----------------+-----------------------------------+------------+---------+
| 5 | SASLUsername:[email protected] | 1383959458 |
3.1655 |
+----------------+-----------------------------------+------------+---------+
1 row in set (0.00 sec)
I eventually got it in place But I am still not sure how every piece in
the policies relate to each other.
I do see that there is a relationship between the policy to members and
maybe to groups? or groups is just the abstract way to making it
possible for other things?
If I would take a step by step to define from 0 what would be the steps
to create a by SASL quota rule?
So my goals are:
For all traffic other then SASL use a "DUNNO" answer while if there is a
SASL user account the usage by messages and allow only 60 messages per a
hour(3600 secs) so "DUNNO" for all until reached the limit and then
"REJECT" or "550 Got rejected due to abusive usage.
I would be happy to see a step by step like this since it is one of the
great options of Policyd.
Maybe the place for that is here:
http://wiki.policyd.org/quotas
I am asking for that since the Complete example did not made any sense
to me while trying to configure my settings.
Last note:
in the webgui at the members and other notes addition and change pages
the "popout" that explains the "$sasl_username" leaded me to thing at
start that in order to match every SASL-USERNAME I should use
"$sasl_username" leaving me clueless why the "$*" and "$_" is needed for.
so the macros that can be used are:
"$sasl_username" will mean => "[email protected]" to match the the
authentication name "[email protected]" and only this SASL name as a
member of the policy while
"$*" will mean => in a case of a SASL username match it as a single
member of the policy to track.
"$*" will mean => in a case that the email is being sent without a SASL
username *match* it(on a Internet host it can mean "catch\match all
incoming mails that do not have SASL auth").
Just wanted to know If I am right about the it.
Thanks,
Eliezer
On 11/08/2013 10:27 AM, Nigel Kukard wrote:
On 11/08/2013 01:26 AM, Eliezer Croitoru wrote:
I want to try to use policyd with a logic rule of:
"allow sasl authenticated users to send only 60 emails per 3600 seconds".
I have tried to do that in the past but I am not sure if I did
something wrong.
(If there is an exact list of things I better get then I want it.)
This is the policies from mysql and the debug output:
..snip..
Use of uninitialized value in multiplication (*) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 177, <$read>
line 21.
Use of uninitialized value in subtraction (-) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 182, <$read>
line 21.
Use of uninitialized value in multiplication (*) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 177, <$read>
line 21.
Use of uninitialized value in addition (+) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 253, <$read>
line 21.
Use of uninitialized value in addition (+) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 310, <$read>
line 21.
[2013/11/07-14:02:06 - 20640] [CORE] INFO: module=Quotas, mode=update,
host=192.168.10.108, helo=[192.168.10.108], [email protected],
[email protected], reason=quota_update, policy=2, quota=4,
limit=5, track=SASLUsername:[email protected],
counter=MessageCount, quota=2.00/2 (100.0%)
Use of uninitialized value in addition (+) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 253, <$read>
line 21.
Use of uninitialized value in addition (+) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 253, <$read>
line 21.
Use of uninitialized value in addition (+) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 310, <$read>
line 21.
Use of uninitialized value in addition (+) at
/usr/local/lib/policyd-2.0/cbp/modules/Quotas.pm line 310, <$read>
line 21.
[2013/11/07-14:02:06 - 20640] [CORE] INFO: module=Quotas, mode=update,
host=192.168.10.108, helo=[192.168.10.108], [email protected],
[email protected], reason=quota_update, policy=2, quota=4,
limit=5, track=SASLUsername:[email protected],
counter=MessageCount, quota=0.00/2 (0.0%)
Can you try the attached patch and let me now if it solves your problem?
-N
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
