Fryderyk Raczyk <[email protected]> wrote: > I use a CbPolicyd (cluebringer-v2.0.14) and Quotas module. I would like to > limit sent messages based on sasl username, but I have to add some > exceptions. I add two members (my sasl username has email format) to my quota > policy with negation: > source: [email protected] dest: any > source: [email protected] dest: any
What I did was to create two mutually exclusive policies (actually there are more, but this gives you the idea). One is for "most" users, and matches "!%my_network,!%hi-vol-sasl,$*" - basically matches on SASL username but excludes members of group hi-vol-sasl. Then I have a separate policy for high volume users with members of %hi-vol-sasl. Then in quotas, I define different levels for the two policies. So to exclude a user from the normal (fairly modest) limits, I add their email address to the %hi-vol-sasl group - ie just add "[email protected]" to the %hi-vol-sasl group. I think the key here is the main policy membership "!%my_network,!%hi-vol-sasl,$*" which means "client is not in my local network AND SASL username is not in the exclusion list AND the client has used SASL auth". If you try to add exclusions as separate membership entries, then they are indeed ORed together. _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
