I use a CbPolicyd (cluebringer-v2.0.14) and Quotas module. I would like to limit sent messages based on sasl username, but I have to add some exceptions. I add two members (my sasl username has email format) to my quota policy with negation: source: [email protected] dest: any source: [email protected] dest: anyWhat I did was to create two mutually exclusive policies (actually there are more, but this gives you the idea). One is for "most" users, and matches "!%my_network,!%hi-vol-sasl,$*" - basically matches on SASL username but excludes members of group hi-vol-sasl. Then I have a separate policy for high volume users with members of %hi-vol-sasl. Then in quotas, I define different levels for the two policies.So to exclude a user from the normal (fairly modest) limits, I add their email address to the %hi-vol-sasl group - ie just add "[email protected]" to the %hi-vol-sasl group. I think the key here is the main policy membership "!%my_network,!%hi-vol-sasl,$*" which means "client is not in my local network AND SASL username is not in the exclusion list AND the client has used SASL auth". If you try to add exclusions as separate membership entries, then they are indeed ORed together.
Thank you for reply and suggestion. Maybe I don't proper configure your example, but If I have a policy with members: !%hi-vol-sasl, $*, then a member from group 'hi-vol-sasl' doesn't match to first entry (!%hi-vol-sasl), but it always matches to "$*" which means "any SASL username", so final result is "matched". Second mutually exclusive policy doesn't change anything.
Regards, Fred
smime.p7s
Description: Kryptograficzna sygnatura S/MIME
_______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
