Hello,
Today, I tested your product (cluebringer v2.0.14 and v2.1.x). And I
found that Quota module works incorrectly on both versions for me.
This is my configs:
cluebringer.conf:
[server]
# Protocols to load
protocols=<<EOT
Postfix
EOT
# Modules to load
modules=<<EOT
Core
Quotas
EOT
pid_file=/var/run/cluebringer/cbpolicyd.pid
min_servers=4
min_spare_servers=4
max_spare_servers=12
max_servers=25
max_requests=1000
log_level=4
log_file=/var/log/cbpolicyd.log
log_mail=mail@syslog:native
log_detail=modules,tracking,policies,protocols
host=127.0.0.1
port=10032
[database]
DSN=DBI:mysql:database=policyddb;host=172.20.182.9
DB_Type=mysql
DB_Host=172.20.182.9
DB_Port=3306
DB_Name=policyddb
Username=policyd
Password=xxx
bypass_mode=tempfail
bypass_timeout=30
# Quotas module
[Quotas]
enable=1
Posfix main.cf:
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
check_policy_service inet:127.0.0.1:10032,
permit_sasl_authenticated
smtpd_end_of_data_restrictions=
check_policy_service inet:127.0.0.1:10032
Database settings :
select * from quotas;
+----+----------+-------------------+-----------------------+--------+---------+------------------------+-----------+---------+----------+
| ID | PolicyID | Name | Track | Period |
Verdict | Data | LastQuota | Comment | Disabled |
+----+----------+-------------------+-----------------------+--------+---------+------------------------+-----------+---------+----------+
| 3 | 2 | Check SASL | SASLUsername:@domain | 3600 |
REJECT | Throttle Limit Reached | 0 | NULL | 0 |
+----+----------+-------------------+-----------------------+--------+---------+------------------------+-----------+---------+----------+
select * from policies;
+----+------------------+----------+--------------------------------+----------+
| ID | Name | Priority | Description | Disabled |
+----+------------------+----------+--------------------------------+----------+
| 2 | Default Outbound | 10 | Default Outbound System Policy | 0 |
+----+------------------+----------+--------------------------------+----------+
select * from policy_members;
+----+----------+-----------------------------------+--------------------+---------+----------+
| ID | PolicyID | Source | Destination
| Comment | Disabled |
+----+----------+-----------------------------------+--------------------+---------+----------+
| 6 | 2 | @mydns123.com | any
| NULL | 0 |
+----+----------+-----------------------------------+--------------------+---------+----------+
select * from quotas_limits;
+----+----------+-----------------------+--------------+---------+----------+
| ID | QuotasID | Type | CounterLimit | Comment | Disabled |
+----+----------+-----------------------+--------------+---------+----------+
| 4 | 3 | MessageCount | 5 | NULL | 0 |
+----+----------+-----------------------+--------------+---------+----------+
select * from quotas_tracking;
+----------------+---------------------------------+------------+---------+
| QuotasLimitsID | TrackKey | LastUpdate | Counter |
+----------------+---------------------------------+------------+---------+
| 4 | SASLUsername:[email protected] | 1453402951 | 5.7518 |
+----------------+---------------------------------+------------+---------+
After sending 5 messages, policyd blocks access (as expected). But few
minutes later, after the event in log "DEBUG: Shutting down caching
engine (xxxx)" , I can send 1 message again, please see log:
===========================================
[2016/01/21-18:57:01 - 20557] [PROTOCOLS/Postfix] DEBUG: Possible
Postfix protocol
[2016/01/21-18:57:01 - 20557] [PROTOCOLS/Postfix] INFO: Identified
Postfix protocol
[2016/01/21-18:57:01 - 20557] [TRACKING] DEBUG: No session tracking
data exists for request: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => 'LOGIN',
'sasl_sender' => '',
'size' => 0,
'_timestamp' => 1453402621,
'helo_name' => 'app2.ox.nctest.net',
'reverse_client_name' => 'app2.local',
'queue_id' => '',
'encryption_cipher' => 'ECDHE-RSA-AES256-SHA',
'encryption_protocol' => 'TLSv1',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'RCPT',
'stress' => '',
'_peer_address' => '127.0.0.1',
'sasl_username' => '[email protected]',
'recipient' => '[email protected]',
'ccert_pubkey_fingerprint' => '',
'instance' => '5332.56a129fd.ae8e5.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '256',
'recipient_count' => '0',
'ccert_issuer' => '',
'sender' => '[email protected]',
'client_name' => 'app2.local',
'client_address' => '172.20.182.4',
'_protocol_transport' => 'Postfix'
};
[2016/01/21-18:57:01 - 20557] [TRACKING] DEBUG: Added session tracking
information for: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => 'LOGIN',
'sasl_sender' => '',
'size' => 0,
'_timestamp' => 1453402621,
'helo_name' => 'app2.ox.nctest.net',
'reverse_client_name' => 'app2.local',
'queue_id' => '',
'encryption_cipher' => 'ECDHE-RSA-AES256-SHA',
'encryption_protocol' => 'TLSv1',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'RCPT',
'stress' => '',
'_peer_address' => '127.0.0.1',
'sasl_username' => '[email protected]',
'recipient' => '[email protected]',
'ccert_pubkey_fingerprint' => '',
'instance' => '5332.56a129fd.ae8e5.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '256',
'recipient_count' => '0',
'ccert_issuer' => '',
'sender' => '[email protected]',
'client_name' => 'app2.local',
'client_address' => '172.20.182.4',
'_protocol_transport' => 'Postfix'
};
[2016/01/21-18:57:01 - 20557] [TRACKING] DEBUG: Protocol state is
'RCPT', resolving policy...
[2016/01/21-18:57:01 - 20557] [POLICIES] DEBUG: Going to resolve
session data into policy: $VAR1 = {
'Recipient' => '[email protected]',
'SASLUsername' => '[email protected]',
'QueueID' => '',
'RecipientData' => '',
'Instance' => '5332.56a129fd.ae8e5.0',
'EncryptionCipher' => 'ECDHE-RSA-AES256-SHA',
'Size' => '0',
'EncryptionKeySize' => '256',
'EncryptionProtocol' => 'TLSv1',
'Helo' => 'app2.ox.nctest.net',
'ClientAddress' => '172.20.182.4',
'ClientName' => 'app2.local',
'Sender' => '[email protected]',
'SASLSender' => '',
'_ClientAddress' => bless( {
'raw_ip' => '172.20.182.4',
'ip' => '172.20.182.4',
'ip_version' => 4,
'cidr' => 32
}, 'awitpt::netip' ),
'Protocol' => 'ESMTP',
'ClientReverseName' => 'app2.local',
'SASLMethod' => 'LOGIN'
};
[2016/01/21-18:57:01 - 20557] [POLICIES] DEBUG: Found policy member
with ID '6' in policy 'Default Outbound'
[2016/01/21-18:57:01 - 20557] [POLICIES] DEBUG: [ID:6/Name:Default
Outbound]: Main policy sources '@mydns123.com'
[2016/01/21-18:57:01 - 20557] [POLICIES] DEBUG: [ID:6/Name:Default
Outbound]: - Resolved source '@mydns123.com' to a email address
specification, match = 1
[2016/01/21-18:57:01 - 20557] [POLICIES] INFO: [ID:6/Name:Default
Outbound]: Source matching result: matched=1
[2016/01/21-18:57:01 - 20557] [POLICIES] DEBUG: [ID:6/Name:Default
Outbound]: Destination not defined or 'any', explicit match: matched=1
[2016/01/21-18:57:01 - 20557] [POLICIES] INFO: [ID:6/Name:Default
Outbound]: Destination matching result: matched=1
[2016/01/21-18:57:01 - 20557] [POLICIES] DEBUG: END RESULT: prio=10 =>
policy ids: 2
[2016/01/21-18:57:01 - 20557] [TRACKING] DEBUG: Policy resolved into: $VAR1 = {
'10' => [
'2'
]
};
[2016/01/21-18:57:01 - 20557] [TRACKING] DEBUG: Request translated
into session data: $VAR1 = {
'Recipient' => '[email protected]',
'SASLUsername' => '[email protected]',
'QueueID' => '',
'RecipientData' => '',
'Instance' => '5332.56a129fd.ae8e5.0',
'EncryptionCipher' => 'ECDHE-RSA-AES256-SHA',
'Size' => '0',
'EncryptionKeySize' => '256',
'UnixTimestamp' => 1453402621,
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => 'TLSv1',
'Helo' => 'app2.ox.nctest.net',
'ClientAddress' => '172.20.182.4',
'ClientName' => 'app2.local',
'Sender' => '[email protected]',
'SASLSender' => '',
'_ClientAddress' => bless( {
'raw_ip' => '172.20.182.4',
'ip' => '172.20.182.4',
'ip_version' => 4,
'cidr' => 32
}, 'awitpt::netip' ),
'ProtocolState' => 'RCPT',
'Policy' => {
'10' => [
'2'
]
},
'Protocol' => 'ESMTP',
'ClientReverseName' => 'app2.local',
'SASLMethod' => 'LOGIN'
};
[2016/01/21-18:57:01 - 20557] [CBPOLICYD] INFO: Got request #3 (pipelined)
[2016/01/21-18:57:01 - 20557] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
[2016/01/21-18:57:01 - 20557] [PROTOCOL/Postfix] DEBUG: Received
PROTO_REJECT with response 'REJECT':'Throttle Limit Reached'
[2016/01/21-18:57:01 - 20557] [CBPOLICYD] DEBUG: Module 'Quotas
Plugin' returned CBP_STOP
[2016/01/21-18:57:01 - 20557] [CBPOLICYD] DEBUG: Done with modules
[2016/01/21-19:02:06 - 20557] [CBPOLICYD] WARNING: Client closed
connection => Peer: 127.0.0.1:48419, Local: 127.0.0.1:10032
[2016/01/21-19:02:06 - 20518] [CORE] INFO: Killing "1" children
[2016/01/21-19:02:06 - 20539] [CBPOLICYD] DEBUG: Shutting down caching
engine (20539)
[2016/01/21-19:02:31 - 20535] [CORE] INFO: 2016/01/21-19:02:31 CONNECT
TCP Peer: "[127.0.0.1]:48543" Local: "[127.0.0.1]:10032"
[2016/01/21-19:02:31 - 20535] [PROTOCOLS/Postfix] DEBUG: Possible
Postfix protocol
[2016/01/21-19:02:31 - 20535] [PROTOCOLS/Postfix] INFO: Identified
Postfix protocol
[2016/01/21-19:02:31 - 20518] [CORE] INFO: Starting "1" children
[2016/01/21-19:02:31 - 20535] [TRACKING] DEBUG: No session tracking
data exists for request: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => 'LOGIN',
'sasl_sender' => '',
'size' => 0,
'_timestamp' => 1453402951,
'helo_name' => 'app2.ox.nctest.net',
'reverse_client_name' => 'app2.local',
'queue_id' => '',
'encryption_cipher' => 'ECDHE-RSA-AES256-SHA',
'encryption_protocol' => 'TLSv1',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'RCPT',
'stress' => '',
'_peer_address' => '127.0.0.1',
'sasl_username' => '[email protected]',
'recipient' => '[email protected]',
'ccert_pubkey_fingerprint' => '',
'instance' => '53d6.56a12b47.36d86.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '256',
'recipient_count' => '0',
'ccert_issuer' => '',
'sender' => '[email protected]',
'client_name' => 'app2.local',
'client_address' => '172.20.182.4',
'_protocol_transport' => 'Postfix'
};
[2016/01/21-19:02:31 - 20535] [TRACKING] DEBUG: Added session tracking
information for: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => 'LOGIN',
'sasl_sender' => '',
'size' => 0,
'_timestamp' => 1453402951,
'helo_name' => 'app2.ox.nctest.net',
'reverse_client_name' => 'app2.local',
'queue_id' => '',
'encryption_cipher' => 'ECDHE-RSA-AES256-SHA',
'encryption_protocol' => 'TLSv1',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'RCPT',
'stress' => '',
'_peer_address' => '127.0.0.1',
'sasl_username' => '[email protected]',
'recipient' => '[email protected]',
'ccert_pubkey_fingerprint' => '',
'instance' => '53d6.56a12b47.36d86.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '256',
'recipient_count' => '0',
'ccert_issuer' => '',
'sender' => '[email protected]',
'client_name' => 'app2.local',
'client_address' => '172.20.182.4',
'_protocol_transport' => 'Postfix'
};
[2016/01/21-19:02:31 - 20535] [TRACKING] DEBUG: Protocol state is
'RCPT', resolving policy...
[2016/01/21-19:02:31 - 20535] [POLICIES] DEBUG: Going to resolve
session data into policy: $VAR1 = {
'Recipient' => '[email protected]',
'SASLUsername' => '[email protected]',
'QueueID' => '',
'RecipientData' => '',
'Instance' => '53d6.56a12b47.36d86.0',
'EncryptionCipher' => 'ECDHE-RSA-AES256-SHA',
'Size' => '0',
'EncryptionKeySize' => '256',
'EncryptionProtocol' => 'TLSv1',
'Helo' => 'app2.ox.nctest.net',
'ClientAddress' => '172.20.182.4',
'ClientName' => 'app2.local',
'Sender' => '[email protected]',
'SASLSender' => '',
'_ClientAddress' => bless( {
'raw_ip' => '172.20.182.4',
'ip' => '172.20.182.4',
'ip_version' => 4,
'cidr' => 32
}, 'awitpt::netip' ),
'Protocol' => 'ESMTP',
'ClientReverseName' => 'app2.local',
'SASLMethod' => 'LOGIN'
};
[2016/01/21-19:02:31 - 20535] [POLICIES] DEBUG: Found policy member
with ID '6' in policy 'Default Outbound'
[2016/01/21-19:02:31 - 20535] [POLICIES] DEBUG: [ID:6/Name:Default
Outbound]: Main policy sources '@mydns123.com'
[2016/01/21-19:02:31 - 20535] [POLICIES] DEBUG: [ID:6/Name:Default
Outbound]: - Resolved source '@mydns123.com' to a email address
specification, match = 1
[2016/01/21-19:02:31 - 20535] [POLICIES] INFO: [ID:6/Name:Default
Outbound]: Source matching result: matched=1
[2016/01/21-19:02:31 - 20535] [POLICIES] DEBUG: [ID:6/Name:Default
Outbound]: Destination not defined or 'any', explicit match: matched=1
[2016/01/21-19:02:31 - 20535] [POLICIES] INFO: [ID:6/Name:Default
Outbound]: Destination matching result: matched=1
[2016/01/21-19:02:31 - 20535] [POLICIES] DEBUG: END RESULT: prio=10 =>
policy ids: 2
[2016/01/21-19:02:31 - 20535] [TRACKING] DEBUG: Policy resolved into: $VAR1 = {
'10' => [
'2'
]
};
[2016/01/21-19:02:31 - 20535] [TRACKING] DEBUG: Request translated
into session data: $VAR1 = {
'Recipient' => '[email protected]',
'SASLUsername' => '[email protected]',
'QueueID' => '',
'RecipientData' => '',
'Instance' => '53d6.56a12b47.36d86.0',
'EncryptionCipher' => 'ECDHE-RSA-AES256-SHA',
'Size' => '0',
'EncryptionKeySize' => '256',
'UnixTimestamp' => 1453402951,
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => 'TLSv1',
'Helo' => 'app2.ox.nctest.net',
'ClientAddress' => '172.20.182.4',
'ClientName' => 'app2.local',
'Sender' => '[email protected]',
'SASLSender' => '',
'_ClientAddress' => bless( {
'raw_ip' => '172.20.182.4',
'ip' => '172.20.182.4',
'ip_version' => 4,
'cidr' => 32
}, 'awitpt::netip' ),
'ProtocolState' => 'RCPT',
'Policy' => {
'10' => [
'2'
]
},
'Protocol' => 'ESMTP',
'ClientReverseName' => 'app2.local',
'SASLMethod' => 'LOGIN'
};
[2016/01/21-19:02:31 - 20535] [CBPOLICYD] INFO: Got request #1
[2016/01/21-19:02:31 - 20535] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
[2016/01/21-19:02:31 - 21623] [CORE] DEBUG: Child Preforked (21623)
[2016/01/21-19:02:31 - 21623] [CBPOLICYD] DEBUG: Starting up caching engine
[2016/01/21-19:02:31 - 20535] [CBPOLICYD] DEBUG: Module 'Quotas
Plugin' returned CBP_CONTINUE
[2016/01/21-19:02:31 - 20535] [CBPOLICYD] DEBUG: Done with modules
[2016/01/21-19:02:31 - 20535] [PROTOCOLS/Postfix] DEBUG: Possible
Postfix protocol
[2016/01/21-19:02:31 - 20535] [PROTOCOLS/Postfix] INFO: Identified
Postfix protocol
[2016/01/21-19:02:31 - 20535] [TRACKING] DEBUG: Protocol state is
'END-OF-MESSAGE', decoding policy...
[2016/01/21-19:02:31 - 20535] [TRACKING] DEBUG: Decoded into: $VAR1 = {
'[email protected]' => {
'10' => [
'2'
]
}
};
[2016/01/21-19:02:31 - 20535] [TRACKING] DEBUG: Request translated
into session data: $VAR1 = {
'SASLUsername' => '[email protected]',
'QueueID' => '461B2120A4',
'RecipientData' => '/<[email protected]>#10=2;',
'EncryptionCipher' => 'ECDHE-RSA-AES256-SHA',
'Instance' => '53d6.56a12b47.36d86.0',
'Size' => '1',
'EncryptionKeySize' => '256',
'UnixTimestamp' => 1453402951,
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => 'TLSv1',
'Helo' => 'app2.ox.nctest.net',
'ClientAddress' => '172.20.182.4',
'ClientName' => 'app2.local',
'Sender' => '[email protected]',
'SASLSender' => '',
'_ClientAddress' => bless( {
'raw_ip' => '172.20.182.4',
'ip' => '172.20.182.4',
'ip_version' => 4,
'cidr' => 32
}, 'awitpt::netip' ),
'ProtocolState' => 'END-OF-MESSAGE',
'_Recipient_To_Policy' => {
'[email protected]' => {
'10' => [
'2'
]
}
},
'Protocol' => 'ESMTP',
'ClientReverseName' => 'app2.local',
'SASLMethod' => 'LOGIN'
};
[2016/01/21-19:02:31 - 20535] [CBPOLICYD] INFO: Got request #2 (pipelined)
[2016/01/21-19:02:31 - 20535] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
[2016/01/21-19:02:31 - 20535] [CBPOLICYD] DEBUG: Module 'Quotas
Plugin' returned CBP_CONTINUE
[2016/01/21-19:02:31 - 20535] [CBPOLICYD] DEBUG: Done with modules
[2016/01/21-19:07:31 - 20535] [CBPOLICYD] WARNING: Client closed
connection => Peer: 127.0.0.1:48543, Local: 127.0.0.1:10032
[2016/01/21-19:07:31 - 20518] [CORE] INFO: Killing "1" children
[2016/01/21-19:07:31 - 21623] [CBPOLICYD] DEBUG: Shutting down caching
engine (21623)
===========================================
Could you please let me know is this known issue or incorrect settings
from my side ?
Thank you
--
Best regards,
Ihor Rusyn
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
