Hi,
this is just a wild guess, but make sure that your postfix configuration
invoking policyd is correct. Unless I'm totally mistaken, you need to
invoke policyd twice. Here's a snippet from my configuration, which
correctly works with several different quota rules (all applied by
user):
smtpd_recipient_restrictions =
check_recipient_access
pcre:$config_directory/maps/check_recipient_blacklist,
permit_mynetworks,
reject_non_fqdn_recipient,
check_recipient_access
pcre:$config_directory/maps/check_recipient ,
reject_unlisted_sender,
# policyd:
check_policy_service inet:127.0.0.1:10031 ,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client preempt.dnsbl.sorbs.net ,
reject_rbl_client relays.dnsbl.sorbs.net ,
reject_rbl_client block.dnsbl.sorbs.net ,
reject_rbl_client zombie.dnsbl.sorbs.net ,
reject_rbl_client escalations.dnsbl.sorbs.net ,
reject_rhsbl_sender rhsbl.sorbs.net ,
# grossd:
check_policy_service inet:127.0.0.1:5525 ,
permit
smtpd_end_of_data_restrictions =
# policyD:
check_policy_service inet:127.0.0.1:10031 ,
permit
If I remember correctly, the invocation in recipient_restrictions
updates the quotas, while the one in end_of_data_restrictions actually
enforces them, i.e. rejects messages when over quota.
Am 24.05.2017 13:03, schrieb Wafa BEN KHOUD via Users:
Hi,
I switched tracking to saslusername but I have the same result (I apply
limit quota Messagecount 3 emails / 60 s)
Any advise please? (mode=update not reject even quota has reached 108%)
May 24 11:15:29 SMTP cbpolicyd[6205]: module=Quotas, mode=update,
host=172.30.22.83, helo=wafaPC, [email protected], to=
[email protected], reason=quota_update, policy=5, quota=2, limit=3,
track=SASLUsername:[email protected], counter=MessageCount,
quota=3.26/3 (108.6%)
2017-05-24 11:36 GMT+01:00 Marco Giunta via Users
<[email protected]>:
This is the 'quota module' configuration of my cluebringer.conf:
[server]
# Protocols to load
protocols=<<EOT
Postfix
EOT
# Modules to load
modules=<<EOT
Core
AccessControl
Quotas
EOT
# Quotas module
[Quotas]
enable=1
when my users go overquota, my policyd log messages are like this:
May 23 10:56:32 xxxx cbpolicyd[12765]: module=Quotas, action=reject,
host=xxx.xxx.xxx.xxx, helo=xxxx.xxxxx.xx, [email protected],
[email protected], reason=quota_match, policy=12, quota=5, limit=6,
track=SASLUsername:xxxxxxx, counter=MessageCount, quota=31.93/30
(106.4%)
but I track users on SASLUsername.
Marco
On 2017-05-24 11:50, Wafa BEN KHOUD via Users wrote:
Hi,
Thank you Marco,
I apply the configuration using group and policy with quota limiting
3
sends by 60 s to check if policyd is blocking the sender but it
doesn't work
Have you other details about applying quota?
the quota-tracking is working fine in DataBase :
mysql> select * from quotas_tracking;
+----------------+---------------------------+------------+---------+
| QuotasLimitsID | TrackKey | LastUpdate | Counter |
+----------------+---------------------------+------------+---------+
|
| 3 | SenderIP:172.30.22.83/32 <http://172.30.22.83/32>
|
1495616331 | 3.4122 |
+----------------+---------------------------+------------+---------+
mysql> select * from quotas;
+----+----------+-------------------+-----------------------
+--------+---------+------+---------+----------+
| ID | PolicyID | Name | Track | Period
|
Verdict | Data | Comment | Disabled |
+----+----------+-------------------+-----------------------
+--------+---------+------+---------+----------+
|
| 2 | 5 | Quota on all /24s | SenderIP:/32 | 60
|
REJECT | NULL | NULL | 0 |
+----+----------+-------------------+-----------------------
+--------+---------+------+---------+----------+
May 24 SMTP cbpolicyd[6204]: module=Quotas, mode=update,
host=172.30.22.83, helo=wafaPC, [email protected] <mailto:
[email protected]>, [email protected] <mailto:
[email protected]>, reason=quota_update, policy=5, quota=2,
limit=3,
track=SenderIP:172.30.22.83/32 <http://172.30.22.83/32>,
counter=MessageCount, quota=3.41/3 (113.7%)
May 24 SMTP postfix/qmgr[5965]: E51D917A435:
from=<[email protected]
<mailto:[email protected]>>, size=8189, nrcpt=1 (queue active)
May 24 SMTP postfix/smtp[6235]: E51D917A435:
to=<[email protected]
<mailto:[email protected]>>, relay=ok:25, delay=1.8,
delays=1.8/0/0/0.01, dsn=2.0.0, status=sent
Thank you,
Best regards.
Wafa Ben Khoud
2017-05-24 7:44 GMT+01:00 Marco Giunta via Users
<[email protected]
<mailto:[email protected]>>:
Hi,
in my policyd configuration I have:
- a group 'internal_ips' with my whole network :
10.10.0.0/16 <http://10.10.0.0/16>
- a group 'unlimited_users' with my 'privileged networks' :
10.10.1.0/24 <http://10.10.1.0/24>
10.10.2.0/24 <http://10.10.2.0/24>
- a policy with 'source' field like this:
%internal_ips,!%unlimited_users
to match all my network except my 'privileged networks'.
Cheers,
Marco
On 2017-05-23 19:29, Wafa BEN KHOUD via Users wrote:
Hello,
Can you please advise how to apply quota for all trafic
except
some IP ranges ?
I am using cluebringer-2.0.12-3.2 with Postfix (OS : SLES)
Thank you,
Wafa Ben Khoud
Email Administrator
[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
<http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org>
--
_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
<http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org>
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
--
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
