Hi, I add the smtpd_end_of_data_restrictions configuration and the same problem appers.
Can you please describe how do you apply control acces, policy , quota and its limits ? Thank you. 2017-05-24 13:07 GMT+01:00 Christoph Langguth via Users < [email protected]>: > Hi, > > this is just a wild guess, but make sure that your postfix configuration > invoking policyd is correct. Unless I'm totally mistaken, you need to > invoke policyd twice. Here's a snippet from my configuration, which > correctly works with several different quota rules (all applied by user): > > smtpd_recipient_restrictions = > check_recipient_access pcre:$config_directory/maps/ch > eck_recipient_blacklist, > permit_mynetworks, > reject_non_fqdn_recipient, > check_recipient_access pcre:$config_directory/maps/check_recipient > , > reject_unlisted_sender, > # policyd: > check_policy_service inet:127.0.0.1:10031 , > permit_sasl_authenticated, > reject_unauth_destination, > reject_rbl_client preempt.dnsbl.sorbs.net , > reject_rbl_client relays.dnsbl.sorbs.net , > reject_rbl_client block.dnsbl.sorbs.net , > reject_rbl_client zombie.dnsbl.sorbs.net , > reject_rbl_client escalations.dnsbl.sorbs.net , > reject_rhsbl_sender rhsbl.sorbs.net , > # grossd: > check_policy_service inet:127.0.0.1:5525 , > permit > > smtpd_end_of_data_restrictions = > # policyD: > check_policy_service inet:127.0.0.1:10031 , > permit > > > If I remember correctly, the invocation in recipient_restrictions updates > the quotas, while the one in end_of_data_restrictions actually enforces > them, i.e. rejects messages when over quota. > > > > > > Am 24.05.2017 13:03, schrieb Wafa BEN KHOUD via Users: > >> Hi, >> >> I switched tracking to saslusername but I have the same result (I apply >> limit quota Messagecount 3 emails / 60 s) >> >> Any advise please? (mode=update not reject even quota has reached 108%) >> >> May 24 11:15:29 SMTP cbpolicyd[6205]: module=Quotas, mode=update, >> host=172.30.22.83, helo=wafaPC, [email protected], to= >> [email protected], reason=quota_update, policy=5, quota=2, limit=3, >> track=SASLUsername:[email protected], counter=MessageCount, >> quota=3.26/3 (108.6%) >> >> >> 2017-05-24 11:36 GMT+01:00 Marco Giunta via Users < >> [email protected]>: >> >> This is the 'quota module' configuration of my cluebringer.conf: >>> >>> [server] >>> >>> # Protocols to load >>> protocols=<<EOT >>> Postfix >>> EOT >>> >>> # Modules to load >>> modules=<<EOT >>> Core >>> AccessControl >>> Quotas >>> EOT >>> >>> # Quotas module >>> [Quotas] >>> enable=1 >>> >>> when my users go overquota, my policyd log messages are like this: >>> >>> May 23 10:56:32 xxxx cbpolicyd[12765]: module=Quotas, action=reject, >>> host=xxx.xxx.xxx.xxx, helo=xxxx.xxxxx.xx, [email protected], >>> [email protected], reason=quota_match, policy=12, quota=5, limit=6, >>> track=SASLUsername:xxxxxxx, counter=MessageCount, quota=31.93/30 (106.4%) >>> >>> but I track users on SASLUsername. >>> >>> Marco >>> >>> >>> >>> On 2017-05-24 11:50, Wafa BEN KHOUD via Users wrote: >>> >>> Hi, >>>> Thank you Marco, >>>> >>>> I apply the configuration using group and policy with quota limiting 3 >>>> sends by 60 s to check if policyd is blocking the sender but it doesn't >>>> work >>>> >>>> Have you other details about applying quota? >>>> >>>> the quota-tracking is working fine in DataBase : >>>> >>>> mysql> select * from quotas_tracking; >>>> +----------------+---------------------------+------------+---------+ >>>> | QuotasLimitsID | TrackKey | LastUpdate | Counter | >>>> +----------------+---------------------------+------------+---------+ >>>> | >>>> | 3 | SenderIP:172.30.22.83/32 <http://172.30.22.83/32> | >>>> 1495616331 | 3.4122 | >>>> +----------------+---------------------------+------------+---------+ >>>> >>>> >>>> >>>> mysql> select * from quotas; >>>> +----+----------+-------------------+----------------------- >>>> +--------+---------+------+---------+----------+ >>>> | ID | PolicyID | Name | Track | Period | >>>> Verdict | Data | Comment | Disabled | >>>> +----+----------+-------------------+----------------------- >>>> +--------+---------+------+---------+----------+ >>>> | >>>> | 2 | 5 | Quota on all /24s | SenderIP:/32 | 60 | >>>> REJECT | NULL | NULL | 0 | >>>> +----+----------+-------------------+----------------------- >>>> +--------+---------+------+---------+----------+ >>>> >>>> May 24 SMTP cbpolicyd[6204]: module=Quotas, mode=update, >>>> host=172.30.22.83, helo=wafaPC, [email protected] <mailto: >>>> [email protected]>, [email protected] <mailto: >>>> [email protected]>, reason=quota_update, policy=5, quota=2, >>>> limit=3, >>>> track=SenderIP:172.30.22.83/32 <http://172.30.22.83/32>, >>>> counter=MessageCount, quota=3.41/3 (113.7%) >>>> May 24 SMTP postfix/qmgr[5965]: E51D917A435: from=< >>>> [email protected] >>>> <mailto:[email protected]>>, size=8189, nrcpt=1 (queue active) >>>> May 24 SMTP postfix/smtp[6235]: E51D917A435: to=<[email protected] >>>> <mailto:[email protected]>>, relay=ok:25, delay=1.8, >>>> delays=1.8/0/0/0.01, dsn=2.0.0, status=sent >>>> >>>> Thank you, >>>> >>>> Best regards. >>>> >>>> Wafa Ben Khoud >>>> >>>> 2017-05-24 7:44 GMT+01:00 Marco Giunta via Users < >>>> [email protected] >>>> <mailto:[email protected]>>: >>>> >>>> Hi, >>>> in my policyd configuration I have: >>>> >>>> - a group 'internal_ips' with my whole network : >>>> >>>> 10.10.0.0/16 <http://10.10.0.0/16> >>>> >>>> - a group 'unlimited_users' with my 'privileged networks' : >>>> >>>> 10.10.1.0/24 <http://10.10.1.0/24> >>>> 10.10.2.0/24 <http://10.10.2.0/24> >>>> >>>> - a policy with 'source' field like this: >>>> >>>> %internal_ips,!%unlimited_users >>>> >>>> to match all my network except my 'privileged networks'. >>>> >>>> >>>> Cheers, >>>> Marco >>>> >>>> >>>> >>>> >>>> On 2017-05-23 19:29, Wafa BEN KHOUD via Users wrote: >>>> >>>> Hello, >>>> >>>> Can you please advise how to apply quota for all trafic except >>>> some IP ranges ? >>>> >>>> I am using cluebringer-2.0.12-3.2 with Postfix (OS : SLES) >>>> >>>> Thank you, >>>> >>>> Wafa Ben Khoud >>>> Email Administrator >>>> [email protected] <mailto:[email protected]> >>>> <mailto:[email protected] <mailto:[email protected]>> >>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> [email protected] <mailto:[email protected]> >>>> http://lists.policyd.org/mailman/listinfo/users_lists.policy >>>> d.org >>>> <http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org> >>>> >>>> >>>> -- >>>> _______________________________________________ >>>> Users mailing list >>>> [email protected] <mailto:[email protected]> >>>> http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org >>>> <http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> [email protected] >>>> http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org >>>> >>>> >>>> -- >>> >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org >>> >>> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org >> > _______________________________________________ > Users mailing list > [email protected] > http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org >
_______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
