Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th October 2012, 10:25
kassyo kassyo is offline
Junior Member
 
Join Date: Oct 2010
Posts: 19
Thanks: 6
Thanked 2 Times in 2 Posts
Default postfwd+postfix+dovecot, cant get it working...

Hi eveyone,

Im testing a mail server with the "The perfect server opensuse 11.4" setup, a clean install.

Now im proceding to test a policy agent in order to keep the server sending no more than 50 messages per 30 minutes and user address. In concrete the agent is postfwd.

I followed the guide in postfwd main site, get it working without errors but postfwd doesnt catch the policy rules.

My postconf output:

PHP Code:
2bounce_notice_recipient postmaster
access_map_defer_code 
450
access_map_reject_code 
554
address_verify_cache_cleanup_interval 
12h
address_verify_default_transport 
$default_transport
address_verify_local_transport 
$local_transport
address_verify_map 
btree:$data_directory/verify_cache
address_verify_negative_cache 
yes
address_verify_negative_expire_time 
3d
address_verify_negative_refresh_time 
3h
address_verify_poll_count 
= ${stress?1}${stress:3}
address_verify_poll_delay 3s
address_verify_positive_expire_time 
31d
address_verify_positive_refresh_time 
7d
address_verify_relay_transport 
$relay_transport
address_verify_relayhost 
$relayhost
address_verify_sender 
$double_bounce_sender
address_verify_sender_dependent_default_transport_maps 
$sender_dependent_default_transport_maps
address_verify_sender_dependent_relayhost_maps 
$sender_dependent_relayhost_maps
address_verify_service_name 
verify
address_verify_transport_maps 
$transport_maps
address_verify_virtual_transport 
$virtual_transport
alias_database 
hash:/etc/aliases
alias_maps 
hash:/etc/aliases
allow_mail_to_commands 
aliasforward
allow_mail_to_files 
aliasforward
allow_min_user 
no
allow_percent_hack 
yes
allow_untrusted_routing 
no
alternate_config_directories 

always_add_missing_headers no
always_bcc 

anvil_rate_time_unit 60s
anvil_status_update_time 
600s
append_at_myorigin 
yes
append_dot_mydomain 
yes
application_event_drain_time 
100s
authorized_flush_users 
= static:anyone
authorized_mailq_users 
= static:anyone
authorized_submit_users 
= static:anyone
backwards_bounce_logfile_compatibility 
yes
berkeley_db_create_buffer_size 
16777216
berkeley_db_read_buffer_size 
131072
best_mx_transport 

biff no
body_checks 
regexp:/etc/postfix/body_checks
body_checks_size_limit 
51200
bounce_notice_recipient 
postmaster
bounce_queue_lifetime 
5d
bounce_service_name 
bounce
bounce_size_limit 
50000
bounce_template_file 

broken_sasl_auth_clients yes
canonical_classes 
envelope_senderenvelope_recipientheader_senderheader_recipient
canonical_maps 
hash:/etc/postfix/canonical
cleanup_service_name 
cleanup
command_directory 
= /usr/sbin
command_execution_directory 

command_expansion_filter 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit 
1000s
config_directory 
= /etc/postfix
connection_cache_protocol_timeout 
5s
connection_cache_service_name 
scache
connection_cache_status_update_time 
600s
connection_cache_ttl_limit 
2s
content_filter 

cyrus_sasl_config_path 
daemon_directory = /usr/lib/postfix
daemon_timeout 
18000s
data_directory 
= /var/lib/postfix
debug_peer_level 
2
debug_peer_list 

default_database_type hash
default_delivery_slot_cost 
5
default_delivery_slot_discount 
50
default_delivery_slot_loan 
3
default_destination_concurrency_failed_cohort_limit 
1
default_destination_concurrency_limit 
20
default_destination_concurrency_negative_feedback 
1
default_destination_concurrency_positive_feedback 
1
default_destination_rate_delay 
0s
default_destination_recipient_limit 
50
default_extra_recipient_limit 
1000
default_filter_nexthop 

default_minimum_delivery_slots 3
default_privs 
nobody
default_process_limit 
100
default_rbl_reply 
$rbl_code Service unavailable$rbl_class [$rbl_whatblocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit 20000
default_recipient_refill_delay 
5s
default_recipient_refill_limit 
100
default_transport 
smtp
default_verp_delimiters 
= +=
defer_code 450
defer_service_name 
defer
defer_transports 

delay_logging_resolution_limit 2
delay_notice_recipient 
postmaster
delay_warning_time 
1h
deliver_lock_attempts 
20
deliver_lock_delay 
1s
destination_concurrency_feedback_debug 
no
detect_8bit_encoding_header 
yes
disable_dns_lookups 
no
disable_mime_input_processing 
no
disable_mime_output_conversion 
no
disable_verp_bounces 
no
disable_vrfy_command 
no
dont_remove 
0
double_bounce_sender 
double-bounce
duplicate_filter_limit 
1000
empty_address_default_transport_maps_lookup_key 
= <>
empty_address_recipient MAILER-DAEMON
empty_address_relayhost_maps_lookup_key 
= <>
enable_original_recipient yes
error_notice_recipient 
postmaster
error_service_name 
error
execution_directory_expansion_filter 
1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
expand_owner_alias 
no
export_environment 
TZ MAIL_CONFIG LANG
fallback_transport 

fallback_transport_maps 
fast_flush_domains $relay_domains
fast_flush_purge_time 
7d
fast_flush_refresh_time 
12h
fault_injection_code 
0
flush_service_name 
flush
fork_attempts 
5
fork_delay 
1s
forward_expansion_filter 
1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path 
$home/.forward${recipient_delimiter}${extension}, $home/.forward
frozen_delivered_to 
yes
hash_queue_depth 
1
hash_queue_names 
deferreddefer
header_address_token_limit 
10240
header_checks 
regexp:/etc/postfix/header_checks
header_size_limit 
102400
helpful_warnings 
yes
home_mailbox 

hopcount_limit 50
html_directory 
= /usr/share/doc/packages/postfix-doc/html
ignore_mx_lookup_error 
no
import_environment 
MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
in_flow_delay 
1s
inet_interfaces 
all
inet_protocols 
all
initial_destination_concurrency 
5
internal_mail_filter_classes 

invalid_hostname_reject_code 501
ipc_idle 
5s
ipc_timeout 
3600s
ipc_ttl 
1000s
line_length_limit 
2048
lmtp_assume_final 
no
lmtp_bind_address 

lmtp_bind_address6 
lmtp_body_checks 
lmtp_cname_overrides_servername no
lmtp_connect_timeout 
0s
lmtp_connection_cache_destinations 

lmtp_connection_cache_on_demand yes
lmtp_connection_cache_time_limit 
2s
lmtp_connection_reuse_time_limit 
300s
lmtp_data_done_timeout 
600s
lmtp_data_init_timeout 
120s
lmtp_data_xfer_timeout 
180s
lmtp_defer_if_no_mx_address_found 
no
lmtp_destination_concurrency_failed_cohort_limit 
$default_destination_concurrency_failed_cohort_limit
lmtp_destination_concurrency_limit 
$default_destination_concurrency_limit
lmtp_destination_concurrency_negative_feedback 
$default_destination_concurrency_negative_feedback
lmtp_destination_concurrency_positive_feedback 
$default_destination_concurrency_positive_feedback
lmtp_destination_rate_delay 
$default_destination_rate_delay
lmtp_destination_recipient_limit 
$default_destination_recipient_limit
lmtp_discard_lhlo_keyword_address_maps 

lmtp_discard_lhlo_keywords 
lmtp_enforce_tls no
lmtp_generic_maps 

lmtp_header_checks 
lmtp_host_lookup dns
lmtp_initial_destination_concurrency 
$initial_destination_concurrency
lmtp_lhlo_name 
$myhostname
lmtp_lhlo_timeout 
300s
lmtp_line_length_limit 
990
lmtp_mail_timeout 
300s
lmtp_mime_header_checks 

lmtp_mx_address_limit 5
lmtp_mx_session_limit 
2
lmtp_nested_header_checks 

lmtp_pix_workaround_delay_time 10s
lmtp_pix_workaround_maps 

lmtp_pix_workaround_threshold_time 500s
lmtp_pix_workarounds 
disable_esmtp,delay_dotcrlf
lmtp_quit_timeout 
300s
lmtp_quote_rfc821_envelope 
yes
lmtp_randomize_addresses 
yes
lmtp_rcpt_timeout 
300s
lmtp_reply_filter 

lmtp_rset_timeout 20s
lmtp_sasl_auth_cache_name 

lmtp_sasl_auth_cache_time 90d
lmtp_sasl_auth_enable 
no
lmtp_sasl_auth_soft_bounce 
yes
lmtp_sasl_mechanism_filter 

lmtp_sasl_password_maps 
lmtp_sasl_path 
lmtp_sasl_security_options noplaintextnoanonymous
lmtp_sasl_tls_security_options 
$lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options 
$lmtp_sasl_tls_security_options
lmtp_sasl_type 
cyrus
lmtp_send_xforward_command 
no
lmtp_sender_dependent_authentication 
no
lmtp_skip_5xx_greeting 
yes
lmtp_skip_quit_response 
no
lmtp_starttls_timeout 
300s
lmtp_tcp_port 
24
lmtp_tls_CAfile 

lmtp_tls_CApath 
lmtp_tls_block_early_mail_reply no
lmtp_tls_cert_file 

lmtp_tls_ciphers export
lmtp_tls_dcert_file 

lmtp_tls_dkey_file $lmtp_tls_dcert_file
lmtp_tls_eccert_file 

lmtp_tls_eckey_file $lmtp_tls_eccert_file
lmtp_tls_enforce_peername 
yes
lmtp_tls_exclude_ciphers 

lmtp_tls_fingerprint_cert_match 
lmtp_tls_fingerprint_digest md5
lmtp_tls_key_file 
$lmtp_tls_cert_file
lmtp_tls_loglevel 
0
lmtp_tls_mandatory_ciphers 
medium
lmtp_tls_mandatory_exclude_ciphers 

lmtp_tls_mandatory_protocols SSLv3TLSv1
lmtp_tls_note_starttls_offer 
no
lmtp_tls_per_site 

lmtp_tls_policy_maps 
lmtp_tls_protocols = !SSLv2
lmtp_tls_scert_verifydepth 
9
lmtp_tls_secure_cert_match 
nexthop
lmtp_tls_security_level 

lmtp_tls_session_cache_database 
lmtp_tls_session_cache_timeout 3600s
lmtp_tls_verify_cert_match 
hostname
lmtp_use_tls 
no
lmtp_xforward_timeout 
300s
local_command_shell 

local_destination_concurrency_failed_cohort_limit $default_destination_concurrency_failed_cohort_limit
local_destination_concurrency_limit 
2
local_destination_concurrency_negative_feedback 
$default_destination_concurrency_negative_feedback
local_destination_concurrency_positive_feedback 
$default_destination_concurrency_positive_feedback
local_destination_rate_delay 
$default_destination_rate_delay
local_destination_recipient_limit 
1
local_header_rewrite_clients 
permit_inet_interfaces
local_initial_destination_concurrency 
$initial_destination_concurrency
local_recipient_maps 
proxy:unix:passwd.byname $alias_maps
local_transport 
local:$myhostname
luser_relay 

mail_name Postfix
mail_owner 
postfix
mail_release_date 
20101123
mail_spool_directory 
= /var/mail
mail_version 
2.7.2
mailbox_command 

mailbox_command_maps 
mailbox_delivery_lock fcntldotlock
mailbox_size_limit 
0
mailbox_transport 

mailbox_transport_maps 
mailq_path = /usr/bin/mailq
manpage_directory 
= /usr/share/man
maps_rbl_domains 

maps_rbl_reject_code 554
masquerade_classes 
envelope_senderheader_senderheader_recipient
masquerade_domains 

masquerade_exceptions root
master_service_disable 

max_idle 100s
max_use 
100
maximal_backoff_time 
4000s
maximal_queue_lifetime 
5d
message_reject_characters 

message_size_limit 0
message_strip_characters 
0
milter_command_timeout 
30s
milter_connect_macros 
{daemon_namev
milter_connect_timeout 
30s
milter_content_timeout 
300s
milter_data_macros 
i
milter_default_action 
tempfail
milter_end_of_data_macros 
i
milter_end_of_header_macros 
i
milter_header_checks 

milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name $myhostname
milter_macro_v 
$mail_name $mail_version
milter_mail_macros 
{auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}
milter_protocol 6
milter_rcpt_macros 
{rcpt_addr} {rcpt_host} {rcpt_mailer}
milter_unknown_command_macros 
mime_boundary_length_limit 2048
mime_header_checks 
regexp:/etc/postfix/mime_header_checks
mime_nesting_limit 
100
minimal_backoff_time 
300s
multi_instance_directories 

multi_instance_enable no
multi_instance_group 

multi_instance_name 
multi_instance_wrapper 
multi_recipient_bounce_reject_code 550
mydestination 
correo.pruebas.comlocalhostlocalhost.localdomain
mydomain 
pruebas.com
myhostname 
correo.pruebas.com
mynetworks 
127.0.0.0/[::1]/128 localhost
mynetworks_style 
subnet
myorigin 
$myhostname
nested_header_checks 
regexp:/etc/postfix/nested_header_checks
newaliases_path 
= /usr/bin/newaliases
non_fqdn_reject_code 
504
non_smtpd_milters 

notify_classes resourcesoftware
owner_request_special 
yes
parent_domain_matches_subdomains 
debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks 

pickup_service_name pickup
plaintext_reject_code 
450
postmulti_control_commands 
reload flush
postmulti_start_commands 
start
postmulti_stop_commands 
stop abort drain quick-stop
prepend_delivered_header 
commandfileforward
process_id_directory 
pid
propagate_unmatched_extensions 
canonicalvirtual
proxy_interfaces 

proxy_read_maps $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
proxy_write_maps 
$smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
proxymap_service_name 
proxymap
proxywrite_service_name 
proxywrite
qmgr_clog_warn_time 
300s
qmgr_fudge_factor 
100
qmgr_message_active_limit 
20000
qmgr_message_recipient_limit 
20000
qmgr_message_recipient_minimum 
10
qmqpd_authorized_clients 

qmqpd_client_port_logging no
qmqpd_error_delay 
1s
qmqpd_timeout 
300s
queue_directory 
= /var/spool/postfix
queue_file_attribute_count_limit 
100
queue_minfree 
0
queue_run_delay 
300s
queue_service_name 
qmgr
rbl_reply_maps 

readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
receive_override_options 
no_address_mappings
recipient_bcc_maps 

recipient_canonical_classes envelope_recipientheader_recipient
recipient_canonical_maps 

recipient_delimiter 
reject_code 554
reject_tempfail_action 
defer_if_permit
relay_clientcerts 

relay_destination_concurrency_failed_cohort_limit $default_destination_concurrency_failed_cohort_limit
relay_destination_concurrency_limit 
$default_destination_concurrency_limit
relay_destination_concurrency_negative_feedback 
$default_destination_concurrency_negative_feedback
relay_destination_concurrency_positive_feedback 
$default_destination_concurrency_positive_feedback
relay_destination_rate_delay 
$default_destination_rate_delay
relay_destination_recipient_limit 
$default_destination_recipient_limit
relay_domains 
mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_domains_reject_code 
554
relay_initial_destination_concurrency 
$initial_destination_concurrency
relay_recipient_maps 
mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relay_transport 
relay
relayhost 

relocated_maps hash:/etc/postfix/relocated
remote_header_rewrite_domain 

require_home_directory no
resolve_dequoted_address 
yes
resolve_null_domain 
no
resolve_numeric_domain 
no
rewrite_service_name 
rewrite
sample_directory 
= /usr/share/doc/packages/postfix-doc/samples
send_cyrus_sasl_authzid 
no
sender_bcc_maps 

sender_canonical_classes envelope_senderheader_sender
sender_canonical_maps 
hash:/etc/postfix/sender_canonical
sender_dependent_default_transport_maps 

sender_dependent_relayhost_maps 
sendmail_path = /usr/sbin/sendmail
service_throttle_time 
60s
setgid_group 
maildrop
show_user_unknown_table_name 
yes
showq_service_name 
showq
smtp_always_send_ehlo 
yes
smtp_bind_address 

smtp_bind_address6 
smtp_body_checks 
smtp_cname_overrides_servername no
smtp_connect_timeout 
30s
smtp_connection_cache_destinations 

smtp_connection_cache_on_demand yes
smtp_connection_cache_time_limit 
2s
smtp_connection_reuse_time_limit 
300s
smtp_data_done_timeout 
600s
smtp_data_init_timeout 
120s
smtp_data_xfer_timeout 
180s
smtp_defer_if_no_mx_address_found 
no
smtp_destination_concurrency_failed_cohort_limit 
$default_destination_concurrency_failed_cohort_limit
smtp_destination_concurrency_limit 
$default_destination_concurrency_limit
smtp_destination_concurrency_negative_feedback 
$default_destination_concurrency_negative_feedback
smtp_destination_concurrency_positive_feedback 
$default_destination_concurrency_positive_feedback
smtp_destination_rate_delay 
$default_destination_rate_delay
smtp_destination_recipient_limit 
$default_destination_recipient_limit
smtp_discard_ehlo_keyword_address_maps 

smtp_discard_ehlo_keywords 
smtp_enforce_tls no
smtp_fallback_relay 
$fallback_relay
smtp_generic_maps 

smtp_header_checks 
smtp_helo_name $myhostname
smtp_helo_timeout 
300s
smtp_host_lookup 
dns
smtp_initial_destination_concurrency 
$initial_destination_concurrency
smtp_line_length_limit 
990
smtp_mail_timeout 
300s
smtp_mime_header_checks 

smtp_mx_address_limit 5
smtp_mx_session_limit 
2
smtp_nested_header_checks 

smtp_never_send_ehlo no
smtp_pix_workaround_delay_time 
10s
smtp_pix_workaround_maps 

smtp_pix_workaround_threshold_time 500s
smtp_pix_workarounds 
disable_esmtp,delay_dotcrlf
smtp_quit_timeout 
300s
smtp_quote_rfc821_envelope 
yes
smtp_randomize_addresses 
yes
smtp_rcpt_timeout 
300s
smtp_reply_filter 

smtp_rset_timeout 20s
smtp_sasl_auth_cache_name 

smtp_sasl_auth_cache_time 90d
smtp_sasl_auth_enable 
no
smtp_sasl_auth_soft_bounce 
yes
smtp_sasl_mechanism_filter 

smtp_sasl_password_maps 
smtp_sasl_path 
smtp_sasl_security_options noplaintextnoanonymous
smtp_sasl_tls_security_options 
$smtp_sasl_security_options
smtp_sasl_tls_verified_security_options 
$smtp_sasl_tls_security_options
smtp_sasl_type 
cyrus
smtp_send_xforward_command 
no
smtp_sender_dependent_authentication 
no
smtp_skip_5xx_greeting 
yes
smtp_skip_quit_response 
yes
smtp_starttls_timeout 
300s
smtp_tls_CAfile 

smtp_tls_CApath 
smtp_tls_block_early_mail_reply no
smtp_tls_cert_file 

smtp_tls_ciphers export
smtp_tls_dcert_file 

smtp_tls_dkey_file $smtp_tls_dcert_file
smtp_tls_eccert_file 

smtp_tls_eckey_file $smtp_tls_eccert_file
smtp_tls_enforce_peername 
yes
smtp_tls_exclude_ciphers 

smtp_tls_fingerprint_cert_match 
smtp_tls_fingerprint_digest md5
smtp_tls_key_file 
$smtp_tls_cert_file
smtp_tls_loglevel 
0
smtp_tls_mandatory_ciphers 
medium
smtp_tls_mandatory_exclude_ciphers 

smtp_tls_mandatory_protocols SSLv3TLSv1
smtp_tls_note_starttls_offer 
no
smtp_tls_per_site 

smtp_tls_policy_maps 
smtp_tls_protocols = !SSLv2
smtp_tls_scert_verifydepth 
9
smtp_tls_secure_cert_match 
nexthopdot-nexthop
smtp_tls_security_level 

smtp_tls_session_cache_database 
smtp_tls_session_cache_timeout 3600s
smtp_tls_verify_cert_match 
hostname
smtp_use_tls 
no
smtp_xforward_timeout 
300s
smtpd_authorized_verp_clients 
$authorized_verp_clients
smtpd_authorized_xclient_hosts 

smtpd_authorized_xforward_hosts 
smtpd_banner $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit 
50
smtpd_client_connection_rate_limit 
0
smtpd_client_event_limit_exceptions 
= ${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_client_message_rate_limit 0
smtpd_client_new_tls_session_rate_limit 
0
smtpd_client_port_logging 
no
smtpd_client_recipient_rate_limit 
0
smtpd_client_restrictions 
check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_command_filter 

smtpd_data_restrictions 
smtpd_delay_open_until_valid_rcpt yes
smtpd_delay_reject 
yes
smtpd_discard_ehlo_keyword_address_maps 

smtpd_discard_ehlo_keywords 
smtpd_end_of_data_restrictions 
smtpd_enforce_tls no
smtpd_error_sleep_time 
1s
smtpd_etrn_restrictions 

smtpd_expansion_filter t40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
smtpd_forbidden_commands = CONNECT GET POST
smtpd_hard_error_limit = ${stress?1}${stress:20}
smtpd_helo_required = no
smtpd_helo_restrictions = 
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = ${stress?1}${stress:100}
smtpd_milters = 
smtpd_noop_commands = 
smtpd_null_access_lookup_key = <>
smtpd_peername_lookup = yes
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter = 
smtpd_proxy_options = 
smtpd_proxy_timeout = 100s
smtpd_recipient_limit = 1000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, check_policy_service inet:127.0.0.1:10040
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_restriction_classes = 
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_exceptions_networks = 
smtpd_sasl_local_domain = 
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = 
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = 300s
smtpd_timeout = ${stress?10}${stress:300}s
smtpd_tls_CAfile = 
smtpd_tls_CApath = 
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 9
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_ciphers = export
smtpd_tls_dcert_file = 
smtpd_tls_dh1024_param_file = 
smtpd_tls_dh512_param_file = 
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_eccert_file = 
smtpd_tls_eckey_file = $smtpd_tls_eccert_file
smtpd_tls_eecdh_grade = none
smtpd_tls_exclude_ciphers = 
smtpd_tls_fingerprint_digest = md5
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers = 
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_protocols = 
smtpd_tls_received_header = no
smtpd_tls_req_ccert = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = 
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_tls = yes
soft_bounce = no
stale_lock_time = 500s
stress = 
strict_7bit_headers = no
strict_8bitmime = no
strict_8bitmime_body = no
strict_mailbox_ownership = yes
strict_mime_encoding_domain = no
strict_rfc821_envelopes = no
sun_mailtool_compatibility = no
swap_bangpath = yes
syslog_facility = mail
syslog_name = ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name}
tcp_windowsize = 0
tls_append_default_CA = no
tls_daemon_random_bytes = 32
tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1
tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH
tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH
tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH
tls_null_cipherlist = eNULL:!aNULL
tls_random_bytes = 32
tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
trace_service_name = trace
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_address_reject_code = 450
unknown_address_tempfail_action = $reject_tempfail_action
unknown_client_reject_code = 450
unknown_helo_hostname_tempfail_action = $reject_tempfail_action
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_defer_code = 450
unverified_recipient_reject_code = 450
unverified_recipient_reject_reason = 
unverified_recipient_tempfail_action = $reject_tempfail_action
unverified_sender_defer_code = 450
unverified_sender_reject_code = 450
unverified_sender_reject_reason = 
unverified_sender_tempfail_action = $reject_tempfail_action
verp_delimiter_filter = -=+
virtual_alias_domains = 
virtual_alias_expansion_limit = 1000
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_alias_recursion_limit = 1000
virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
virtual_destination_rate_delay = $default_destination_rate_delay
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_gid_maps = static:5000
virtual_initial_destination_concurrency = $initial_destination_concurrency
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = 
virtual_mailbox_limit_override = no
virtual_mailbox_lock = fcntl, dotlock
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_maildir_extended = no
virtual_maildir_filter = no
virtual_maildir_filter_maps = 
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_maildir_limit_message_maps = 
virtual_maildir_suffix = 
virtual_minimum_uid = 100
virtual_overquota_bounce = no
virtual_transport = dovecot
virtual_trash_count = no
virtual_trash_name = .Trash
virtual_uid_maps = static:5000 
And my postfwd.cf file with the rules:

PHP Code:
id=RULE001
    client_name
==unknown
    action
==rate(client_address/1/300/450 4.7.1 only 1 recipients per 5 minutes allowed
Even passing the rule to the agent via command line doesnt work.

Neither postfwd in testing mode works as intended.

Any idea anyone?
Reply With Quote
Sponsored Links
  #2  
Old 9th October 2012, 14:53
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 90 Times in 68 Posts
Default

The policy is only applied to "unknown users" (clients without rdns or dns misconfiguration). Your selection is narrow.

Code:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, check_policy_service inet:127.0.0.1:10040
Also note that sasl users will never be affected.
Reply With Quote
The Following User Says Thank You to pititis For This Useful Post:
kassyo (10th October 2012)
  #3  
Old 10th October 2012, 09:51
kassyo kassyo is offline
Junior Member
 
Join Date: Oct 2010
Posts: 19
Thanks: 6
Thanked 2 Times in 2 Posts
 
Default

Yeah, i noticed that minutes before your post.

Its my fault I followed the guide of postfwd main page and its wrong with that, it recomends putting the policy check at the end of "smtpd_recipient_restrictions =.." in postfix config file.

Now its working like a charm and using the next rule:

PHP Code:
id=RULE003
    sasl_username
=maildir@mydomain.com
    action
=rate(sasl_username/1/300/HOLD Only 1 message every 5 minutes
Then i manage the hold queue with a batch proccess but, when the queue gets flushed the outgoing queued messages are bypassing the policy.

Still trying to keep the message flow for that user to only 1 message every 5 minutes, no matter the queue they are.
Reply With Quote
Reply

Bookmarks

Tags
opensuse, policy, postfix, postfwd, rate limit

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Catchall and Forwarding not working simmo General 6 22nd March 2014 00:54
Dual server with ISPConfig 3 but with errors alphaman36 Installation/Configuration 8 23rd August 2012 12:59
Postfix: can send emails outside, none received daseagle Server Operation 9 11th October 2011 12:03
MySQL Error Nolan Installation/Configuration 12 16th February 2011 02:15
CGI and FormMail Cracklefish Installation/Configuration 17 13th October 2009 13:40


All times are GMT +2. The time now is 08:51.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.