1

Topic: max daily rcpt per user

======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.0
- Linux/BSD distribution name and version:         CentOS release 5.5 (Final)
- Store mail accounts in which backend:              LDAP
- Web server (Apache or Nginx):                           Apache
- Manage mail accounts with iRedAdmin-Pro?       yes v2.1.2
- Related log if you're reporting an issue:
====

Hi all,
I would like to set a limit of 1000 emails sent daily per user basis.
In other words any authenticated user should be able to send max 1000 emails in 24h.

I'm trying to set it through /etc/policyd.conf without success.

policyd.conf and main.cf attached to this post

Thanks for your help,
Cocco.

Post's attachments

main.cf 3.95 kb, file has never been downloaded. 

policyd.conf 24.94 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: max daily rcpt per user

You should be able to set this in PRO version...

3

Re: max daily rcpt per user

Please set this throttling with iRedAdmin-Pro.

4

Re: max daily rcpt per user

Wow... I haven't the tab throttling in domain or account. Looking at the demo of iredadmin-pro I can see that I haven't some features enabled.

My dashboard doesn't show top 10 sender and recipients.
My domain settings doesn't show Throttling, White/Blacklist and SpamPolicy tab.
My account settings doesn't show Throttling and SpamPolicy tab.

I think that now the problem became very complicated...can you help me?

5

Re: max daily rcpt per user

mr.cocco wrote:

My dashboard doesn't show top 10 sender and recipients.

This is Amavisd integration. Make sure you have below settings in iRedAdmin-Pro config file (settings.py):

amavisd_enable_logging = True
amavisd_enable_quarantine = True
amavisd_enable_policy_lookup = True

amavisd_db_host = '127.0.0.1'
amavisd_db_port = 3306
amavisd_db_name = 'amavisd'
amavisd_db_user = 'amavisd'
amavisd_db_password = 'password'
mr.cocco wrote:

My domain settings doesn't show Throttling, White/Blacklist and SpamPolicy tab.
My account settings doesn't show Throttling and SpamPolicy tab.

White/blacklist and SpamPolicy are Amavisd integration mentioned above.

Throttling requires Policyd or Cluebringer. Make sure you have below settings in iRedAdmin-Pro config file:

policyd_enabled = True
policyd_db_host = '127.0.0.1'
policyd_db_port = 3306
policyd_db_name = 'policyd'
policyd_db_user = 'policyd'
policyd_db_password = 'password'

6

Re: max daily rcpt per user

Ok with "policyd_enabled = True" I can set throttling on domains and users.
I tried to set "Number of max outgoing emails" = 50 as domain option, but still I can send so much email.
Should I configure something in postfix?



ZhangHuangbin wrote:
mr.cocco wrote:

My dashboard doesn't show top 10 sender and recipients.

This is Amavisd integration. Make sure you have below settings in iRedAdmin-Pro config file (settings.py):

amavisd_enable_logging = True
amavisd_enable_quarantine = True
amavisd_enable_policy_lookup = True

amavisd_db_host = '127.0.0.1'
amavisd_db_port = 3306
amavisd_db_name = 'amavisd'
amavisd_db_user = 'amavisd'
amavisd_db_password = 'password'
mr.cocco wrote:

My domain settings doesn't show Throttling, White/Blacklist and SpamPolicy tab.
My account settings doesn't show Throttling and SpamPolicy tab.

White/blacklist and SpamPolicy are Amavisd integration mentioned above.

Throttling requires Policyd or Cluebringer. Make sure you have below settings in iRedAdmin-Pro config file:

policyd_enabled = True
policyd_db_host = '127.0.0.1'
policyd_db_port = 3306
policyd_db_name = 'policyd'
policyd_db_user = 'policyd'
policyd_db_password = 'password'

7

Re: max daily rcpt per user

Please show us your postfix setting with command 'postconf -n'.

8

Re: max daily rcpt per user

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
mail_name = iRedMail
mail_owner = postfix
mail_version = 0.6.1
mailbox_command = /usr/libexec/dovecot/deliver
mailbox_size_limit = 24857600
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 24857600
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = domain.com
myhostname = srv.domain.com
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = srv.domain.com
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.5.9/README_FILES
receive_override_options = no_address_mappings
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap_recipient_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap_recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:ldap:/etc/postfix/ldap_relay_domains.cf
relay_recipient_maps = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
sample_directory = /usr/share/doc/postfix-2.5.9/samples
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap_sender_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap_sender_bcc_maps_user.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_CAfile = /etc/pki/tls/certs/RapidSSL_CA_bundle.pem
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap_sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_tls_cert_file = /etc/pki/tls/certs/domain.com.crt
smtpd_tls_key_file = /etc/pki/tls/private/domain.com.key
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
transport_maps = proxy:ldap:/etc/postfix/ldap_transport_maps_user.cf, proxy:ldap:/etc/postfix/ldap_transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap_virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap_virtual_group_members_maps.cf, proxy:ldap:/etc/postfix/ldap_catch_all_maps.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
virtual_minimum_uid = 500
virtual_transport = dovecot

9

Re: max daily rcpt per user

With Policyd-1.8x, throttling works with Postfix 'smtpd_end_of_data_restrictions' setting. before i show you how to update Postfix setting to make it work, i need some information first:

Did you update /etc/init.d/policyd to make it listening on two ports? 10031, 10032.

10

Re: max daily rcpt per user

Hi,
I have two config file:
1) /etc/policyd.conf with BINDPORT="10031"
2) /etc/policyd_sender_throttle.conf with BINDPORT="10032"
but I have no running process listening on port 10032.

In start script /etc/init.d/policyd I found ENABLE_SENDER_THROTTLE="NO".
I think that it should be YES, isn't it?

Enabling sender throttle I'm going to apply some settings to my users or nothing will happen until I configure it by iredadmin?

11

Re: max daily rcpt per user

With Policyd running on both 10031 and 10032, please add below setting in /etc/postfix/main.cf:

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10032

Then restart postfix service and test throttling.

12

Re: max daily rcpt per user

I did so and throttling start to works. Now I have the opposite problem.

I create a script with a while cycle to send 50 emails.
I enabled and tested throttling for an account. It works.
Then I removed the throttling and verified the ability to send email. It don't works. I can send 24email and then throttling ban me. In Iredadmin throttling is enabled again.
I disabled it, launch the script...15 emails ok and then I'm banned. In Iredadmin throttling is enabled again.

It also happens to accounts that this option has not been enabled.

When automatically enabled the settings are always the same, as in the picture attached to this post

Thanks,
Cocco

Post's attachments

Capture.PNG
Capture.PNG 25.93 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

13

Re: max daily rcpt per user

mr.cocco wrote:

Then I removed the throttling and verified the ability to send email. It don't works. I can send 24email and then throttling ban me. In Iredadmin throttling is enabled again.

*) How did you "removed" the throttling?
*) After you "removed" the throttling, what's the policyd log in /var/log/maillog when you send first testing email?
*) Do you have a global default setting in /etc/policyd_*.conf?

14 (edited by mr.cocco 2015-07-01 23:45:31)

Re: max daily rcpt per user

*1) I removed the throttling in Iredadmin unchecking "Enable sender throttling" option.
*2) Yes policyd log all the email sent in maillog
*3) Yes I have /etc/policyd_sender_throttle.conf

*2) Looking at logfile maillog seems that policyd count every email 2 times. The first when client send the email through authenticated session, and the second when postfix process the email just queued.
Moreover it is counting and blocking the external senders too. Every external sender that sent more than 60 emails has been banned. I had to disable policyd commenting out "smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10032"

*3) Attached to this post there's my /etc/policyd_sender_throttle.conf

Post's attachments

policyd_sender_throttle.conf.txt 24.94 kb, 3 downloads since 2015-07-01 

You don't have the permssions to download the attachments of this post.

15

Re: max daily rcpt per user

policyd_sender_throttle.conf looks fine.

*) Do you also enable sender throttling in /etc/policyd.conf?
*) Could you follow this tutorial to check policyd settings? http://www.iredmail.org/wiki/index.php? … HEL.CentOS

16

Re: max daily rcpt per user

Following your tutorial I had to set:
SENDER_THROTTLE_HOST=0 (it was SENDER_THROTTLE_HOST=1)

but the problem still persist.
I sent 60 emails from an authenticated session and I have been banned, only 18 emails have been sent.

Before the test in iredadmin both user and his domain had throttling disabled. After the test user has throttling enabled in iredadmin with the following values:
Max size of single outgoing email: custom 15728640
Number of max outgoing emails: 60
Quota size of all outgoing emails: 250000000
Time Unit: 1 Hour

Attached to this post the maillog for the test just executed. I tried to obfuscate some data for privacy reason.

Post's attachments

obfuscated_maillog.txt 118.99 kb, 1 downloads since 2015-07-02 

You don't have the permssions to download the attachments of this post.

17

Re: max daily rcpt per user

Looks like the problem is duplicate count for one single email. I have no idea now, it should work if you followed the tutorial strictly.

Do you also enable sender throttling in /etc/policyd.conf? Sender throttling should be DISABLED in /etc/policyd.conf, and ENABLED in  policyd_sender_throttle.conf.

18

Re: max daily rcpt per user

Yeah every email seems to be counted two times.
Don't you have any ideas about the auto enabling of throttling function in iredadmin?
I'm trying to understand why if throttle is disabled, postfix ban me anyway. Looks like very strange sad

19

Re: max daily rcpt per user

Policyd has a default throttling limit defined in config file /etc/policyd_sender_throttle.conf, please try to increase it to default value (5000) and test again:

SENDERMSGLIMIT=60

20 (edited by mr.cocco 2015-07-03 00:12:56)

Re: max daily rcpt per user

Hi Zhang, in /etc/policyd_sender_throttle.conf enabling SENDERTHROTTLE we can read:
#any envelope  sender that is not found in the database will fall back to the config defaults listed below.

Help me to understand pls: when I set throttling, Iredadmin writes into the database the limits that I configure via web interface. And this works.
For all other users (internal or external, authenticated or not) postfix fall back to the /etc/policyd_sender_throttle.conf defaults parameters. This is what happens to me.
Sender throttle is also applied for incoming mails, not only outgoing. Is it right?

What I have to do is disable throttling for all users (authenticated or not), and enable it only for users limited by Iredadmin. I'm going to find the solution...do you have any help for me?

Cocco

21

Re: max daily rcpt per user

mr.cocco wrote:

For all other users (internal or external, authenticated or not) postfix fall back to the /etc/policyd_sender_throttle.conf defaults parameters. This is what happens to me.

Correct.

mr.cocco wrote:

Sender throttle is also applied for incoming mails, not only outgoing. Is it right?

Sender throttle is applied to your users who performs smtp authentication, recipient throttle is applied to the emails you received.

mr.cocco wrote:

What I have to do is disable throttling for all users (authenticated or not), and enable it only for users limited by Iredadmin. I'm going to find the solution...do you have any help for me?

Wrong. Please try to increase default throttle setting in /etc/policyd*.conf (e.g. limit to 5000 messages so that user never reach this limit.), then try again.

22 (edited by mr.cocco 2015-07-03 01:52:53)

Re: max daily rcpt per user

Zhang,
this is what happens to me.

Every time an authenticated user send an email, iredadmin enable throttling in web panel using the default of /etc/policyd_sender_throttle.conf. Is it correct or I have to correct something?

Every time an external user send an email to one of my account policyd apply the default parameters of /etc/policyd_sender_throttle.conf. It don't use recipient throttle of /etc/policyd.conf. I have to correct it surely.

Other consideration:
if I comment out smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10032
I have no log of policyd activity in /var/log/maillog although I set DEBUG=3 in /etc/policyd.conf.

Would you please post me a default /etc/policyd.conf and /etc/postfix/main.cf files?

23

Re: max daily rcpt per user

mr.cocco wrote:

Every time an authenticated user send an email, iredadmin enable throttling in web panel using the default of /etc/policyd_sender_throttle.conf. Is it correct or I have to correct something?

It's enabled by Policyd, not iRedAdmin-Pro. iRedAdmin-Pro just shows data in Policyd SQL database.
Did you increase the default value of sender throttling in policyd_sender_throttle.conf?

mr.cocco wrote:

Other consideration:
if I comment out smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10032
I have no log of policyd activity in /var/log/maillog although I set DEBUG=3 in /etc/policyd.conf.

Sender throttling is enabled in /etc/policyd_sender_throttle.conf, and it listens on port 10032, so if you don't use 10032 in Postfix, throttling is not enabled.

mr.cocco wrote:

Would you please post me a default /etc/policyd.conf and /etc/postfix/main.cf files?

Policyd was dropped by iRedMail for years, i'm sorry that i don't have a default config file available now.
The setting in /etc/postfix/main.cf is just enabling Policyd in both smtpd_recipient_restrictions and smtpd_end_of_data_restrictions.

Do you plan to upgrade Policyd to Cluebringer?

24

Re: max daily rcpt per user

ZhangHuangbin wrote:
mr.cocco wrote:

Every time an authenticated user send an email, iredadmin enable throttling in web panel using the default of /etc/policyd_sender_throttle.conf. Is it correct or I have to correct something?

It's enabled by Policyd, not iRedAdmin-Pro. iRedAdmin-Pro just shows data in Policyd SQL database.
Did you increase the default value of sender throttling in policyd_sender_throttle.conf?

Yes I increased it to 5000, but is still applied to external and unauthenticated senders too.

ZhangHuangbin wrote:
mr.cocco wrote:

Other consideration:
if I comment out smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10032
I have no log of policyd activity in /var/log/maillog although I set DEBUG=3 in /etc/policyd.conf.

Sender throttling is enabled in /etc/policyd_sender_throttle.conf, and it listens on port 10032, so if you don't use 10032 in Postfix, throttling is not enabled.

I badly explained myself: If I sender throttling disabled and recipient throttling enabled (listenting on 10031 with DEBUG=3), should I see policyd activity in maillog? I think so but nothing has written in log file.

ZhangHuangbin wrote:
mr.cocco wrote:

Would you please post me a default /etc/policyd.conf and /etc/postfix/main.cf files?

Policyd was dropped by iRedMail for years, i'm sorry that i don't have a default config file available now.
The setting in /etc/postfix/main.cf is just enabling Policyd in both smtpd_recipient_restrictions and smtpd_end_of_data_restrictions.

Do you plan to upgrade Policyd to Cluebringer?

I'm going to dismiss Policyd and setup Cluebringer

25

Re: max daily rcpt per user

Cluebringer installed and running...All works as expected.
Thank you Zhang for your collaboration, I hope one day I will can help you!

Cocco