IRedMail/FAQ/Enable.Throttling/Debian.Ubuntu

From iRedMail
(Difference between revisions)
Jump to: navigation, search
 

Latest revision as of 09:54, 22 April 2013

iRedMail ships Policyd-1.8.x for sender & recipient throttling, but it's disabled by default. You can enable it by follow below steps on Debian:

We choose to run two Policyd instances/daemons:

  • one listens on port 10031, used for greylisting, white/blacklisting and recipient throttling.
  • another one listens on port 10032, used for sender throttling.

Here we go:

  • Disable sender throttling in /etc/postfix-policyd.conf, but enable recipient throttling. Warning: This is NOT the complete file.
File: /etc/postfix-policyd.conf
SENDERTHROTTLE=0
SENDER_THROTTLE_SASL=0
SENDER_THROTTLE_HOST=0

# Enable recipient throttling in this instance, will be invoked in Postfix
# smtpd_recipient_restrictions.
RECIPIENTTHROTTLE=1
  • Enable throttling in /etc/postfix-policyd_throttle.conf. Warning: This is NOT the complete file.
File: /etc/postfix-policyd_throttle.conf
SENDERTHROTTLE=1
SENDER_THROTTLE_SASL=1
SENDER_THROTTLE_HOST=0

# Disable recipient throttling in this instance.
# Recipient Throttling can not work at smtpd_end_of_data_restrictions. Policyd v2 (a.k.a. Cluebringer)
# overcomes this and tracks the recipients for each smtpd instance. To track quotas
# precisely v2 can be used in smtpd_recipient_restrictions and smtpd_end_of_data_restrictions.
# v2 knows about the various restrictions.
# Reference: http://comments.gmane.org/gmane.mail.postfix.policyd/826
RECIPIENTTHROTTLE=0

WHITELISTING=0              # <-- If set to 1, throttling won't work!
BLACKLISTING=0
BLACKLIST_HELO=0
BLACKLISTSENDER=0
HELO_CHECK=0
SPAMTRAPPING=0
GREYLISTING=0
  • Save below content as file /etc/init.d/postfix-policyd_sender_throttle. This is the complete file.
#! /bin/sh
### BEGIN INIT INFO
# Provides:          postfix-policyd_throttle
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/postfix-policyd
CONFIG=/etc/postfix-policyd_throttle.conf
PIDFILE='/var/run/policyd_throttle.pid'
NAME=postfix-policyd_throttle
DESC="Postfix throttling policy daemon"

test -x $DAEMON || exit 0

# Include policyd defaults if available
#if [ -f /etc/default/postfix-policyd ] ; then
#       . /etc/default/postfix-policyd
#fi

set -e

PIDFILE=`grep "PIDFILE" $CONFIG | awk -F "=" '{print $2}' | awk '{print $1}'`

case "$1" in
  start)
        echo -n "Starting $DESC: "
        start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- -c $CONFIG
        echo "$NAME."
        ;;
  stop)
        echo -n "Stopping $DESC: "
        start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
        echo "$NAME."
        ;;
  reload|force-reload)
        echo -n "Reloading $DESC configuration: "
        start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON
        echo "$NAME."
        ;;
  restart)
        echo -n "Restarting $DESC: "
        start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
        sleep 1
        start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- -c $CONFIG
        echo "$NAME."
        ;;
  *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
        exit 1
        ;;
esac

exit 0
  • Start policyd via /etc/init.d/postfix-policyd_sender_throttle:
Terminal:
# chmod 0755 /etc/init.d/postfix-policyd_sender_throttle
# update-rc.d postfix-policyd_sender_throttle defaults
# /etc/init.d/postfix-policyd_sender_throttle restart
# /etc/init.d/postfix-policyd restart

Now run command netstat to see if everything is working right. You should get two lines of output like below:

Terminal:
# netstat -ntlp | grep -i 1003
tcp        0      0 127.0.0.1:10031             0.0.0.0:*                   LISTEN      3454/policyd        
tcp        0      0 127.0.0.1:10032             0.0.0.0:*                   LISTEN      3459/policyd

The most important info is port numbers: 10031, 10032.

  • Enable throttling in Postfix /etc/postfix/main.cf. The following line should already be there, but commented out by default. Uncomment it. If it's not there, add it.
File: /etc/postfix/main.cf
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10032
  • Restart postfix to re-read new configuration.
Terminal:
# /etc/init.d/postfix restart

That's all.

If it works, you'll find lines similar to the following in /var/log/mail.log.

postfix-policyd: rcpt=81, throttle=update(a), host=127.0.0.1,
from=robert@example.com, to=someone@spamtrap.net, size=1749/10240000,
quota=30611/250000000, count=9/50(9), rcpt=9/3600(9), threshold=0%|16%|0%

Refer to Policyd official documentation to set throttling: http://policyd.sourceforge.net/readme.html

Personal tools