Andy Lee wrote:
I just tried defer_code=451 but my logs are still showing that
defer_if_permit is using 450. Can anyone else confirm? I am running
Postfix 2.1.5.
This needs to go to the Postfix mailing list.
Cami
-
This
jibie wrote:
If one really wanted to do this in Policyd, you will need to run 2
instances of Policyd. (one doing sender throttling by SASL/from
addresses and another instance throttling by HOST addresses).
Haha =) This is exactly what I thought of initially, but I dismissed it
as a bad
Vladimir wrote:
I'm having some difficulty getting policyd working under Postfix 2.3.3
under Centos. I would like to use it in the SMS gateway scenario where I
limit the amount of messages that can be sent out to an external address
in a period of time.
I compiled, installed and started
Dean Manners wrote:
-
Jun 15 12:02:55 secondary postfix-policyd: connection from: 127.0.0.1 port:
49516 slots: 8 of 4096 used Jun 15 12:02:55 secondary postfix-policyd:
DEBUG: fd: 8 select(): fd 8 is ready for read Jun 15 12:02:55 secondary
postfix-policyd: DEBUG: fd: 8 connection got an
Dean Manners wrote:
Cami,
My apologies. Debian sarge (2.4.18 kernel). Policyd was backported
from testing to sarge.
# dpkg --list |grep policyd
ii postfix-policyd 1.80-2.1
anti-spam plugin for Postfix
Installed with Debians apt-get, from our custom package
Chris Covington wrote:
hello list, Cami,
I've been using policyd since July 2005 and it's been the best thing
since sliced bread for us. I would like to make a feature request (or
perhaps this can be configured without changing policyd). I would
like to, for domains which require very
Leonardo Rodrigues Magalhães wrote:
Cami Sardinha escreveu:
I was thinking about this feature request. I personally greylist
all incoming mail but i can see merit in your idea since (apparently)
up to 95% of spam originates from windows based machines.
I don't have time to write this type
Hi All,
With immediate effect, I'm happy to announce that
Nigel Kukard ([EMAIL PROTECTED]) will be taking over
Policyd. He knows the code fairly well and is
responsible for the non-blocking read()/write()
code that was included some time ago.
I'll be working together with him at the start but
he
Nigel Kukard wrote:
Policyd now has a developers mailing list, policyd-devel. The purpose of
this list is to provide an environment for the developers of Policyd,
entities maintaining their own patchsets or anyone with something to
contribute to come and discuss. This list is aimed at the
Joe Lanager wrote:
Cami,
So once I've identified and added the MTA/networks I want to the
whitelist I can just run a query to empty out the triplet table?
Yup, TRUNCATE TABLE triplet; is the better option.
Cami
-
This
Matt Beckman wrote:
Thanks, John.
How can I determine if it is down? I opened a telnet session on port 10031 to
localhost and it connected. I didn't issue any commands, though, if you have
some testing suggestions. Also, the logs show that postfix-policyd connected
(including showing the
Jan-Frode Myklebust wrote:
We run policyd v1.81 as user/group policyd, chroot to an empty
directory /var/empty/policyd/. But then policyd isn't able to
resolve my MYSQLHOST hostname. If I use ip-address it works fine.
It complains:
policyd: connecting to mysql database:
Leonardo Rodrigues Magalhães wrote:
I would like to greylist connections that are trying to send messages
to unknown addresses. Today those connections receives 'unknown user'
and policyd never heard of them. I would like them to receive the Policy
Rejection because of greylist=new
Stanislav Sinyagin wrote:
It would be great to implement a new option in policyd.
Technically it should not be difficult.
The new option would list a backup MySQL server/dbname/user/password,
and if it's specified, every INSERT statement is duplicated on that server.
This would allow an
Stanislav Sinyagin wrote:
--- Cami Sardinha [EMAIL PROTECTED] wrote:
And what happens when someone requests a 3rd, 4th and 5th MySQL
backup option?
nobody would need that :)
The approach that I suggested would work perfectly for 1+1 redundancy.
If someone wants a bigger redundancy
Hi Aslan,
I've see more information about the table throttle_from_instance, and I
found this old thread in the list.
http://www.mail-archive.com/policyd-users%40lists.sourceforge.net/msg00221.html
Cami, you said that we can truncate the table throttle_from_instance
once a month, why is
Voytek Eymont wrote:
I'm running Postfix with popb4smtp and policyd, it all works well.
however, I've now tried sending email from my Palm hand/held over GPRS;
I do a POP retrieve pass, wait, then try to send, however, Snapper mail
fails to send and says like below:
am I getting
Dave wrote:
Policyd seems to be taking a huge chunk of memory - is there any way I can
control it?
Currently it runs in 34032 kB. This wasn't a problem when I had a whole
server but I'm currently running on a memory-restricted VPS and I can't see
why it wants so much memory. The server
Fernando Schubert wrote:
Hi everybody!
I`m facing a problem with SENDERTHROTTLE
I use it to enforce quota in a small mail cluster (8 servers)
environment. I have large traffic and I`m encountering some problems
with throttling.
My defaults are 1000 mails or 40Mb of data in 24 hours. But
Xavier Beaudouin wrote:
Since there is not yet (is this planned?) SPF support to policyd, does
someone here has a good idea for spf policy server for postfix ?
This functionality will not be built into Policyd, there is a different
policy server which does SPF checking.
Cami
Jordi Espasa Clofent wrote:
#
# port to bind to:
#
# port which the policy daemon will listen on
#
BINDPORT=10031
I think this is correct and there is not any service in this port:
[EMAIL PROTECTED] ~]# netstat -punta | grep LISTEN
tcp0 0 127.0.0.1:10024
Fernando Schubert wrote:
Hi!
I have a question about throttle - SENDERTHROTTLE -(one more, sorry). In
the readme it states that `pass` meains a failure.
I`m having thousand messages from pass like this:
Aug 24 03:27:32 srv-06-lb postfix-policyd-sf: rcpt=3132219, throttle=pass
And also
am.lists wrote:
Recently, I was emailing a system admin at one of the major ISPs. He
told me that we were blocked for going over their throttle limits,
which he described as 10 simultaneous connections per IP and 100
messages per hour.
Now. I use policyd 1.8x and know that I can do the
John Beaver wrote:
Cami Sardinha wrote:
Tobias Kreidl wrote:
If one is running multiple SMTP servers, is there any harm running
cleanup from each one
at the same time via a cron job, or is it better to stagger the times a bit?
If all your SMTP servers are connecting to the SAME / SINGLE
Cami Sardinha wrote:
Geert Hendrickx wrote:
Hi,
has anyone experienced bad interaction between greylisting and (by default)
low smtpd_hard_error_limit settings in postfix? Our smtpd_hard_error_limit
has always been pretty high so I can't tell from my own experience. But
with greylisting
Geert Hendrickx wrote:
On Thu, Aug 30, 2007 at 02:32:08PM +0200, Cami Sardinha wrote:
As Wietse has pointed out, you should be whitelisting the legitimate bulk
senders..
In an ISP environment, it is not obvious to know all your legitimate smtp
clients..
Indeed. We had training mode running
Geert Hendrickx wrote:
On Thu, Aug 30, 2007 at 03:27:08PM +0200, Cami Sardinha wrote:
Indeed. We had training mode running for about 2 months in
order to identify the top senders / email addresses. After
that point when people complained, they were whitelisted.
There was a 2 - 3 weeks
Artem Bokhan wrote:
You can not use greylisting without *all* the required information
needed to make the triplet.
Without ignorance of principles I can't ) With ignorance - I can. The
result in most sutiations will be the same.
If something is unclear about the last paragraph, feel free
Artem Bokhan wrote:
The hole comes from the fact that batch mailers / spammers
who often send in batches of 25/50/100 no longer have do
have greylisting applied to all the intended recipients.
If the one message from the batch passes through greylisting, then
reasonably to assume, that
Artem Bokhan wrote:
Under high load policyd (1.81) stalls with 100% cpu load and excessive
select() in strace
Any suggestions?
What types of load? Why are there so many concurrent connections open
to Policyd? What is the maximum amount of connections you've configured
Policyd to allow?
Artem Bokhan wrote:
Cami Sardinha ?:
What types of load?
What do you mean? :) policyd begin to eat 100% of one cpu core, even
after stopping postfix. The only way to fix that is restarting policyd.
Do you only have 1 machine as your MX? Do you run Policyd on
the same server as your
Tobias J. Kreidl wrote:
Where is the maximum number of concurrent policyd processes defined?
Is it defined/restricted by the limit of file descriptors?
Correct. Depending on your OS, ulimit -n will show the limit and
starting Policyd up in DEBUG=3 mode will show if its managed to
override that
Tobias J. Kreidl wrote:
So, in the case of 5k connections per minute, the server is probably
saturated... does policyd log that it's reached its limit?
Connections per minute do not mean much. Concurrent connections
is what matters. It should log when its limit has been reached.
If more
Tobias Kreidl wrote:
As to the choice of 100,000 as the query limit, I would think this
would be machine- and database-dependent to some extent, and still think
it might be a good idea to at least allow the system administrator to
respecify it (but leave the default where it is). Is
Olivier Smedts wrote:
I now think that policyd doesn't need even a little modification to make
it work perfectly with MySQL replication. It seems that there is no need
for IF EXIST or IF NOT EXIST because UPDATE and DELETE can be made
on non-existent keys, and INSERT DELAYED doesn't
Arvinn Løkkebakken wrote:
Michael Brennen wrote:
On Monday 03 December 2007, Arvinn Løkkebakken wrote:
I have set DAEMON=1 in the config.
I have some troubles with running policyd as a daemon though. Every time
after starting policyd in a ssh terminal I am not able to end the ssh
Arvinn Løkkebakken wrote:
What am I trying to do? I am trying to internally in policyd pick
certain recipient domains that will not be subjected to greylisting. I
want all other recipient domains to be subjected to greylisting. I
however do not want to maintain a list of all my recipient
Artem Bokhan wrote:
Quota works but _abuse_tot doen't change.
It does change.
Can somebody point me the reason of such behavior?
_abuse_tot counts the number of times a specific
email address / domain has been blacklisted.
This is used for internal Policyd use only.
Cami
Tobias Kreidl wrote:
Why 0 days and 1h? These look like the default, rather than the
actual values in the policyd.conf file.
Is there a bug in cleanup or am I doing something incorrectly?
None. Its strictly a cosmetic DEBUG printf()/logmessage() that
was left behind. Things are working as it
Sebastian Tymków wrote:
I wonder if it's normal behaviour that when I try to send email with
few addresses policyd counts only last one insted of all
emails. Maybe my configuration is wrong ?
Is there any workaround to count all emails ?
Please supply DEBUG=3 Postfix logging that
Roland Rosenfeld wrote:
The triplet table currently contains 5.5M entries and every hour ~250k
entries are expired. Without maintenance this took some minutes now.
So I tried a mysqlcheck -r on the database (which took only two
minutes) and after this cleanup runs much faster.
5.5M entries
Roland Rosenfeld wrote:
On Tue, 18 Mar 2008, Cami Sardinha wrote:
Policyd was test/written for MySQL 4.x. This doesn't mean it
shouldn't behave the same for v5. Unless i'm mistake (or things have
changed between versions), using DELETE QUICK on an
auto-incrementing row is where holes
Alexandru Constantinescu wrote:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_recipient_access mysql:/etc/postfix/mysql-recipient.cf,
reject_unauth_destination,
permit_mx_backup,
permit_auth_destination,
check_policy_service inet:127.0.0.1:10031,
The
[EMAIL PROTECTED] wrote:
Hi Cami
I would be willing to try, though it would require some manpower and
thus has to be planned in advance because more than one team is affected
(we do not administer the SQL server, only Postfix and relevant
processes).
As Nigel has pointed out, changing it
Dominique Feyer wrote:
We use a setup with an InnoDB on our cluster (10'000 domains, 100'000
accounts). We convert MyISAM to InnoDB without problem. The only one
chage in Policyd is the INSERT DELAY - INSERT
With a policyd database size of 3.4Go on a dual xenon 2.4Ghz 6Go RAM it
Edi Füllemann wrote:
invalid triplet_array[8][2]: (recipient throttle):
As I have turned off everything except throttling, I do not expect policyd to
care about triplets.
The server is debian etch with policyd version 1.80
This is from main.cf
smtpd_recipient_restrictions =
Nigel Kukard wrote:
Recipient Throttling can not work at smtpd_end_of_data_restrictions.
What happens when 1 message has multiple recipients?
Cami
Yes, the problem arises as soon as there is a message with more than one
recipient. As far as I know, Postfix does not pass multiple
Joe Sloan wrote:
[bump]
no one has any idea?
Joe
Sloan wrote:
One thing that is not clear to me despite reading the docs, is this:
When a domain or address is whitelisted, is it exempted from all
tests, or from greylisting only?
In Policyd v1, all tests.
Cami
48 matches
Mail list logo
