Mike DeRosa wrote: > Thanks John, > > Do you recommend any settings for postfix's main.cf or the throttle > config? More specifically, im wondering if its better to use HOST base > throttling or SASL, as well as where in postfix's config it should go so > that it only scans for throttling the outgoing messages of our users >
I personally use SASL because I needed it per user. Depends on what you need to accomplish. If your using a single instance of postfix, I can't help you there. It didn't work for me, which is why I run two postfix instances. My outgoing postfix instance config is minimal and requires SASL. I have everything in one class. smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_policy_service inet:127.0.0.1:10031, permit_sasl_authenticated, reject > > John Beaver wrote: >> Clearcable Networks - Mike D. wrote: >> >>> Good Afternoon, >>> >>> We recently implemented policyd on our MX servers, which also handle >>> outbound SMTP for clients. For this, i whitelisted our IP blocks for >>> greylisting, but recently discovered that this also exempted the hosts >>> from the THROTTLE feature. Now, when a user is infected with a >>> virus/spambot, the servers seem to allow the mail through (thousands!) >>> and ignore the throttle function of policyd. However, if i remove the >>> whitelisting, then every user gets a "greylisting" error every time they >>> try to send mail through the server >>> >>> If someone can point me in the right direction of being able to >>> whitelist our IP blocks/hostnames for greylisting in policyd but not for >>> throttling, that would be great. I was thinking of trying to run >>> another instance of policyd using a different port for JUST throttling, >>> but thought there must be better way >>> >> Running another instance is exactly what you will need to do. >> I also use a second postfix instance because my outgoing instance (to >> the Internet) has different rules that my incoming instance (from the >> Internet). >> For example, I don't want to scan for spam on mail my users send, but I >> do scan on incoming messages. Same thing for policyd. I use one >> instance configured for throttling on my outgoing instance, and I use a >> second instance configured for greylisting (and other things) on the >> incoming instance. >> >> john beaver >> >> ------------------------------------------------------------------------- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to share your >> opinions on IT & business topics through brief surveys-and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> policyd-users mailing list >> policyd-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/policyd-users >> >> > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > policyd-users mailing list > policyd-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/policyd-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
