Re: [policyd-users] problems setting up smtp only server

Wed, 09 May 2007 13:54:28 -0700 

binoy wrote:
> On 5/10/07, David DeFranco <[EMAIL PROTECTED]> wrote:
>> Try removing "reject_unlisted_recipient" from your config.
>>
>> "reject_unauth_destination" is going to prevent you from becoming an open
>> relay.  Unless you have a specific list of valid recipients, or are doing
>> some other kind of real time address validation, "reject_unlisted_recipient"
>> is probably causing your issue.
> 
> I do have a specific list of valid senders (i.e. IP's which  are going
> to connect to the smtp server). tried  removing
> reject_unlisted_recipient without luck.

Be VERY careful about being an open relay.  All IP's listed in 
mynetworks have free reign to send whatever to whoever.

> Anyway i added check_policy_service inet:127.0.0.1:10031 to the
> beginning of the list and policyd is now checking emails, i have the
> following in the throttle table
> 
> INSERT INTO throttle \
>  (_from,_count_max,_quota_max,_time_limit,_mail_size,_date,_priority)
>  VALUES ('12.64.95.73',      # from address
>           2,                # maximum messages per time unit
>           2500,         # size in bytes
>           600,             # time unit in seconds
>           10240000,          # maximum message size
>           UNIX_TIMESTAMP(),  # current time
>           1);               # priority of record
> 
> 
> and it is not working. below is the output from the command prompt
> ======================================

How did you determine it was not working?
Max messages =2 and you sent 1 message, it should go through.
Size is very tricky and there is only one way it will work.  You'll have 
to search the archives for that solution, and be prepared to read 
several posts about the issues with it.

> DEBUG: saved fd: numi = 0, connfd = 4
> connection from: 127.0.0.1 port: 34897 slots: 0 of 4096 used
> DEBUG: fd: 4 select(): fd 4 is ready for read
> DEBUG: fd 4: w_read: returning -2 after reading 548 bytes
> DEBUG: fd: 4 policy_array[4][0]:request=smtpd_access_policy
> DEBUG: fd: 4 policy_array[4][1]:protocol_state=rcpt
> DEBUG: fd: 4 policy_array[4][2]:protocol_name=esmtp
> DEBUG: fd: 4 policy_array[4][3]:client_address=12.64.95.73
> DEBUG: fd: 4 
> policy_array[4][4]:client_name=frndsatwork.domain.net.frndsatwork.domain.ne
> DEBUG: fd: 4 
> policy_array[4][5]:reverse_client_name=frndsatwork.domain.net.frndsatwork.domai
> DEBUG: fd: 4 policy_array[4][6]:helo_name=[12.64.95.73]
> DEBUG: fd: 4 policy_array[4][7]:[EMAIL PROTECTED]
> DEBUG: fd: 4 policy_array[4][8]:[EMAIL PROTECTED]
> DEBUG: fd: 4 policy_array[4][9]:recipient_count=0
> DEBUG: fd: 4 policy_array[4][10]:queue_id=
> DEBUG: fd: 4 policy_array[4][11]:instance=448b.46423027.c6dfe.0
> DEBUG: fd: 4 policy_array[4][12]:size=0
> DEBUG: fd: 4 policy_array[4][13]:etrn_domain=
> DEBUG: fd: 4 policy_array[4][14]:sasl_method=
> DEBUG: fd: 4 policy_array[4][15]:sasl_username=
> DEBUG: fd: 4 policy_array[4][16]:sasl_sender=
> DEBUG: fd: 4 policy_array[4][17]:ccert_subject=
> DEBUG: fd: 4 policy_array[4][18]:ccert_issuer=
> DEBUG: fd: 4 policy_array[4][19]:ccert_fingerprint=
> DEBUG: fd: 4 policy_array[4][20]:encryption_protocol=
> DEBUG: fd: 4 policy_array[4][21]:encryption_cipher=
> DEBUG: fd: 4 policy_array[4][22]:encryption_keysize=0
> DEBUG: fd: 4 host_array[4][0]: frndsatwork.domain.net.frndsatwork.domain.ne
> DEBUG: fd: 4 host_array[4][2]: 12.64.95.73
> DEBUG: fd: 4 host_array[4][3]: 12.64.95.%
> DEBUG: fd: 4 host_array[4][4]: 12.64.%.%
> DEBUG: fd: 4 host_array[4][5]: 12.%.%.%
> DEBUG: fd: 4 host_array[4][6]: nate
> DEBUG: fd: 4 host_array[4][7]: domain.net
> DEBUG: fd: 4 host_array[4][8]: nate
> DEBUG: fd: 4 host_array[4][9]: domain.net
> DEBUG: fd: 4 triplet_array[4][0]: 12.64.95
> DEBUG: fd: 4 triplet_array[4][1]: [EMAIL PROTECTED]
> DEBUG: fd: 4 triplet_array[4][2]: [EMAIL PROTECTED]
> DEBUG: fd: 4 triplet_array[4][3]: 0
> DEBUG: fd: 4 triplet_array[4][5]: 12.64.95.73
> DEBUG: fd: 4 triplet_array[4][6]: 448b.46423027.c6dfe.0
> DEBUG: fd: 4 checking whitelist
> DEBUG: fd: 4, db_optquery(): SELECT COUNT(*) FROM whitelist WHERE
> _whitelist='12.64.95.73' OR _whitelist='12.64.95.%' OR
> _whitelist='12.64.%.%' OR _whitelist='12.%.%.%'
> DEBUG: fd: 4 row: 0 data: 0 (recieved)
> DEBUG: fd: 4 row: 0 data: 0 (extracted)
> DEBUG: fd: 4 whitelist not found: 12.64.95.73
> DEBUG: fd: 4 checking greylist
> DEBUG: fd: 4 db_doquery(): SELECT _count,_datenew,_datelast FROM
> triplet WHERE _host='12.64.95' AND _from='[EMAIL PROTECTED]' AND
> _rcpt='[EMAIL PROTECTED]'
> DEBUG: fd: 4 row: 0 data: 4 (recieved)
> DEBUG: fd: 4 row: 0 data: 4 (extracted)
> DEBUG: fd: 4 row: 1 data: 1178740908 (recieved)
> DEBUG: fd: 4 row: 1 data: 1178740908 (extracted)
> DEBUG: fd: 4 row: 2 data: 1178741699 (recieved)
> DEBUG: fd: 4 row: 2 data: 1178741699 (extracted)
> DEBUG: fd: 4 db_doquery(): UPDATE triplet SET
> _datelast='1178742823',_count=_count+1 WHERE _host='12.64.95' AND
> _from='[EMAIL PROTECTED]' AND _rcpt='[EMAIL PROTECTED]'
> rcpt=1, greylist=update, host=12.64.95.73
> (frndsatwork.domain.net.frndsatwork.domain.ne), [EMAIL PROTECTED],
> [EMAIL PROTECTED], size=0
> DEBUG: fd: 4 select(): fd 4 is ready for write
> DEBUG: fd: 4 returning after 14 bytes of data written
> ======================================
> ======================================
> 
> 
>>
>>
>> On 5/9/07, binoy <[EMAIL PROTECTED]> wrote:
>>> that gives me 'Relay Access Denied'. Infact adding permit_mynetworks
>>> in any order except as the first option gives the same error.
>>>
>>> any other way to setup the IP restriction other than adding it in
>> my_networks ?
>>>
>>>
>>> On 5/9/07, John Beaver <[EMAIL PROTECTED]> wrote:
>>>> binoy wrote:
>>>>> hi,
>>>>> my first message to the list. This might be RTFM but here goes.
>>>>>
>>>>> I'm setting up a postfix smtp only server. I wanted to restrict
>>>>> 1. IP's that can send through the server.
>>>>> 2.  the number of emails that can be sent via a Ip per hour.
>>>>>
>>>>> for (1) I added the allowed IP's  to mynetworks and it kinda works,
>>>>> sending from other ip's gives a relay error
>>>>>
>>>>> for (2) I decided to implement policyd. the service is running on the
>>>>> port, however i am lost at the configuration of postfix. README
>>>>> mentions the following
>>>>>   smtpd_recipient_restrictions =
>>>>>     reject_unauth_destination
>>>>>     reject_unlisted_recipient
>>>>>     check_policy_service inet:127.0.0.1:10031
>>>> Add permit_mynetworks after this line.
>>>> This will allow all emails to be checked by the policy server first,
>>>> then allowed to send by the permit_mynetworks.
>>>>
>>>>     smtpd_recipient_restrictions =
>>>>       reject_unauth_destination
>>>>       reject_unlisted_recipient
>>>>       check_policy_service inet: 127.0.0.1:10031
>>>>       permit_mynetworks
>>>>
>>>>
>>>> john beaver
>>>>
>>>>
>> -------------------------------------------------------------------------
>>>> This SF.net email is sponsored by DB2 Express
>>>> Download DB2 Express C - the FREE version of DB2 express and take
>>>> control of your XML. No limits. Just data. Click to get it now.
>>>> http://sourceforge.net/powerbar/db2/
>>>> _______________________________________________
>>>> policyd-users mailing list
>>>> policyd-users@lists.sourceforge.net
>>>>
>> https://lists.sourceforge.net/lists/listinfo/policyd-users
>>>
>> -------------------------------------------------------------------------
>>> This SF.net email is sponsored by DB2 Express
>>> Download DB2 Express C - the FREE version of DB2 express and take
>>> control of your XML. No limits. Just data. Click to get it now.
>>> http://sourceforge.net/powerbar/db2/
>>> _______________________________________________
>>> policyd-users mailing list
>>> policyd-users@lists.sourceforge.net
>>>
>> https://lists.sourceforge.net/lists/listinfo/policyd-users
>>
>>
>> --
>> David DeFranco
>> Wolf in Sheeple's clothing
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by DB2 Express
>> Download DB2 Express C - the FREE version of DB2 express and take
>> control of your XML. No limits. Just data. Click to get it now.
>> http://sourceforge.net/powerbar/db2/
>> _______________________________________________
>> policyd-users mailing list
>> policyd-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/policyd-users
>>
>>
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> policyd-users mailing list
> policyd-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/policyd-users

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
policyd-users mailing list
policyd-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/policyd-users

Reply via email to