Ross Tsolakidis a écrit :
>> I had to resort to installing postfix-policyd to rate limit them.
>> (Make sure you have Squirrel use auth so regardless of forged-from
>> lines, you still rate limit accounts).
>
> I've just been playing with postfix-policyd (debian package 1.80).
>
> The only way I could get it working was by using the following command
> in main.cf
> smtpd_end_of_data_restrictions = check_policy_service
> inet:127.0.0.1:10031
>
> Definitely looks good, however, once configured, it blocks 127.0.0.1 :(
> Which of course is correct as that is the IP sending via webmail !
> I've missed something here.
>
create a specific smtpd for webmail (say on port 8025) and configure
your webmail to use it. then for this smtpd:
127.0.0.1:8025 .... smtpd
-o smtpd_sender_restrictions=${webmail_client_restrictions}
...
and in main.cf
webmail_sender_restrictions=
# only accept senders from our domains ...
check_sender_access ...
# rate limit with policyd
check_policy_service ...
...
> [snip]
