Hi, On Mon, 9 Feb 2026 at 21:36, Alex via Postfix-users <[email protected]> wrote: > > Hi, > I have a fedora43 system with postfix and managed to get cbpolicyd running. > Now I can't figure out how to connect it to postfix only for submission users. > The problem I'm trying to address is to limit runaway sasl-authenticated > accounts that are compromised and sending spam.
I am using it for the same purpose. You can keep it in the recipient restrictions (but sender restrictions are better). In the web interface, you define Quotas to track "SASLUsername". So it will ignore email with no authenticated username. I then define several Policies Groups and assign some SASL users (in the format "[email protected]") to those groups to allow some senders higher volumes. I have modified the web interface, so it allows me to define Action as PREPEND - it just prepends my custom header to the email and I use header_checks to put the tagged emails into the HOLD postfix queue for manual release/delete. Besides this, I have a monitoring script which counts from how many countries a single SASL login has been logged in the last 24 hours. In case too many, it creates an alert + automatically adds the login to the Policy Group which has only 1 mail per day allowed. But we will switch to Geo-locking the accounts soon. -- bye, Marki _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
