Re: postfix rsyslog not logging
If /dev/log would not be hardcoded in syslog.h it would be possible to make the socket configurable in postfix and output directly to the rsyslog process. :-( On 2017-01-23 15:04, wie...@porcupine.org wrote: And the logging daemon uses more CPU than Postfix. We're back 20 years ago. -- https://markusbenning.de/
Re: postfix rsyslog not logging
Hi, on most linux distributions /dev/log is owned by systemd-journald these days. Check if your logs reach the journal: journalctl -u postfix If thats the case, check if rsyslog reads logs from journald: $ModLoad imjournal Markus On 2017-01-22 16:41, Bartłomiej Solarz-Niesłuchowski wrote: Suddenly after upgrade to FC25 postfix stops logging in /var/log/maillog. in /etc/rsyslog.conf is: mail.* -/var/log/maillog -- https://markusbenning.de/
Re: Customize log messages?
On 2016-12-02 15:10, Michael Munger wrote: This is a great idea. This is a spam filter that is integrated into a CRM system, so I needed to parse and dump the information so it could be sucked up later. Here's what I ultimately created. It still needs some work (mainly because it re-reads the whole file every time, and I should use timestamps and a half-interval search algorithm to find the last-processed time stamp. I am relying on log rotate to make it not-too-terribly-big). https://github.com/mjmunger/postfix-log-parser Maybe you want to take a look at my saftpresse project: https://github.com/benningm/saftpresse Its a event pipe/log analyzer. Its modular and the Postfix plugin is based on refactured code of the pflogsum script: https://github.com/benningm/saftpresse/blob/master/lib/Log/Saftpresse/Plugin/Postfix.pm It has a syslog and systemd-journald input and could output to elasticsearch. It may be easier to query an elasticsearch index than parsing logs. Or you just click together some reports with kibana. I remeber that somewhere there was a plugin or PDF generator for it. Markus -- https://markusbenning.de/
Re: Policy server problem: connection timed out or connection reset by peer
On 2016-08-17 17:34, Zhang Huangbin wrote: I got a problem with my own Postfix policy server (written in Python). Postfix usually works fine with it, but sometimes it raised error like this: Aug 17 08:32:52 mail1 postfix/smtpd[24298]: warning: problem talking to server 127.0.0.1:1234: Connection reset by peer Aug 17 08:34:05 mail1 postfix/smtpd[24771]: warning: problem talking to server 127.0.0.1:1234: Connection timed out Then time Postfix raised these errors, my policy server is still working and properly processing requests (checked its log file). Your policy daemon may not be able to handle the incoming request fast enought. If new connections are not processed the linux kernel will maintain a backlog of ESTABLISHED connections. The size of this queue is set with the listen() call. If your connections stay too long in this state the client (postfix) will decide to abort with an timeout. If the backlog overflows it depend on the value of: sysctl net.ipv4.tcp_abort_on_overflow what happens. Depending on your syncookie setting in the kernel it may also report a possible SYN flood condition in this case. (check dmesg) The connection reset may also occur when you client activly closes the connection. eg. in case of failure and the process is closed by the kernel Is suggest that you check what slows or blocks processing of the request in your policy daemon. Does it do lookups which also may timeout? Are there lock conditions? If everything is fine it may also be a scaling problem with the architecture of your policy daemon. If your daemon just uses a single threaded accept loop a single request could block/slow down the whole daemon. If you're using a async event loop you may do things which block for too long. If you're using a prefork model you may have not enought processes running or processing of a single request takes too long. You should also check if postfix uses more keepalive connection then your policyd is able to process in parallel. In this case the keepalive connection may block all available slots. In this disable it with setting smtpd_policy_service_request_limit=0. Markus -- https://markusbenning.de/
Re: Brutal attacks
On 2016-07-09 18:34, Robert Schetterer wrote: additional fail2ban, but log parse was to slow at my side and for sure use postscreen Its possible to trigger fail2ban from a policyd: https://www.mtpolicyd.org/documentation.html#Mail::MtPolicyd::Plugin::Fail2Ban Markus -- https://markusbenning.de/
Re: No From: address in policy delegation protocol?
On 2016-06-28 07:46, Zhang Huangbin wrote: I have a simple Postfix policy server, and got a problem to reject sender login mismatch (sender != sasl_username) with Outlook 2016: user is able to specify a From: address, it would be any address you want, and the From: address is not passed to policy server. I can reproduce this issue with a simple Python program: *) construct mail message with forge sender address. e.g. 'From:' *) send email as normal/legal user "auth_u...@my-domain.com" with smtp auth. *) while sending email, specify the sender address as "auth_u...@my-domain.com". *) When user received the email, his MUA shows the address in 'From:' as sender. In this case: - address 'fo...@forge.com' is not available in policy server - attributes 'sender=' and 'sasl_username' are 'auth_u...@my-domain.com' So the question is, does Postfix parse the submitted mail message to get 'From:' address? How can i overcome this? Policy service is just a table lookup. From what restriction do you call the policy lookup? The From: is a header instead of a smtp protocol field. It may be only available within a header check. It may be easier to implement such a check within a content filter. For example within a spamassassin rule/plugin. Markus -- https://markusbenning.de/
Re: simple greylisting by geoip? milter or policy server?
On 2016-06-14 02:28, list...@tutanota.com wrote: I am considering the installation of Greylisting with Postfix. I want it only for one condition, to greylist mail originating from certain countries. Hi, may be mtpolicyd is an option for you: https://www.mtpolicyd.org It is a modular policyd and ships with a plugin for geoip. It works like this: module = "GeoIPLookup" database = "/usr/share/GeoIP/GeoIP.dat" module = "GeoIPAction" result_from = "geoip" country_codes = "DE,AT,CH,FR,IT" mode = passive score = -1 module = "GeoIPAction" result_from = "geoip" country_codes = "RU,UA,CN,IN" mode = passive score = 5 Instead of a score you could also set actions: module = "GeoIPAction" result_from = "geoip" country_codes = "AQ" mode = "reject" reject_message = "too cold" Theres also a Greylisting plugin. You can combine them for conditional greylisting: module = "ScoreAction" threshold = 5 module = "Greylist" score = -5 mode = "passive" # activating the autowl will require a SQL database use_autowl = 0 Markus -- https://markusbenning.de/
[PATCH] Re: cyrus saslauthd error handling
On 2016-04-06 16:19, Benning, Markus wrote: In sasl.h: #define SASL_FAIL -1 /* generic failure */ Could this one be added to the AUTH_TEMP case? I took a look at the cyrus-sasl code in lib/checkpw.c and most error cases there return SASL_FAIL. Wrong credentails return SASL_BADAUTH, SASL_NOAUTHZ or something like SASL_PWLOCK, etc. A list of codes is in but i could not find much documentation about its usage. As server side error should result in an temporary smtp error code i suggest to map at least SASL_FAIL to the XSASL_AUTH_TEMP status. diff --git a/postfix/src/xsasl/xsasl_cyrus_server.c b/postfix/src/xsasl/xsasl_cyrus_server.c index 95c470d..91f93ab 100644 --- a/postfix/src/xsasl/xsasl_cyrus_server.c +++ b/postfix/src/xsasl/xsasl_cyrus_server.c @@ -480,6 +480,8 @@ static int xsasl_cyrus_server_auth_response(int sasl_status, sasl_status = SASL_BADAUTH; vstring_strcpy(reply, xsasl_cyrus_strerror(sasl_status)); switch (sasl_status) { + case SASL_FAIL: + case SASL_NOMEM: case SASL_TRYAGAIN: case SASL_UNAVAIL: return XSASL_AUTH_TEMP; -- https://markusbenning.de/
Re: cyrus saslauthd error handling
On 2016-04-06 16:19, Benning, Markus wrote: In sasl.h: #define SASL_FAIL -1 /* generic failure */ Could this one be added to the AUTH_TEMP case? Could it be that the libsasl uses SASL_FAIL also in case of a wrong password? In this case i think it would be an error in libsasl. It instead should return #define SASL_UNAVAIL-24 /* remote authentication server unavailable */ Markus -- https://markusbenning.de/
cyrus saslauthd error handling
Hi, when i use a cyrus saslauthd: pwcheck_method: saslauthd mech_list: plain login saslauthd_path: /var/run/kokolores/mux And the saslauthd is not running. Then the socket /var/run/kokolores/mux does not exist and postfix returns 535 5.7.8 Error: authentication failed: generic failure Shouldn't postfix return a temporary error in this case? In xsasl_cyrus_server.c: switch (sasl_status) { case SASL_TRYAGAIN: case SASL_UNAVAIL: return XSASL_AUTH_TEMP; default: return (XSASL_AUTH_FAIL); } In sasl.h: #define SASL_FAIL -1 /* generic failure */ Could this one be added to the AUTH_TEMP case? Maybe there are a few more error in sasl.h which indicate service-side problems and should be handled with a temporary error. #define SASL_NOMEM -2 /* memory shortage failure */ #define SASL_BUFOVER-3 /* overflowed buffer */ Markus -- https://markusbenning.de/
Re: SASL with secure password storage
On 2016-03-24 15:31, Benning, Markus wrote: i'm currently searching for a way to implement SASL authentication with postfix and a secure password mechanism like bcrypt. Here comes kokolores: https://github.com/benningm/kokolores An alternative saslauthd with plugin support. -- https://markusbenning.de/
SASL with secure password storage
Hello postfix users, i'm currently searching for a way to implement SASL authentication with postfix and a secure password mechanism like bcrypt. sasldb -> plain text sql -> requires plain text passwords ldapdb -> requires a ldap server (could use whatever the ldap server implements) saslauthd -> pam, rimap An ideal solutions for my case would be a local sqlite datebase and bcrypt password storage with the possiblity to migrate to a central sql database later. Suggestions? Markus -- https://markusbenning.de/
Re: postfix drown attack migation on version 2.3 (rhel5)?
On 2016-03-03 08:12, Eero Volotinen wrote: Can some one give working migation intructions for postfix 2.3 (postfix-2.3.3-7.el5) many of instructions are not working correctly on so old version. (as settings are not supported) Just install the RHSA errata: https://rhn.redhat.com/errata/RHSA-2016-0302.html It disables SSLv2 in libssl. Markus -- https://markusbenning.de/
Re: Throttling locally generated email
On 2015-11-10 23:42, Donald Bindner wrote: smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10040 You may want to use a different restriction than recipient. The recipient restrictions are executed for every recipient. It gets executed multiple times if the mail has more than one recipient. However, this kind of rule seems to run only for mail "passing through" my Postfix server and not for mail originating locally. In any event, the service running on port 10040 does not receive connections from Postfix for mail that is generated locally. If you mean real local submission by commandline, then you cant limit mails sent this way. The checks are only implemented by smtpd. If you mean the submission server (port 587) then you may want to check your master.cf. May be it overwrites the option with different value like: -o smtpd_recipient_restrictions= I'd love if someone would show an example that "hooks this up." I'm confident that I have postfwd configured correctly to listen on port 10040, I just need Postfix to talk to it. No postfwd example, but mtpolicyd is also able to add quotas based on sasl_username: https://www.mtpolicyd.org/getting-started.html#Mail::MtPolicyd::Cookbook::HowtoAccountingQuota Markus -- https://markusbenning.de/
Re: Conditional Greylisting
I'm also using a policy daemon to build a score based on Whitelists, SPF, RBLs, GeoIP, etc. And then apply greylisting, rejects based on the score. (as in mtpolicyd example configuration: https://github.com/benningm/mtpolicyd/blob/master/etc/mtpolicyd.conf) But you can't do content checks in a recipient_restriction. DKIM is based on message content. Markus Am 2015-09-18 20:09, schrieb Bruce Marriner: I have (well had, technically) all of these running under the smtpd_recipient_restrictions with check_policy_service statements. On Fri, 2015-09-18 at 19:56 +0200, Sebastian Nielsen wrote: I think he is out after doing a temporary fail after the DATA stage, thus avoiding the chicken and egg problem. -Ursprungligt meddelande- From: Wietse Venema Sent: Friday, September 18, 2015 7:50 PM To: Postfix users Subject: Re: Conditional Greylisting Bruce Marriner: > I'd like to have DKIM/SPF setup and if an e-mail passed those I want to > to completely bypass greylisting. However, if it soft-fails those > checks then I want it to greylist next. You have a chicken and egg problem. DKIM signature verification requires that Postfix receives the email message. Greylisting happens BEFORE Postfix receives the email message. Wietse -- https://markusbenning.de/
Re: Postfix 3.x for RedHat/CentOS 7.x
Am 2015-09-05 20:43, schrieb Viktor Dukhovni: What I've not yet checked, is whether Fedora (like Debian) has started splitting up Postfix into multiple RPMs with optional databases (LDAP, MySQL, ...) in separate packages, now that Postfix supports shared library builds, and dynamic maps. If they have not, they probably should. Who's the Fedora Postfix maintainer these days? Debian Postfix seems to be cycle-starved, any volunteers to take over and bring it up to date? @Patrick: The Fedora Packages are a good base to backport new versions to RHEL. You can most current SRPMS from their build system at: http://koji.fedoraproject.org/koji/packageinfo?packageID=363 @Viktor: I also found that the debian packages had no updates for some time when i tried to build a package with the policy_context patch. I build an debian package with the latest postfix and my patch: https://github.com/benningm/postfix/tree/debian It tested it so far that "it worked for me". As you mentioned shared libs and dynamicmaps needed adjustments. I think its best to contact the current maintainer LaMont Jones. If he is not able to update the package it may be possible futher improve the updated package and do an non-maintainer upload. Markus -- Markus Benning, https://markusbenning.de/
Re: postfix stats
Am 2015-05-08 15:38, schrieb Tom Johnson: Beside the classic pflogsumm interface my goal for the project is to be able to output log data to ElasticSearch and counters to graphit. That would enable live pflogsum, interactive and in color ;-) Have you considered integrating amavisd-new log processing as well? Consolidating all the logging info so that any given email can be located via Elastic Search would be quite useful. I've considered doing something like this using fluentd or some other log-collection system to gather data from multiple mailservers, but haven't had time to actually implement anything like this myself. Amavis is able to output JSON structured logging. I wrote a blog post about this some time ago: https://markusbenning.de/blog/?p=10 I also posted a patch to the amavis list for a filtered JSON output since the default json logging is very verbose and storing things like subject may not be allowed for everyone: http://lists.amavis.org/pipermail/amavis-users/2014-December/003371.html It will be easy to read this JSON and to forward it into elasticsearch together with the postfix logs. Markus -- Markus Benning, https://markusbenning.de/
Re: postfix stats
Am 2015-05-01 17:43, schrieb Patrick Ben Koetter: You can find the project at Github: https://github.com/benningm/saftpresse ACK. Good tool. We use it a lot. Good to know. Beside the classic pflogsumm interface my goal for the project is to be able to output log data to ElasticSearch and counters to graphit. That would enable live pflogsum, interactive and in color ;-) Markus -- Markus Benning, https://markusbenning.de/
Re: postfix stats
Hello, it takes input from STDIN. I'll update the examples. If there is demand i'll push an release to cpan/git. I created an fatpacked (includes the files from lib/) version of saftsumm and pushed it to: https://markusbenning.de/tmp/saftsumm I also added an --man option which outputs the manpage. Markus Am 2015-05-05 11:43, schrieb Birta Levente: On 01/05/2015 17:45, Benning, Markus wrote: Hi, if you are willed to test my pflogsumm fork and to provide some sample loglines i'll implement postscreen statistics. You can find the project at Github: https://github.com/benningm/saftpresse I modularized the pflogsumm code into seperate plugins: https://github.com/benningm/saftpresse/tree/master/lib/Log/Saftpresse/Plugin Also Input and Outputs. There are 2 commands. The command saftpresse will be a new interface to the code which is configurable by configuration file. It is still work in progress. The command saftsumm tries to resemble the pflogsumm commandline interface. Additional features already in it are TLS and GeoIP statistics, and different outputs. Currently pflogsumm, HTML, JSON and perl Dump. My goal for saftpresse is to use it also for structured logging and to implement more than just postfix logging. Can you provide more information how to install? The following command do nothing: #./saftsumm -d yesterday /var/log/maillog What I do on Centos 6.6: put the lib/Log to /usr/share/perl5/ The test.pl says: Parameter module is not defined for Input FileTail! at /usr/share/perl5/Log/Saftpresse/Slurp.pm line 62. Thanks, -- Markus Benning, https://markusbenning.de/
Re: postfix stats
Hi, if you are willed to test my pflogsumm fork and to provide some sample loglines i'll implement postscreen statistics. You can find the project at Github: https://github.com/benningm/saftpresse I modularized the pflogsumm code into seperate plugins: https://github.com/benningm/saftpresse/tree/master/lib/Log/Saftpresse/Plugin Also Input and Outputs. There are 2 commands. The command saftpresse will be a new interface to the code which is configurable by configuration file. It is still work in progress. The command saftsumm tries to resemble the pflogsumm commandline interface. Additional features already in it are TLS and GeoIP statistics, and different outputs. Currently pflogsumm, HTML, JSON and perl Dump. My goal for saftpresse is to use it also for structured logging and to implement more than just postfix logging. Markus Am 2015-05-01 02:24, schrieb Terry Barnum: I've been using pflogsumm but it's old and doesn't know about postscreen. I'd like to see how many connections are being refused by postscreen. What do you like? logwatch? awstats? other? -- Markus Benning, https://markusbenning.de/
Re: Policy attributes to PERL script
Am 2015-02-27 14:45, schrieb MickTW8: This issue I have is knowing how to read any of the attributes listed here www.postfix.org/SMTPD_POLICY_README.html#protocol Hello Mick, it may be an option for your to implement your code as a plugin for mtpolicyd. There's documentation for wrinting a simple plugin at: https://www.mtpolicyd.org/getting-started.html#Mail::MtPolicyd::Cookbook::BasicModule Then you wont have to care about accepting connections, parsing, logging and so on. Another option may be to just copy over the Request class to your project and remove dependencies on Net::Server, etc. from it: https://github.com/benningm/mtpolicyd/blob/master/lib/Mail/MtPolicyd/Request.pm Markus -- Markus Benning, https://markusbenning.de/
Re: Policy attributes to PERL script
Am 2015-03-01 12:38, schrieb Mick: Hello Markus, Thanks very much for your reply. I didn't come across Cookbook in my searches but I don't think I will need it now as I'm very pleased to report I got my first test policy implemented yesterday evening. Don't laugh, all it does so far is block senders where 'sender' doesn't match 'sasl-user'. Everyone has to start somewhere right? It does put me in a place where I can write customised policies now. I was thinking of using mysql but everyone seems to use Berkeley DB? Maybe worth considering as it has a locking arrangement. One of my user email accounts was compromised a couple of months ago and over a period of 5 hours thousands of SPAM messages were sent. G! Since then I have become rather paranoid checking the mail log whenever I can looking for Relay=' and auth failures manually barring IPs that repeatedly fail to log in. I need to relax a bit so decided to try and write a SPAM limitation policy, as in ; if (X number of messages sent in Y time), { external relay access blocked until user resets password }. To do this I needed to read the SASL_USERNAME field into PERL in order to log and count SMTP requests to their account, now I can, thanks to help given here. I think by Thursday I will have a test version of it up and running. The reject_sender_login_mismatch in smtpd_sender_restriction already does that as a native postfix check: http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions The Accounting/Quota module in mtpolicyd can be used to count/limit mails per sasl user in a SQL database supported by perl-DBI (SQLite, MySQL, etc.): https://www.mtpolicyd.org/getting-started.html#Mail::MtPolicyd::Cookbook::HowtoAccountingQuota Markus -- Markus Benning, https://markusbenning.de/
Re: Queue id uniqueness
Am 2015-01-22 10:26, schrieb hyndavirap...@bel.co.in: I have enabled enable_long_queue_id = yes Now my doubt is how long, queueids will be unique, for 150 mails/min mail flow? The id is build from the time and the file-id within the filesystem. So each queue_id should be locally unique. The long queueid will not repeat within a UNIX epoch. The default queueid will not repeat within a second. The code for generating the queue_id: https://github.com/vdukhovni/postfix/blob/master/postfix/src/global/mail_queue.c#L393 The encoding is defined in: https://github.com/vdukhovni/postfix/blob/master/postfix/src/global/mail_queue.h#L80 Markus -- Markus Benning, https://markusbenning.de/
Re: Conditional/soft smtpd restrictions
-Original Message- From: Noel Jones Sent: Saturday, January 17, 2015 12:20 AM You want to conditionally run some extra restrictions based on the outcome of prior restrictions? Some of the existing policy servers do weighted scoring, which gives very similar results. Conditional greylisting? Some of the existing greylisting daemons do that already. Do you have any specific suggestions? I looked at several policy servers and could not find one that could be (natively) configured to do what I want -- and I would like to avoid hacking/patching the internals... In fact, generally I feel that one of the problems with existing policy servers is that there are too many of them, without clear leader or clear comparison available =) The mtpolicyd can be used to apply actions based on scoring. The default configuration builds a score based on dns whitelist/blacklists, spf and geoip and applies actions based on the score: https://github.com/benningm/mtpolicyd/blob/master/etc/mtpolicyd.conf Based on the score the client is: * rejected (and if configured with fail2ban blocked on IP layer) * greylisted * pass If you're familiar with perl it should be easy to implement your own checks in plugins (without hacking internals): https://www.mtpolicyd.org/getting-started.html#Mail::MtPolicyd::Cookbook::BasicModule There are already several plugins: https://www.mtpolicyd.org/documentation.html Feedback, code, bug reports, requests welcome. Markus -- Markus Benning, https://markusbenning.de/
Re: dovecot on wheezy, best ssl configuration ?
Am 2015-01-09 07:27, schrieb m...@ruggedinbox.com: Hi all, when hardening dovecot against the POODLE vulnerability, we followed the advise to disable SSL2 and SSL3 but this is giving problems with some email clients (claws-mail). ssl_protocols = !SSLv2 !SSLv3 results in the following error: dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=, rip=XXX, lip=XXX, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher, session=2C8jBjIMmQBVGNd1 The error message say 'no shared ciphers'. So it is not related to the ssl_protocols setting. The error means that there is no common cipher between the server and client. What is your setting for ssl_cipher_list? Try to expand the cipher string with the openssl cipher command: openssl ciphers 'your ssl_cipher_list string' Make sure you did not include !SSLv3 in the ciphers string. SSLv3 in the ciphers string is an alias for all ciphers defined in SSLv3. It includes also ciphers like 'DHE-RSA-AES256-SHA'. On older openssl version like 0.9.8 there will be not much left without these ciphers: $ openssl ciphers 'ALL:!SSLv3' DES-CBC3-MD5:DES-CBC-MD5:EXP-RC2-CBC-MD5:RC2-CBC-MD5:EXP-RC4-MD5:RC4-MD5 If you exclude also LOW and MD5 there is nothing left: $ openssl ciphers 'ALL:!LOW:!MD5:!SSLv3' Error in cipher list 14478:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1188: -- Markus
Re: valvula or policyd
Hi, i just uploaded version 1.15 of mtpolicyd with support for accounting and quotas: https://markusbenning.de/blog/?p=36 I also wrote a small guide on how to implement smtp level accounting/quotas with mtpolicyd: https://mtpolicyd.org/getting-started.html#Mail::MtPolicyd::Cookbook::HowtoAccountingQuota -- Markus Am 2014-12-23 13:50, schrieb Benning, Markus: I just implemented a first version of a accounting plugin for mtpolicyd: https://www.mtpolicyd.org/documentation.html#Mail::MtPolicyd::Plugin::Accounting github project: https://github.com/benningm/mtpolicyd I'm currently testing it on a small postfix installation with the following setup: Vhost in mtpolicyd.conf: VirtualHost 12346 name=accounting Plugin AcctClient module = Accounting fields = client_address,sasl_username,recipient,sender /Plugin /VirtualHost (dont forget to configure a database with db_dsn,db_user,db_password in global) Check in postfix: smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:12346 If you're using an smtpd_proxy_filter setup dont forget to add -o smtpd_end_of_data_restrictions= to the re-inject smtpd instances or you'll duplicate counters. My plan is to test the plugin for a while and also implement a Quota plugin to enforce limits and then release it with the next version. Markus On Sat, Dec 20, 2014 at 02:16:56PM +0100, Benning, Markus wrote: Hello, i created a policyd called mtpolicyd. You can find the project website at: https://mtpolicyd.org/ It is written in perl and is easily extentible thru perl plugins. Currently its main target is spamfiltering/reputation and therefor i'm already using it in production. I'll have to extend it with more relay access control features in near future. I'm also willed to write a quota plugin(s) for it. You're welcome if you want to contribute your requirements, use cases, testing or code. Markus Am 2014-12-19 16:04, schrieb Selcuk Yazar: Hi, we are using for quota management policyd v2.0.11 . i want to upgrage policyd to 2.0.14 . what is the best policyd software for postfix . Valvula in fist order on list should i upgrade or install valvula ? thanks in advance. -- Selçuk YAZAR
Re: valvula or policyd
I just implemented a first version of a accounting plugin for mtpolicyd: https://www.mtpolicyd.org/documentation.html#Mail::MtPolicyd::Plugin::Accounting github project: https://github.com/benningm/mtpolicyd I'm currently testing it on a small postfix installation with the following setup: Vhost in mtpolicyd.conf: VirtualHost 12346 name=accounting Plugin AcctClient module = Accounting fields = client_address,sasl_username,recipient,sender /Plugin /VirtualHost (dont forget to configure a database with db_dsn,db_user,db_password in global) Check in postfix: smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:12346 If you're using an smtpd_proxy_filter setup dont forget to add -o smtpd_end_of_data_restrictions= to the re-inject smtpd instances or you'll duplicate counters. My plan is to test the plugin for a while and also implement a Quota plugin to enforce limits and then release it with the next version. Markus On Sat, Dec 20, 2014 at 02:16:56PM +0100, Benning, Markus wrote: Hello, i created a policyd called mtpolicyd. You can find the project website at: https://mtpolicyd.org/ It is written in perl and is easily extentible thru perl plugins. Currently its main target is spamfiltering/reputation and therefor i'm already using it in production. I'll have to extend it with more relay access control features in near future. I'm also willed to write a quota plugin(s) for it. You're welcome if you want to contribute your requirements, use cases, testing or code. Markus Am 2014-12-19 16:04, schrieb Selcuk Yazar: Hi, we are using for quota management policyd v2.0.11 . i want to upgrage policyd to 2.0.14 . what is the best policyd software for postfix . Valvula in fist order on list should i upgrade or install valvula ? thanks in advance. -- Selçuk YAZAR
Re: valvula or policyd
Hello, i created a policyd called mtpolicyd. You can find the project website at: https://mtpolicyd.org/ It is written in perl and is easily extentible thru perl plugins. Currently its main target is spamfiltering/reputation and therefor i'm already using it in production. I'll have to extend it with more relay access control features in near future. I'm also willed to write a quota plugin(s) for it. You're welcome if you want to contribute your requirements, use cases, testing or code. Markus Am 2014-12-19 16:04, schrieb Selcuk Yazar: Hi, we are using for quota management policyd v2.0.11 . i want to upgrage policyd to 2.0.14 . what is the best policyd software for postfix . Valvula in fist order on list should i upgrade or install valvula ? thanks in advance. -- Selçuk YAZAR