Hourly Limits
Hi, i have benn googling for hours today, and can't solve this problem: I'm working on a free-hosting platform. As MTA, of course, i've choosen postfix. Now, to prevent abuse, i want to limit the number of email each user can send in an our. Any idea? Thankyou
Re: Hourly Limits
Very good, thankyou. I found DEB package postfix-policyd. In the .conf file i've created, i can see some quota-related directives, but it seems it can limit only SASL autenticated users or hosts (and the host will always be the same. And, i've also found postfwd, but i can't see how can i use it to limit mails in number. Thankyou 2009/7/11 Sahil Tandon : > On Jul 11, 2009, at 2:01 PM, "ad...@gg-lab.net" wrote: > >> Hi, >> >> i have benn googling for hours today, and can't solve this problem: >> >> I'm working on a free-hosting platform. As MTA, of course, i've >> choosen postfix. Now, to prevent abuse, i want to limit the number of >> email each user can send in an our. > > You need a policy server. Search the archives of this list and google > postfwd and policyd. > > -- > Sahil Tandon >
Re: Hourly Limits
Benny, i want to limit mail sent via php mainly, so i can't limit via sasl simply because users aren't authenticated. Of course i can't limit the host ip (all mail sent from my webserver). The most beautiful thing would be limiting system user (each user has an entry in /etc/passwd). Limiting the sender would be unuseful, because all spammers randomiza the sender, bypassing the limit. Now, i know that cPanel with Exim has a limit of this tipe. I'll request them WHAT is exactly limited (maybe we can replicate with postfix). I'll also write to the postfix-policyd mailing list. Sahil, maybe we can continue here? Postfixfw rules are completely in topic and maybe we can help someone else... Thankyou all 2009/7/12 Sahil Tandon : > On Sat, 11 Jul 2009, ad...@gg-lab.net wrote: > >> And, i've also found postfwd, but i can't see how can i use it to >> limit mails in number. > > Assuming you want to limit mails per envelope sender, the following > (untested) rule should work: > > id=MAX_PER_HOUR ; protocol_state=END-OF-MESSAGE ; \ > action==rate($$sender/100/3600/450 4.7.1 max 100 mails per hour) > > With this, query postfwd in smtpd_end_of_data_restrictions. If you have more > questions about postfwd, follow-up off-list or on the postfwd mailing list. > > -- > Sahil Tandon >
Re: Hourly Limits
Lucian, i saw that solution, but i want something that can globally limit EVERY mail sent: i'll also offer smtp access, and a sendmail wrapper isn't a solution. Benny: ok, so we are speaking about the evenlope sender, so, it seems this is the solution. 2009/7/13 Benny Pedersen : > > On Mon, July 13, 2009 09:51, ad...@gg-lab.net wrote: > >> i want to limit mail sent via php mainly, so i can't limit via sasl >> simply because users aren't authenticated. > > remove 127.0.0.1 in mynetworks, and make sasl usage from all what got sent > from this box, problem solved, next step is a policy > server that can handle sasl limits > > all else will fail > > another way is to seperate web and mail server so 127.0.0.1 is another box :) > >> Of course i can't limit the host ip (all mail sent from my webserver). > > as Obama says "yes we can" :) > >> The most beautiful thing would be limiting system user (each user has >> an entry in /etc/passwd). Limiting the sender would be unuseful, >> because all spammers randomiza the sender, bypassing the limit. > > randomize there from: but not envelope sender (apa...@myhostname) > > and this email is unknown in my virtual alias for good reason, apache is > local and stays here at so > >> Now, i know that cPanel with Exim has a limit of this tipe. I'll >> request them WHAT is exactly limited (maybe we can replicate with >> postfix). > > dont use cpanel here so cant say how thay mix up the problem > >> I'll also write to the postfix-policyd mailing list. > > i work on something to fail2ban, will need to write some php and extend > policyd 1.80 more to handle this here, point is that none > have done it before so when i make it, it will be the best :) > >> Sahil, maybe we can continue here? Postfixfw rules are completely in >> topic and maybe we can help someone else... > > exactly > > -- > xpoint > >
Re: Hourly Limits
Here some details on cpanel limits: http://forums.cpanel.net/email-exim/73464-how-does-new-max-emails-per-hour-tracking-work-2.html 2009/7/13 ad...@gg-lab.net : > Lucian, i saw that solution, but i want something that can globally > limit EVERY mail sent: > > i'll also offer smtp access, and a sendmail wrapper isn't a solution. > > Benny: ok, so we are speaking about the evenlope sender, so, it seems > this is the solution. > > 2009/7/13 Benny Pedersen : >> >> On Mon, July 13, 2009 09:51, ad...@gg-lab.net wrote: >> >>> i want to limit mail sent via php mainly, so i can't limit via sasl >>> simply because users aren't authenticated. >> >> remove 127.0.0.1 in mynetworks, and make sasl usage from all what got sent >> from this box, problem solved, next step is a policy >> server that can handle sasl limits >> >> all else will fail >> >> another way is to seperate web and mail server so 127.0.0.1 is another box :) >> >>> Of course i can't limit the host ip (all mail sent from my webserver). >> >> as Obama says "yes we can" :) >> >>> The most beautiful thing would be limiting system user (each user has >>> an entry in /etc/passwd). Limiting the sender would be unuseful, >>> because all spammers randomiza the sender, bypassing the limit. >> >> randomize there from: but not envelope sender (apa...@myhostname) >> >> and this email is unknown in my virtual alias for good reason, apache is >> local and stays here at so >> >>> Now, i know that cPanel with Exim has a limit of this tipe. I'll >>> request them WHAT is exactly limited (maybe we can replicate with >>> postfix). >> >> dont use cpanel here so cant say how thay mix up the problem >> >>> I'll also write to the postfix-policyd mailing list. >> >> i work on something to fail2ban, will need to write some php and extend >> policyd 1.80 more to handle this here, point is that none >> have done it before so when i make it, it will be the best :) >> >>> Sahil, maybe we can continue here? Postfixfw rules are completely in >>> topic and maybe we can help someone else... >> >> exactly >> >> -- >> xpoint >> >> >
Re: Hourly Limits
Hi, i don't think my situation keeps changing- That's simple: on my evinronment users can send email via CGI + PHP + SMTP (sasl), and i want to limit them "globally". Example: user giorgio can send 100 emails. I want him locked also on CGI, if he send 100 emails with PHP. I can't: - use a custom php sendmail wrapper -> it would only work with php - limit the sender -> a randomized from would broke my limit - limit the host -> all mail are sent from localhost - limit via sasl -> i can't request all users to authenticate Limiting the envelope user, is perfect for me. But, i'm asking if there is a simplier solution. 2009/7/13 Sahil Tandon : > On Jul 13, 2009, at 5:54 AM, "ad...@gg-lab.net" wrote: > >> Lucian, i saw that solution, but i want something that can globally >> limit EVERY mail sent: >> >> i'll also offer smtp access, and a sendmail wrapper isn't a solution. >> >> Benny: ok, so we are speaking about the evenlope sender, so, it seems >> this is the solution. > > What are you trying to do exactly? Your requirements and situation keep > changing with every email. Use examples with all details to explain exactly > what you want. > > Benny - postfwd is sasl_username aware. > >> >> 2009/7/13 Benny Pedersen : >>> >>> On Mon, July 13, 2009 09:51, ad...@gg-lab.net wrote: >>> >>>> i want to limit mail sent via php mainly, so i can't limit via sasl >>>> simply because users aren't authenticated. >>> >>> remove 127.0.0.1 in mynetworks, and make sasl usage from all what got >>> sent from this box, problem solved, next step is a policy >>> server that can handle sasl limits >>> >>> all else will fail >>> >>> another way is to seperate web and mail server so 127.0.0.1 is another >>> box :) >>> >>>> Of course i can't limit the host ip (all mail sent from my webserver). >>> >>> as Obama says "yes we can" :) >>> >>>> The most beautiful thing would be limiting system user (each user has >>>> an entry in /etc/passwd). Limiting the sender would be unuseful, >>>> because all spammers randomiza the sender, bypassing the limit. >>> >>> randomize there from: but not envelope sender (apa...@myhostname) >>> >>> and this email is unknown in my virtual alias for good reason, apache is >>> local and stays here at so >>> >>>> Now, i know that cPanel with Exim has a limit of this tipe. I'll >>>> request them WHAT is exactly limited (maybe we can replicate with >>>> postfix). >>> >>> dont use cpanel here so cant say how thay mix up the problem >>> >>>> I'll also write to the postfix-policyd mailing list. >>> >>> i work on something to fail2ban, will need to write some php and extend >>> policyd 1.80 more to handle this here, point is that none >>> have done it before so when i make it, it will be the best :) >>> >>>> Sahil, maybe we can continue here? Postfixfw rules are completely in >>>> topic and maybe we can help someone else... >>> >>> exactly >>> >>> -- >>> xpoint >>> >>> >
Re: Hourly Limits
Ok, so, in other words: that's a solution but not the better solution. Now, i can ALSO use thge sendmail wrapper. I need to have a look at postfwd code to see if and where i can increment mail counters. In this way, i will use postfwd for mail coming from CGI scripts and Remote SMTP, and the wrapper for mail coming from php. But, with an unique counter. Any other idea? 2009/7/13 Sahil Tandon : > On Jul 13, 2009, at 11:51 AM, "ad...@gg-lab.net" wrote: > >> Hi, >> >> >> i don't think my situation keeps changing- >> >> That's simple: on my evinronment users can send email via CGI + PHP + >> SMTP (sasl), and i want to limit them "globally". >> >> Example: user giorgio can send 100 emails. I want him locked also on >> CGI, if he send 100 emails with PHP. >> >> I can't: >> >> - use a custom php sendmail wrapper -> it would only work with php >> - limit the sender -> a randomized from would broke my limit >> - limit the host -> all mail are sent from localhost >> - limit via sasl -> i can't request all users to authenticate >> >> Limiting the envelope user, is perfect for me. But, i'm asking if >> there is a simplier solution. > > The postfwd policy server solution works with the envelope sender. But for > that to work you need mail coming in on an smtpd listener for the policy > server to be queried, which won't be the case when you have mail being > submitted via pickup service. > > >> >> 2009/7/13 Sahil Tandon : >>> >>> On Jul 13, 2009, at 5:54 AM, "ad...@gg-lab.net" wrote: >>> >>>> Lucian, i saw that solution, but i want something that can globally >>>> limit EVERY mail sent: >>>> >>>> i'll also offer smtp access, and a sendmail wrapper isn't a solution. >>>> >>>> Benny: ok, so we are speaking about the evenlope sender, so, it seems >>>> this is the solution. >>> >>> What are you trying to do exactly? Your requirements and situation keep >>> changing with every email. Use examples with all details to explain >>> exactly >>> what you want. >>> >>> Benny - postfwd is sasl_username aware. >>> >>>> >>>> 2009/7/13 Benny Pedersen : >>>>> >>>>> On Mon, July 13, 2009 09:51, ad...@gg-lab.net wrote: >>>>> >>>>>> i want to limit mail sent via php mainly, so i can't limit via sasl >>>>>> simply because users aren't authenticated. >>>>> >>>>> remove 127.0.0.1 in mynetworks, and make sasl usage from all what got >>>>> sent from this box, problem solved, next step is a policy >>>>> server that can handle sasl limits >>>>> >>>>> all else will fail >>>>> >>>>> another way is to seperate web and mail server so 127.0.0.1 is another >>>>> box :) >>>>> >>>>>> Of course i can't limit the host ip (all mail sent from my webserver). >>>>> >>>>> as Obama says "yes we can" :) >>>>> >>>>>> The most beautiful thing would be limiting system user (each user has >>>>>> an entry in /etc/passwd). Limiting the sender would be unuseful, >>>>>> because all spammers randomiza the sender, bypassing the limit. >>>>> >>>>> randomize there from: but not envelope sender (apa...@myhostname) >>>>> >>>>> and this email is unknown in my virtual alias for good reason, apache >>>>> is >>>>> local and stays here at so >>>>> >>>>>> Now, i know that cPanel with Exim has a limit of this tipe. I'll >>>>>> request them WHAT is exactly limited (maybe we can replicate with >>>>>> postfix). >>>>> >>>>> dont use cpanel here so cant say how thay mix up the problem >>>>> >>>>>> I'll also write to the postfix-policyd mailing list. >>>>> >>>>> i work on something to fail2ban, will need to write some php and extend >>>>> policyd 1.80 more to handle this here, point is that none >>>>> have done it before so when i make it, it will be the best :) >>>>> >>>>>> Sahil, maybe we can continue here? Postfixfw rules are completely in >>>>>> topic and maybe we can help someone else... >>>>> >>>>> exactly >>>>> >>>>> -- >>>>> xpoint >>>>> >>>>> >>> >
Re: Hourly Limits
Hi All, ok, i've installed postfwd, added the provided line to the end of the postfwd.cf file but nothing happens (mails are sent withouth checks). Any help? Thankyou 2009/7/13 ad...@gg-lab.net : > Ok, so, in other words: that's a solution but not the better solution. > > Now, i can ALSO use thge sendmail wrapper. I need to have a look at > postfwd code to see if and where i can increment mail counters. > > In this way, i will use postfwd for mail coming from CGI scripts and > Remote SMTP, and the wrapper for mail coming from php. But, with an > unique counter. > > Any other idea? > > 2009/7/13 Sahil Tandon : >> On Jul 13, 2009, at 11:51 AM, "ad...@gg-lab.net" wrote: >> >>> Hi, >>> >>> >>> i don't think my situation keeps changing- >>> >>> That's simple: on my evinronment users can send email via CGI + PHP + >>> SMTP (sasl), and i want to limit them "globally". >>> >>> Example: user giorgio can send 100 emails. I want him locked also on >>> CGI, if he send 100 emails with PHP. >>> >>> I can't: >>> >>> - use a custom php sendmail wrapper -> it would only work with php >>> - limit the sender -> a randomized from would broke my limit >>> - limit the host -> all mail are sent from localhost >>> - limit via sasl -> i can't request all users to authenticate >>> >>> Limiting the envelope user, is perfect for me. But, i'm asking if >>> there is a simplier solution. >> >> The postfwd policy server solution works with the envelope sender. But for >> that to work you need mail coming in on an smtpd listener for the policy >> server to be queried, which won't be the case when you have mail being >> submitted via pickup service. >> >> >>> >>> 2009/7/13 Sahil Tandon : >>>> >>>> On Jul 13, 2009, at 5:54 AM, "ad...@gg-lab.net" wrote: >>>> >>>>> Lucian, i saw that solution, but i want something that can globally >>>>> limit EVERY mail sent: >>>>> >>>>> i'll also offer smtp access, and a sendmail wrapper isn't a solution. >>>>> >>>>> Benny: ok, so we are speaking about the evenlope sender, so, it seems >>>>> this is the solution. >>>> >>>> What are you trying to do exactly? Your requirements and situation keep >>>> changing with every email. Use examples with all details to explain >>>> exactly >>>> what you want. >>>> >>>> Benny - postfwd is sasl_username aware. >>>> >>>>> >>>>> 2009/7/13 Benny Pedersen : >>>>>> >>>>>> On Mon, July 13, 2009 09:51, ad...@gg-lab.net wrote: >>>>>> >>>>>>> i want to limit mail sent via php mainly, so i can't limit via sasl >>>>>>> simply because users aren't authenticated. >>>>>> >>>>>> remove 127.0.0.1 in mynetworks, and make sasl usage from all what got >>>>>> sent from this box, problem solved, next step is a policy >>>>>> server that can handle sasl limits >>>>>> >>>>>> all else will fail >>>>>> >>>>>> another way is to seperate web and mail server so 127.0.0.1 is another >>>>>> box :) >>>>>> >>>>>>> Of course i can't limit the host ip (all mail sent from my webserver). >>>>>> >>>>>> as Obama says "yes we can" :) >>>>>> >>>>>>> The most beautiful thing would be limiting system user (each user has >>>>>>> an entry in /etc/passwd). Limiting the sender would be unuseful, >>>>>>> because all spammers randomiza the sender, bypassing the limit. >>>>>> >>>>>> randomize there from: but not envelope sender (apa...@myhostname) >>>>>> >>>>>> and this email is unknown in my virtual alias for good reason, apache >>>>>> is >>>>>> local and stays here at so >>>>>> >>>>>>> Now, i know that cPanel with Exim has a limit of this tipe. I'll >>>>>>> request them WHAT is exactly limited (maybe we can replicate with >>>>>>> postfix). >>>>>> >>>>>> dont use cpanel here so cant say how thay mix up the problem >>>>>> >>>>>>> I'll also write to the postfix-policyd mailing list. >>>>>> >>>>>> i work on something to fail2ban, will need to write some php and extend >>>>>> policyd 1.80 more to handle this here, point is that none >>>>>> have done it before so when i make it, it will be the best :) >>>>>> >>>>>>> Sahil, maybe we can continue here? Postfixfw rules are completely in >>>>>>> topic and maybe we can help someone else... >>>>>> >>>>>> exactly >>>>>> >>>>>> -- >>>>>> xpoint >>>>>> >>>>>> >>>> >> >
Re: Hourly Limits
Still any result. Can the problem be on this line? smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040 Policyd site says to add it, but in postfix manual i can't find any description of "smtpd_end_of_data_restrictions". Thankyou 2009/7/15 ad...@gg-lab.net : > Hi All, > > ok, i've installed postfwd, added the provided line to the end of the > postfwd.cf file but nothing happens (mails are sent withouth checks). > > Any help? > > Thankyou > > 2009/7/13 ad...@gg-lab.net : >> Ok, so, in other words: that's a solution but not the better solution. >> >> Now, i can ALSO use thge sendmail wrapper. I need to have a look at >> postfwd code to see if and where i can increment mail counters. >> >> In this way, i will use postfwd for mail coming from CGI scripts and >> Remote SMTP, and the wrapper for mail coming from php. But, with an >> unique counter. >> >> Any other idea? >> >> 2009/7/13 Sahil Tandon : >>> On Jul 13, 2009, at 11:51 AM, "ad...@gg-lab.net" wrote: >>> >>>> Hi, >>>> >>>> >>>> i don't think my situation keeps changing- >>>> >>>> That's simple: on my evinronment users can send email via CGI + PHP + >>>> SMTP (sasl), and i want to limit them "globally". >>>> >>>> Example: user giorgio can send 100 emails. I want him locked also on >>>> CGI, if he send 100 emails with PHP. >>>> >>>> I can't: >>>> >>>> - use a custom php sendmail wrapper -> it would only work with php >>>> - limit the sender -> a randomized from would broke my limit >>>> - limit the host -> all mail are sent from localhost >>>> - limit via sasl -> i can't request all users to authenticate >>>> >>>> Limiting the envelope user, is perfect for me. But, i'm asking if >>>> there is a simplier solution. >>> >>> The postfwd policy server solution works with the envelope sender. But for >>> that to work you need mail coming in on an smtpd listener for the policy >>> server to be queried, which won't be the case when you have mail being >>> submitted via pickup service. >>> >>> >>>> >>>> 2009/7/13 Sahil Tandon : >>>>> >>>>> On Jul 13, 2009, at 5:54 AM, "ad...@gg-lab.net" wrote: >>>>> >>>>>> Lucian, i saw that solution, but i want something that can globally >>>>>> limit EVERY mail sent: >>>>>> >>>>>> i'll also offer smtp access, and a sendmail wrapper isn't a solution. >>>>>> >>>>>> Benny: ok, so we are speaking about the evenlope sender, so, it seems >>>>>> this is the solution. >>>>> >>>>> What are you trying to do exactly? Your requirements and situation keep >>>>> changing with every email. Use examples with all details to explain >>>>> exactly >>>>> what you want. >>>>> >>>>> Benny - postfwd is sasl_username aware. >>>>> >>>>>> >>>>>> 2009/7/13 Benny Pedersen : >>>>>>> >>>>>>> On Mon, July 13, 2009 09:51, ad...@gg-lab.net wrote: >>>>>>> >>>>>>>> i want to limit mail sent via php mainly, so i can't limit via sasl >>>>>>>> simply because users aren't authenticated. >>>>>>> >>>>>>> remove 127.0.0.1 in mynetworks, and make sasl usage from all what got >>>>>>> sent from this box, problem solved, next step is a policy >>>>>>> server that can handle sasl limits >>>>>>> >>>>>>> all else will fail >>>>>>> >>>>>>> another way is to seperate web and mail server so 127.0.0.1 is another >>>>>>> box :) >>>>>>> >>>>>>>> Of course i can't limit the host ip (all mail sent from my webserver). >>>>>>> >>>>>>> as Obama says "yes we can" :) >>>>>>> >>>>>>>> The most beautiful thing would be limiting system user (each user has >>>>>>>> an entry in /etc/passwd). Limiting the sender would be unuseful, >>>>>>>> because all spammers randomiza the sender, bypassing the limit. >>>>>>> >>>>>>> randomize there from: but not envelope sender (apa...@myhostname) >>>>>>> >>>>>>> and this email is unknown in my virtual alias for good reason, apache >>>>>>> is >>>>>>> local and stays here at so >>>>>>> >>>>>>>> Now, i know that cPanel with Exim has a limit of this tipe. I'll >>>>>>>> request them WHAT is exactly limited (maybe we can replicate with >>>>>>>> postfix). >>>>>>> >>>>>>> dont use cpanel here so cant say how thay mix up the problem >>>>>>> >>>>>>>> I'll also write to the postfix-policyd mailing list. >>>>>>> >>>>>>> i work on something to fail2ban, will need to write some php and extend >>>>>>> policyd 1.80 more to handle this here, point is that none >>>>>>> have done it before so when i make it, it will be the best :) >>>>>>> >>>>>>>> Sahil, maybe we can continue here? Postfixfw rules are completely in >>>>>>>> topic and maybe we can help someone else... >>>>>>> >>>>>>> exactly >>>>>>> >>>>>>> -- >>>>>>> xpoint >>>>>>> >>>>>>> >>>>> >>> >> >
Re: Hourly Limits
Thankyou. So, that restriction is configured correctly. Postfwd daemon is started (it checks incoming mail for RBL. I think i have to move to the postfwd lit. Thankyou again 2009/7/15 Brian Evans - Postfix List : > ad...@gg-lab.net wrote: >> Still any result. >> >> Can the problem be on this line? >> >> smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040 >> >> Policyd site says to add it, but in postfix manual i can't find any >> description of "smtpd_end_of_data_restrictions". > That restriction is documented: > http://www.postfix.org/postconf.5.html#smtpd_end_of_data_restrictions >
