I'm using postfix-policyd, build 1.82-0ubuntu1, on Ubuntu 8.04. I'm using Postfix 2.5.1.
I'm testing sender throttling to enforce user quotas on number of sent messages, number of recipients, and total size of messages sent. I have Postfix set up to call the policyd server in main.cf via: smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 The reason for doing this is because as noted on previous mailing list posts, message sizes (for size quota enforcement) can only be calculated if the policy check is invoked at smtpd_end_of_data_restrictions. The problem is, recipient counts are not properly calculated when the policyd is invoked at this stage. According to the Postfix documentation (http://www.postfix.org/SMTPD_POLICY_README.html): "The "recipient" attribute is available only in the "RCPT TO" stage, and in the "DATA" and "END-OF-MESSAGE" stages when Postfix accepted only one recipient for the current message. The "recipient_count" attribute (Postfix 2.3 and later) is non-zero only in the "DATA" and "END-OF-MESSAGE" stages. It specifies the number of recipients that Postfix accepted for the current message." When policyd is invoked at this stage on a message with multiple recipients, I'll get debugging data like this: Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][0]:request=smtpd_access_policy Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][1]:protocol_state=end-of-message Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][2]:protocol_name=esmtp Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][3]:client_address=xx.xx.xx.xxx Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][4]:client_name=foo.bar.net Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][5]:reverse_client_name=foo.bar.net Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][6]:helo_name=[xxx.xx.xx.xxx] Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][7]:[EMAIL PROTECTED] Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][8]:recipient= Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][9]:recipient_count=3 Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][10]:queue_id=67d80c06468 Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][11]:instance=6b0c.48a78e85.4d5bf.0 Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][12]:size=390 Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][13]:etrn_domain= Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][14]:stress= Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][15]:sasl_method=plain Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][16]:[EMAIL PROTECTED] Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][17]:sasl_sender= Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][18]:ccert_subject= Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][19]:ccert_issuer= Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][20]:ccert_fingerprint= Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][21]:encryption_protocol=tlsv1 Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][22]:encryption_cipher=aes128-sha Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][23]:encryption_keysize=128 Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][24]: keysize=128=128 Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][25]:=1288 Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 policy_array[9][26]: When you look at the SQL statement policyd executes to update the DB it looks like this: Aug 16 21:35:49 postfix-policyd: DEBUG: fd: 9 db_doquery(): UPDATE throttle SET _rcpt_cur=_rcpt_cur+1, _rcpt_tot=_rcpt_tot+1, _quota_cur=_quota_cur+390, _count_cur=_count_cur+0, _count_tot=_count_tot+0, _abuse_cur=0 WHERE _from='[EMAIL PROTECTED]' So what happened here is that the size quota was correctly incremented, but the recipient quota was only incremented by 1 instead of 3, even though recipient_count=3 was provided by Postfix. The only way I can get the recipient count to update properly is to check the policy server in the smtpd_recipient_restrictions phase. In this case Postfix invokes the policy server once for each recipient, which leads to correct recipient counts. So it appears that the recipient_count parameter passed by postfix when policyd is invoked in smtpd_end_of_data_restrictions is completely ignored. This is unfortunate as it seems to me if this count were read properly, all of the appropriate sender quota counts (size, recipients, message count) could be calculated via a check via smtpd_end_of_data_restrictions. Anyone have any insight on this? Thanks, Tom
_______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
