Dear Nigel Kukard: The error is "untie attempt while 7 inner references still exist at /usr/local/bin/cbpolicyd line 104" And in fact I can not see any record insertion to MySQL graylis triplets and it still receive any one incoming email!
Many Thx. Paul.LKW ----- 原始郵件 ----- 寄件者:[email protected] 寄件日期:7 May, 2009 01:49 收件者:[email protected] 主旨:Users Digest, Vol 11, Issue 4 Send Users mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://lists.policyd.org/mailman/listinfo/users or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of Users digest..." Today's Topics: 1. Re: Need help with quotas (Guy) 2. Re: Need help with quotas (Guy) 3. Re: Users Digest, Vol 11, Issue 3 (Paul.LKW) 4. Re: Users Digest, Vol 11, Issue 3 (Nigel Kukard) 5. Re: Need help with quotas (Nigel Kukard) ---------------------------------------------------------------------- Message: 1 Date: Wed, 6 May 2009 14:21:17 +0100 From: Guy <[email protected]> Subject: Re: [policyd-users] Need help with quotas To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 Thanks. I've tried that, but the quotas don't appear to be being applied at all. Should there be a line with something like "cbpolicyd[processid]: module=Quotas"? I've got a policy with source as a group with only one address in the list and destination as any. I've set a quota on that policy with a messagecount of 1, a period of 900 and tracking on sen...@domain. I'm still able to send more than one email from that address. I've checked that quotas are enabled and I've enabled detailed logging. I've noticed that I'm getting tracking errors for outbound messages. May 6 14:10:57 server amavis[8754]: (08754-08) [TRACKING] DEBUG: Retreiving session data for triplet: 09C2233012B/x.x.x.x/[email protected] May 6 14:10:57 server amavis[8754]: (08754-08) (!!)[TRACKING] ERROR: No session data May 6 14:10:57 server amavis[8754]: (08754-08) (!)policyd/process_policy: No session data found I'm running 2.0.6 stable with a couple of patches for tracking. Have there been any recent patches that might be applicable to this? Or have I possibly done a dumb somewhere? If there's anything I can do to help narrow down what might be causing the problem just let me know. Thanks Guy 2009/5/3 Nigel Kukard <[email protected]>: > >> I want to be able to apply a permissive quota on some of our users and >> a more restrictive quota on the rest. Quotas don't allow inheritance >> like greylisting does so I'm wondering if there's a way to do this. >> >> At the moment I have a list of users in a group on a policy and a >> permissive quota associated with them. I also have a quota setup on >> the default outbound policy. If I put the permissive quota policy >> before the default, the default will just be applied afterwards anyway >> correct? And if I place the permissive quota policy after the default >> the default quota will be applied first anyway? Does policyd apply the >> quota after checking all matches or as it finds each one? >> > -It resolves the polices, then loops with them in order. If mail is > blocked by quota 1 before it gets to quota 2, quota ?2 will not be updated. > > Having said that ?I think you want to put your permissive quota first. > > Regards > Nigel > _______________________________________________ > Users mailing list > [email protected] > http://lists.policyd.org/mailman/listinfo/users > -- Don't just do something...sit there! ------------------------------ Message: 2 Date: Wed, 6 May 2009 15:46:01 +0100 From: Guy <[email protected]> Subject: Re: [policyd-users] Need help with quotas To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 UPDATE: Figured out the problem. I've got entries in smtpd_recipient_restrictions which could allow a connection to completely bypass cluebringer. This may be a stupid question, but is Cluebringer ever likely to be able to compensate for this? If it is possible, I would have thought that it would make sense to have cluebringer after checks like check_recipient_access etc? I'm no Postfix guru so I'm just guessing there. 2009/5/6 Guy <[email protected]>: > Thanks. > > I've tried that, but the quotas don't appear to be being applied at all. > Should there be a line with something like "cbpolicyd[processid]: > module=Quotas"? > > I've got a policy with source as a group with only one address in the > list and destination as any. I've set a quota on that policy with a > messagecount of 1, a period of 900 and tracking on sen...@domain. I'm > still able to send more than one email from that address. > > I've checked that quotas are enabled and I've enabled detailed > logging. I've noticed that I'm getting tracking errors for outbound > messages. > May ?6 14:10:57 server amavis[8754]: (08754-08) [TRACKING] DEBUG: > Retreiving session data for triplet: > 09C2233012B/x.x.x.x/[email protected] > May ?6 14:10:57 server amavis[8754]: (08754-08) (!!)[TRACKING] ERROR: > No session data > May ?6 14:10:57 server amavis[8754]: (08754-08) > (!)policyd/process_policy: No session data found > > I'm running 2.0.6 stable with a couple of patches for tracking. > Have there been any recent patches that might be applicable to this? > Or have I possibly done a dumb somewhere? If there's anything I can do > to help narrow down what might be causing the problem just let me > know. > > Thanks > Guy > > 2009/5/3 Nigel Kukard <[email protected]>: >> >>> I want to be able to apply a permissive quota on some of our users and >>> a more restrictive quota on the rest. Quotas don't allow inheritance >>> like greylisting does so I'm wondering if there's a way to do this. >>> >>> At the moment I have a list of users in a group on a policy and a >>> permissive quota associated with them. I also have a quota setup on >>> the default outbound policy. If I put the permissive quota policy >>> before the default, the default will just be applied afterwards anyway >>> correct? And if I place the permissive quota policy after the default >>> the default quota will be applied first anyway? Does policyd apply the >>> quota after checking all matches or as it finds each one? >>> >> -It resolves the polices, then loops with them in order. If mail is >> blocked by quota 1 before it gets to quota 2, quota ?2 will not be updated. >> >> Having said that ?I think you want to put your permissive quota first. >> >> Regards >> Nigel >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.policyd.org/mailman/listinfo/users >> > > > > -- > Don't just do something...sit there! > -- Don't just do something...sit there! ------------------------------ Message: 3 Date: Thu, 07 May 2009 01:26:36 +0800 From: "Paul.LKW" <[email protected]> Subject: Re: [policyd-users] Users Digest, Vol 11, Issue 3 To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" An HTML attachment was scrubbed... URL: http://lists.policyd.org/pipermail/users/attachments/20090507/e72c53c1/attachment.html ------------------------------ Message: 4 Date: Wed, 06 May 2009 17:46:47 +0000 From: Nigel Kukard <[email protected]> Subject: Re: [policyd-users] Users Digest, Vol 11, Issue 3 To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" > > I am sorry not to clear my version for you, I am using version 1.82 it > seems no such script inside the BOX. > I also try to make 2.x to work on FreeBSD but it can't. What error are you getting? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3292 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.policyd.org/pipermail/users/attachments/20090506/f67f281f/attachment-0001.bin ------------------------------ Message: 5 Date: Wed, 06 May 2009 17:48:15 +0000 From: Nigel Kukard <[email protected]> Subject: Re: [policyd-users] Need help with quotas To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" Guy wrote: > UPDATE: Figured out the problem. I've got entries in > smtpd_recipient_restrictions which could allow a connection to > completely bypass cluebringer. > > This may be a stupid question, but is Cluebringer ever likely to be > able to compensate for this? Policyd is a policy service, if you don't send it a request there is not much one can do :) > If it is possible, I would have thought > that it would make sense to have cluebringer after checks like > check_recipient_access etc? I'm no Postfix guru so I'm just guessing > there. > For it to see all email, it must be higher up before you start rejecting. I guess thats just how Postfix is. Not a limit of Policyd or a feature its lacking. Regards Nigel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3292 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.policyd.org/pipermail/users/attachments/20090506/d5a3d9bb/attachment.bin ------------------------------ _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users End of Users Digest, Vol 11, Issue 4 ************************************ _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
