On 08/01/11 17:24, Osmany Goderich wrote: > Yes I tried to send a message after that and it still goes out. That makes > me think though, I want the policy to work for every message the user sends. > That is, every time the user sends a message I want the policy to reject the > message if it goes beyond 1MB in size. If the policy only works for the > second message then there will be one time that the user will send the > message with whatever size he or she wants and it will go thru. I don't > think that's helpful....anyway, first things first, I would really like this > to work...please help I will appreciate all the help I can get. > > Thanks in advance > > -----Mensaje original----- > De: [email protected] [mailto:[email protected]] > En nombre de Nigel Kukard > Enviado el: Monday, August 01, 2011 12:45 PM > Para: [email protected] > Asunto: Re: [policyd-users] Understanding Quotas > > On 08/01/11 16:12, Osmany Goderich wrote: >> Ok. So I finally have policyd working on my Postfix MTA with >> amavisd-new and I can see in the maillogs the interaction of policyd >> with the e-mails. But there is some testing that I would like to do >> and I can't figure out how to set a message size limit for a specific >> user. This is what I have so far and the message always goes out. I >> set the limit to 1MB and I intentionally send a message with a 3MB > attachment. >> This is what I have in my Test Policy: >> >> Test >> Priority: 50 >> Source: [email protected] >> Desination: ANY >> >> >> This is the quota I've configured >> >> Policy: Test >> Track: Sender:user@domain >> Period: 0 >> >> I associated a limit: >> >> Type: MessageCumulativeSize >> Counter Limit: 1000000 >> >> >> Now, I send an email to any address from [email protected] with a 3MB >> file attached and it goes through as if there isn't any policy there. >> I'm sure I'm missing something but right now I'm just blind. >> >> Here is what I have in my logs: >> >> Maillog: >> >> cbpolicyd[69946]: module=Quotas, mode=update, host=10.25.80.8, >> helo=mail.es.quimefa.cu, [email protected], to=o >> [email protected], reason=quota_update, policy=5, quota=3, limit=4, >> track=Sender:[email protected], counter=MessageCumulativeSize, quota= >> 0/1000000 (0.0%) >> cbpolicyd[69947]: module=Quotas, mode=update, host=10.25.80.8, >> helo=mail.es.quimefa.cu, [email protected], to=o >> [email protected], reason=quota_update, policy=5, quota=3, limit=4, >> track=Sender:[email protected], counter=MessageCumulativeSize, quota= >> 1967277/1000000 (196.7%) >> >> Cbpolicyd.log: >> >> [CORE] INFO: 2011/08/01-11:48:15 CONNECT TCP Peer: "127.0.0.1:12187" > Local: >> "127.0.0.1:10031" >> [2011/08/01-11:48:15 - 69946] [PROTOCOLS/Postfix] DEBUG: Possible >> Postfix protocol >> [2011/08/01-11:48:15 - 69946] [PROTOCOLS/Postfix] INFO: Identified >> Postfix protocol >> [2011/08/01-11:48:15 - 69946] [TRACKING] DEBUG: No session tracking >> data exists for request: $VAR1 = { >> 'size' => '1967277', >> '_timestamp' => 1312213695, >> 'helo_name' => 'mail.es.quimefa.cu', >> 'reverse_client_name' => 'unknown', >> 'queue_id' => '', >> 'etrn_domain' => '', >> 'request' => 'smtpd_access_policy', >> 'protocol_state' => 'RCPT', >> 'stress' => 'yes', >> 'recipient' => '[email protected]', >> 'instance' => '11299.4e36cabf.ef191.0', >> 'protocol_name' => 'ESMTP', >> 'recipient_count' => '0', >> 'sender' => '[email protected]', >> 'client_name' => 'unknown', >> 'client_address' => '10.25.80.8', >> '_protocol_transport' => 'Postfix' >> }; >> [2011/08/01-11:48:15 - 69946] [TRACKING] DEBUG: Added session tracking >> information for: $VAR1 = { >> 'size' => '1967277', >> '_timestamp' => 1312213695, >> 'helo_name' => 'mail.es.quimefa.cu', >> 'reverse_client_name' => 'unknown', >> 'queue_id' => '', >> 'etrn_domain' => '', >> 'request' => 'smtpd_access_policy', >> 'protocol_state' => 'RCPT', >> 'stress' => 'yes', >> 'recipient' => '[email protected]', >> 'instance' => '11299.4e36cabf.ef191.0', >> 'protocol_name' => 'ESMTP', >> 'recipient_count' => '0', >> 'sender' => '[email protected]', >> 'client_name' => 'unknown', >> 'client_address' => '10.25.80.8', >> '_protocol_transport' => 'Postfix' >> }; >> [2011/08/01-11:48:15 - 69946] [TRACKING] DEBUG: Protocol state is >> 'RCPT', resolving policy... >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: Going to resolve >> session data into policy: $VAR1 = { >> 'Recipient' => '[email protected]', >> 'SASLUsername' => undef, >> 'QueueID' => '', >> 'RecipientData' => '', >> 'Instance' => '11299.4e36cabf.ef191.0', >> 'EncryptionCipher' => undef, >> 'Size' => '1967277', >> 'EncryptionKeySize' => undef, >> 'EncryptionProtocol' => undef, >> 'Helo' => 'mail.es.quimefa.cu', >> 'ClientAddress' => '10.25.80.8', >> 'ClientName' => 'unknown', >> 'Sender' => '[email protected]', >> 'SASLSender' => undef, >> 'Protocol' => 'ESMTP', >> 'ClientReverseName' => 'unknown', >> 'SASLMethod' => undef >> }; >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: Found policy member >> with ID '1' in policy 'Default' >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: Found policy member >> with ID '2' in policy 'Default Outbound' >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: Found policy member >> with ID '3' in policy 'Default Inbound' >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: Found policy member >> with ID '4' in policy 'Default Internal' >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: Found policy member >> with ID '5' in policy 'Test' >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:1/Name:Default]: >> Source not defined or 'any', explicit match: matched=1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:1/Name:Default]: >> Source matching result: matched=1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:1/Name:Default]: >> Source matching result: matched=1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:1/Name:Default]: >> Destination not defined or 'any', explicit match: matched=1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:1/Name:Default]: >> Destination matching result: matched=1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default >> Outbound]: Main policy sources '%internal_ips,%internal_domains' >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default >> Outbound]: Group 'internal_ips' has 1 source(s) => 10.0.0.0/8 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default >> Outbound]=>(group:internal_ips): - Resolved source '10.0.0.0/8' to a >> IP/CI DR specification, match = 1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default >> Outbound]=>(group:internal_ips): Source group result: matched=1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default >> Outbound]: Group 'internal_domains' has 2 source(s) => >> @example.org,@examp le.com >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default >> Outbound]=>(group:internal_domains): - Resolved source '@example.org' >> to a email address specification, match = 0 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default >> Outbound]=>(group:internal_domains): - Resolved source '@example.com' >> to a email address specification, match = 0 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:2/Name:Default >> Outbound]=>(group:internal_domains): Source group result: matched=0 >> [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:2/Name:Default > Outbound]: >> Source matching result: matched=0 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:3/Name:Default > Inbound]: >> Main policy sources '!%internal_ips,!%internal_domains' >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:3/Name:Default > Inbound]: >> Group 'internal_ips' has 1 source(s) => 10.0.0.0/8 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:3/Name:Default >> Inbound]=>(group:internal_ips): - Resolved source '10.0.0.0/8' to a >> IP/CID R specification, match = 1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:3/Name:Default >> Inbound]=>(group:internal_ips): Source group result: matched=1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:3/Name:Default > Inbound]: >> Source matching result: matched=0 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default >> Internal]: Main policy sources '%internal_ips,%internal_domains' >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default >> Internal]: Group 'internal_ips' has 1 source(s) => 10.0.0.0/8 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default >> Internal]=>(group:internal_ips): - Resolved source '10.0.0.0/8' to a >> IP/CI DR specification, match = 1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default >> Internal]=>(group:internal_ips): Source group result: matched=1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default >> Internal]: Group 'internal_domains' has 2 source(s) => >> @example.org,@examp le.com >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default >> Internal]=>(group:internal_domains): - Resolved source '@example.org' >> to a email address specification, match = 0 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default >> Internal]=>(group:internal_domains): - Resolved source '@example.com' >> to a email address specification, match = 0 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:4/Name:Default >> Internal]=>(group:internal_domains): Source group result: matched=0 >> [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:4/Name:Default > Internal]: >> Source matching result: matched=0 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:5/Name:Test]: Main >> policy sources '[email protected]' >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:5/Name:Test]: - >> Resolved source '[email protected]' to a email address specification, >> match = 1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:5/Name:Test]: >> Source matching result: matched=1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: [ID:5/Name:Test]: >> Destination not defined or 'any', explicit match: matched=1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] INFO: [ID:5/Name:Test]: >> Destination matching result: matched=1 >> [2011/08/01-11:48:15 - 69946] [POLICIES] DEBUG: END RESULT: prio=0 => >> policy >> ids: 1,5 >> [2011/08/01-11:48:15 - 69946] [TRACKING] DEBUG: Policy resolved into: >> $VAR1 = { >> '0' => [ >> '1', >> '5' >> ] >> }; >> [2011/08/01-11:48:15 - 69946] [TRACKING] DEBUG: Request translated >> into session data: $VAR1 = { >> 'Recipient' => '[email protected]', >> 'SASLUsername' => undef, >> 'QueueID' => '', >> 'RecipientData' => '', >> 'Instance' => '11299.4e36cabf.ef191.0', >> 'EncryptionCipher' => undef, >> 'Size' => '1967277', >> 'EncryptionKeySize' => undef, >> 'ParsedClientAddress' => { >> 'Broadcast_Long' => 169431048, >> 'Network' => '10.25.80.8', >> 'IP_Long' => 169431048, >> 'Broadcast' => '10.25.80.8', >> 'IP' => '10.25.80.8', >> 'Mask_Long' => 4294967295, >> 'Network_Long' => 169431048 >> }, >> 'ProtocolTransport' => 'Postfix', >> 'EncryptionProtocol' => undef, >> 'Helo' => 'mail.es.quimefa.cu', >> 'ClientAddress' => '10.25.80.8', >> 'ClientName' => 'unknown', >> 'Sender' => '[email protected]', >> 'SASLSender' => undef, >> 'Timestamp' => 1312213695, >> 'ProtocolState' => 'RCPT', >> 'Policy' => { >> '0' => [ >> '1', >> '5' >> ] >> }, >> 'Protocol' => 'ESMTP', >> 'ClientReverseName' => 'unknown', >> 'SASLMethod' => undef >> }; >> [2011/08/01-11:48:15 - 69946] [CBPOLICYD] DEBUG: Got request, running >> modules... >> [2011/08/01-11:48:15 - 69946] [CBPOLICYD] DEBUG: Running module: >> Access Control Plugin >> [2011/08/01-11:48:15 - 69946] [CBPOLICYD] DEBUG: Running module: >> HELO/EHLO Check Plugin >> [2011/08/01-11:48:15 - 69946] [CBPOLICYD] DEBUG: Running module: >> Greylisting Plugin >> [2011/08/01-11:48:15 - 69946] [CBPOLICYD] DEBUG: Running module: >> Quotas Plugin >> [2011/08/01-11:48:16 - 69946] [CBPOLICYD] DEBUG: Done with modules >> > What did you set the verdict to? > > Did you try send a message after that one went through? Mail only gets > verdict if at the time of sending it exceeds the quota, the quota was at 0%, > it was then pushed above limit which means the next message will get the > verdict you've defined.
Why on earth is your period 0 ? Bandwidth goes pretty fast in 0 seconds, the next second you get the same amount of bandwidth... Set the period to the amount of time you want the user to use that amount of bandwidth in.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
