Carlos Martinez wrote: >I want to implement a global policy that constrains the outbound >messages to 100 by day per user. >By now, I've created the following configuration in the Policyd Web >Administration: > >Name: Limit msgs by user >Link to policy: Default Outbond >Track: SASLUsername >Period: 86400 >Verdict: REJECT >Data: 550 5.4.6 Email Sending Quota Exceeded >Comment: Email Limit for e-mail accounts (100 msg/day) >Disabled: yes (It is disabled while the configuration is terminated). > >My questions are: >Is it right set "Default Outbond" on Link to policy? >How can I tell to policyd that I want to limit de outbound messages >to 100 by day for everyone? >Where can I configure exceptions to this policy?
Tackling your questions a little out of order ... What you need to do is configure one or more policies that match only inbound messages, and one or more policies that match only outbound messages. By doing this, you can have different policies for inbound and outbound. To allow exceptions, create a new policy that applies to members of a group, and edit the main policy to exclude members of this group. So on my system, for outbound I have : SASL users - the default policy Members: $*,!%hi-vol-sasl,!%My_Network SASL high volume users - for users allowed a higher volume Members: %hi-vol-sasl Internal & SASL - mail from our internal systems Members: %My_Network,$*,!%hi-vol-sasl Local - mail originating on this machine Members: %internal_ips Then for the groups I have : My_Network: a.b.c.d/nn - ie our public IPs internal_ips: 127.0.0.0/8 - the addresses local mail could come from hi-vol-sasl: multiple entries of the form [email protected] So by default, a normal user will match only "SASL users" and the controls configured for that policy will apply. If the user is one of the select few allowed a higher quota, then I add their SASL login to the hi-vol-sasl group and then they no longer match "SASL users" but match "SASL high volume users" instead. This could be expended to allow an intermediate grade as well, but the inclusions/exclusions get a bit more fiddly. The only thing left is to set your quotas. Bear in mind that setting a quota of 100/day doesn't mean the user can only send 1 email per 14.4 minutes. In practice they could send 100 messages in one go, and then be throttled to dribble them out at 1 per 14.4 minutes approx. As they send messages, a rolling counter is clocked up - and then this "decays" over time. The overall effect is that the user will be restricted to about 100 messages/day in the long term. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
