On Jul 24, 2012, at 2:42 AM, Robert Anderson wrote:
> On 24/07/2012 08:18, CSS wrote:
>> I've had no problems building or installing, but I'm really lost on
>> just where to start - I see there's a web interface, but the docs
>> seem to refer to configuration items to define policies/groups that
>> would go in a config file (but don't look like they belong in
>> cluebringer.conf). So there's that...
>
> Policyd by default comes with some policies you can use as a starting
> point, changing them as needed. There is nothing stopping you from
> removing / disabling them and defining your own, though. Take a look at
> policy groups and policy group members, they're linked to policies which
> will run in order of priority (0-100, 0 being highest priority).
>
> cluebringer.conf defines how policyd operates, what modules to run,
> logging, database access etc. but policy configuration is stored in the
> database, which the web interface has access to.
>
>> Next, I have a number of domains. They get added, deleted via our
>> control panel - is my only route to determining inbound vs. outbound
>> email to define internal domains and match on that? Might matching
>> on any auth'd sasl user work, and if so, what does that match look
>> like (this would be preferred).
>
> Have a look here: http://wiki.policyd.org/policies#specifications
> This should give you an idea of what options you have. $sasl_username
> seems to be what you're after. There's also $* for any SASL username and
> $- for no SASL username.
OK, I think I kind of get it. I've got a test rule setup, and I think it's
working. Goal is any sasl-auth user can send up to 100 messages an hour.
Here's what's relevant in the db:
sqlite> select * from policies;
1|Default|0|Default System Policy|0
6|outbound mail|10|put sasl-auth and any other outbound groups here|0
7|outbound-test|20|testing|1
("outbound mail" is the policy I'm trying to match on, outbound-test was a test
of a single username)
sqlite> select * from policy_members;
1|1||||0
6|6|$*|any|match sasl-auth users|0
7|7|[email protected]|any|testing|0
sqlite> select * from quotas;
1|5|Recipient quotas|Recipient:user@domain|3600|REJECT|||0
2|5|Quota on all /24s|SenderIP:/24|3600|REJECT|||0
3|6|limit_sending|SASLUsername|3600|REJECT|100|3600 is period in secs
data is messages in period|0
4|7|outbound test|SASLUsername|300|REJECT|4|testing|0
(I have no idea what the first two are, don't see them in webui)
sqlite> select * from quotas_limits;
1|1|MessageCount|10||0
2|1|MessageCumulativeSize|8000||0
3|2|MessageCount|12||0
4|3|MessageCount|100||0
5|4|MessageCount|4||0
(same here, the last two are mine, not sure about the others)
And here's me being tracked:
sqlite> select * from quotas_tracking;
4|SASLUsername:[email protected]|1343121141|1.9325
(not sure how 2 messages = 1.9325 though)
And in the logs, it looks like the right plan; 100 messages/hour:
Jul 24 05:08:18 hc1 cbpolicyd[38772]: module=Quotas, mode=create, host=x.x.x.x,
helo=frankentosh.foo.com, [email protected], [email protected],
reason=quota_create, policy=6, quota=3, limit=4,
track=SASLUsername:[email protected], counter=MessageCount, quota=1.00/100 (1.0%)
Does anyone see anything obviously out of whack here?
> Hope this helps.
Very much so, thanks.
Charles
> _______________________________________________
> Users mailing list
> [email protected]
> http://lists.policyd.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
