On Sun, Aug 05, 2012 at 05:17:11PM -0400, CSS wrote: > > On Jul 26, 2012, at 3:11 AM, Robert Anderson wrote: > > > On 25/07/2012 10:16, CSS wrote: > >> I've run into a small issue with my very basic "match all > >> sasl-authenticated users" policy (ID 6 below in both the policies and > >> policy_members tables). > >> > >> sqlite> select * from policies; > >> 1|Default|0|Default System Policy|0 > >> 6|outbound mail|10|put sasl-auth and any other outbound groups here|0 > >> 7|outbound-test|20|testing|1 > >> > >> sqlite> select * from policy_members; > >> 1|1||||0 > >> 6|6|$*|any|match sasl-auth users|0 > >> 7|7|[email protected]|any|testing|0 > >> > >> I see normal users that are connecting with a mail client being tracked, > >> and I think I'm grabbing all of them. However I just enabled smtp-auth in > >> roundcube so I can also track my webmail users. According to Postfix, > >> this is working: > >> > >> Jul 25 03:58:31 hc1 postfix/smtpd[25015]: connect from hc2.foo.com[x.x.x.x] > >> Jul 25 03:58:32 hc1 postfix/smtpd[25015]: F40808FD9D: > >> client=hc2.foo.com[x.x.x.x], sasl_method=PLAIN, > >> [email protected] > >> > >> And compared to another message I sent as another user via a normal MUA: > >> > >> Jul 25 03:49:50 hc1 postfix/smtpd[23814]: connect from y.y.y.y[y.y.y.y] > >> Jul 25 03:49:51 hc1 cbpolicyd[23779]: module=Quotas, mode=update, > >> host=y.y.y.y, helo=frankentosh.foo.com, [email protected], > >> [email protected], reason=quota_update, policy=6, quota=3, limit=4, > >> track=SASLUsername:[email protected], counter=MessageCount, quota=1.00/100 > >> (1.0%) > >> Jul 25 03:49:51 hc1 postfix/smtpd[23814]: 218D178B5D: > >> client=y.y.y.y[y.y.y.66], sasl_method=PLAIN, [email protected] > >> > >> What might account for the difference?
> >> > >> The only thing of note here is that the IP that the mail server, smtpd and > >> roundcube are using are all the same IP. Could this be triggering some > >> type of ignore? > > Sure, see below. Sorry for the delay, I wanted to check if swapping around > policyd's listening IP to be different from the local ssmtp submission IP > would have any effect - no change. Increasing the log_level on policyd > doesn't seem to generate much more info, but it's set to "4" below. Just for > comparison purposes, I'm showing both a local ssmtp smtp-auth session > (postfix logs confirm sasl auth happening) and a remote so you can see the > difference in the two sessions. policyd is totally silent on the local > smtp-auth connection... > > > Also, just for reference, > > policyd's logging and configuration + postfix log. > > Also below, do let me know if you want to see anything else... > > Thanks, > > Charles > smtpd_end_of_data_restrictions = check_policy_service inet:x.x.x.216:10031 > > smtpd_recipient_restrictions = permit_mynetworks, > check_policy_service inet:x.x.x.216:10031, > permit_sasl_authenticated, check_client_access > regexp:/usr/local/etc/postfix/maps/relaying_stoplist, > reject_invalid_hostname, reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > reject_unauth_destination, permit > I'm going to guess that these restrictions are specified differently in your master.cf for your localhost SMTPd service. -- Scott Lambert KC5MLE Unix SysAdmin [email protected] _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
