On 09/28/2014 12:17 AM, Leonardo Rodrigues wrote:
Hi,
I have been using the old policyd v1.82 for greylisting for long
time now. It simply works, i always tought it's configuration prety
easy, so never updated.
Now i need to enforce quotas on message counts on a server only
for external users (no need to enforce quotas for internal IPs and for
receiving messages) and, despite the fact v1.82 can do that, i decided
to go for cluebringer. Install was easy, creating and importing the
database to MySQL as well, no problem getting the web interface
running. But, i must confess, i'm having a hard time understanding how
policyd v2.0 works and the correct way to configure it.
1) policies priorities are processed in ascending way, 0 first(from
the website). Giving that, wouldnt the 'Default / Default System
Policy' which is source any destination any, allow EVERYTHING ?
2) do i need to have the policis 'default inbound', 'default
outbound', 'default internal' or that's just a suggestion of
easy-to-understand configuration ?
These are just an example, I'd suggest removing them and starting from
scratch.
3) I'm looking to acchieve a simplesetup: internal IPs would have NO
quota limitations, some SASL authenticated users will have NO
limitation as well, message TO my domains will have no limitation, all
other SASL authenticated users will be quota enforced. I was thinking
on doing:
- Policy 'internal IPs', priority 10, source %internal_ips (group),
destination any
- Policy 'users without quota', priority 20, source %users_no_quota
(group), destination any
- Policy 'quota enforcement', priority 30, source
'!%ips_internos,!%sasl_excecao,$*', destination !%internal_domains
internal_ips groups would be populated with my internal networks and
could even get some external IP that relays to my server and i'd like
to quota-whitelist it
internal_domains group would be populated with my internal domains
users_no_quota group would be populated with users that i do NOT want
to quota enforce
quota would be created as
- track SASLUsername
- period 3600 (1 hour)
- link to policy: quota enforcement
- verdict Reject
- data: empty (actually i do not understand what i should enter here,
hope empty is correct)
quota limits
- type MessageCount, Counter Limit 300
question: did i understand it correct how policyd v2 works ? will that
configuration make me acchieve my goals ?
Just remember multiple policies can be matched, you can use exclusions
to negate matches. I don't see any problems on a first look, apart from
a possibility of a mail matching more than 1 policy.
last question: when populating my internal_domains group, the help
popup shows me to use '@domain.com' to match the domain. That's OK. I
was looking for matching subdomainsas wellas some domains have LOTS of
subdomains like 'xxx.domain.com'. Will using '.domain.com' matches
domain and its subdomains or i really need to add the subdomains one
by one ?
There is quite a few matching possibilities listed on the wiki, best to
check there for everything supported.
http://www.policyd.org
-N
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
