服务器 Gind.cn
  1. 服务器 Gind.cn
  3. (postfix + policyd2)中执行策略时拒绝访问
Intereting Posts
如何在bash中创build一个UUID? 在生产环境中哪个更好,分割或单片VMware磁盘? 利用phpMyAdmin的translators.html testingapacheconfiguration更改 Firebox 1250e Core Failing? 为Windows 8高速caching代理服务器 命令为OS X Mavericks的传出数据包设置dscp / ToS值? 期望脚本错误发送:Spawn id exp4在执行时未打开 JSP:尝试使用mod_jkconfigurationApache2 + Tomcat6 Dovecot挂在所有login包括本地telnet 增加第二个HP SmartarraysP420i 0.5GBcaching增加速度? 为什么chroot系统调用不可用于非root用户? 本地PC浏览器的DNS查询速度较慢 备份单表MS SQL SERVER 停止memcached:。 为什么?

(postfix + policyd2)中执行策略时拒绝访问

我正在尝试使用postfix + policyd2来限制传出电子邮件的数量。 但是,当实施policyd2政策我得到拒绝访问 – 无论我做什么我被拒绝。

  • 后缀版本2.11.4
  • PolicyD2(cluebringer)版本2.0.14-1

电子邮件客户端的错误框:

发送邮件时发生错误。 邮件服务器响应:4.7.1 <[email protected]>:收件人地址被拒绝:访问被拒绝。 请检查邮件收件人[email protected],然后重试。

当我closures后缀/etc/postfix/main.cf policyd2一切正常: 

 smtpd_end_of_data_restrictions=check_policy_service inet:127.0.0.1:10031 smtpd_recipient_restrictions=check_policy_service inet:127.0.0.1:10031,

如果我打开它,这是我得到/var/log/maillog

 postfix/smtpd[3228]: >>> START Helo command RESTRICTIONS <<< postfix/smtpd[3228]: generic_checks: name=reject_invalid_helo_hostname postfix/smtpd[3228]: reject_invalid_hostaddr: [192.168.0.10] postfix/smtpd[3228]: generic_checks: name=reject_invalid_helo_hostname status=0 postfix/smtpd[3228]: >>> END Helo command RESTRICTIONS <<< postfix/smtpd[3228]: >>> START Recipient address RESTRICTIONS <<< postfix/smtpd[3228]: generic_checks: name=check_policy_service postfix/smtpd[3228]: trying... [127.0.0.1] postfix/smtpd[3228]: auto_clnt_open: connected to 127.0.0.1:10031 postfix/smtpd[3228]: send attr request = smtpd_access_policy postfix/smtpd[3228]: send attr protocol_state = RCPT postfix/smtpd[3228]: send attr protocol_name = ESMTP postfix/smtpd[3228]: send attr client_address = 88.88.88.88 postfix/smtpd[3228]: send attr client_name = example.pl postfix/smtpd[3228]: send attr reverse_client_name = example.pl postfix/smtpd[3228]: send attr helo_name = [192.168.0.10] postfix/smtpd[3228]: send attr sender = [email protected] postfix/smtpd[3228]: send attr recipient = [email protected] postfix/smtpd[3228]: send attr recipient_count = 0 postfix/smtpd[3228]: send attr queue_id = postfix/smtpd[3228]: send attr instance = c9c.5584b989.ab0c0.0 postfix/smtpd[3228]: send attr size = 368 postfix/smtpd[3228]: send attr etrn_domain = postfix/smtpd[3228]: send attr stress = postfix/smtpd[3228]: send attr sasl_method = PLAIN postfix/smtpd[3228]: send attr sasl_username = [email protected] postfix/smtpd[3228]: send attr sasl_sender = postfix/smtpd[3228]: send attr ccert_subject = postfix/smtpd[3228]: send attr ccert_issuer = postfix/smtpd[3228]: send attr ccert_fingerprint = postfix/smtpd[3228]: send attr ccert_pubkey_fingerprint = postfix/smtpd[3228]: send attr encryption_protocol = TLSv1 postfix/smtpd[3228]: send attr encryption_cipher = ECDHE-RSA-AES256-SHA postfix/smtpd[3228]: send attr encryption_keysize = 256 postfix/smtpd[3228]: 127.0.0.1:10031: wanted attribute: action postfix/smtpd[3228]: input attribute name: action postfix/smtpd[3228]: input attribute value: DEFER postfix/smtpd[3228]: 127.0.0.1:10031: wanted attribute: (list terminator) postfix/smtpd[3228]: input attribute name: (end) postfix/smtpd[3228]: check_table_result: inet:127.0.0.1:10031 DEFER policy query postfix/smtpd[3228]: NOQUEUE: reject: RCPT from example.pl[88.88.88.88]: 450 4.7.1 <[email protected]>: Recipient address rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[192.168.0.10]> postfix/smtpd[3228]: generic_checks: name=check_policy_service status=2 postfix/smtpd[3228]: >>> END Recipient address RESTRICTIONS <<< postfix/smtpd[3228]: > example.pl[88.88.88.88]: 450 4.7.1 <[email protected]>: Recipient address rejected: Access denied postfix/smtpd[3228]: watchdog_pat: 0x83b23a8

政策示例。

创build策略: 

 INSERT INTO policies VALUES (1, 'In Out', 10, 'In Out Policy', 0); INSERT INTO policy_members VALUES (1, 1, 'any', 'any', '' ,0);

添加配额 – 操作: 

 INSERT INTO quotas (PolicyID,Name,Track,Period,Verdict,Data) VALUES (1,'Sender:user@domain', 'Sender:user@domain', 60, 'DEFER', 'Deferring: To many messages from sender in last 60s.'); INSERT INTO quotas (PolicyID,Name,Track,Period,Verdict,Data) VALUES (1,'Recipient:@domain', 'Recipient:@domain', 60, 'REJECT', 'Quota limit reached.');

添加配额限制: 

 INSERT INTO quotas_limits (QuotasID, Type, CounterLimit) VALUES (1,'MessageCount', 12); INSERT INTO quotas_limits (QuotasID, Type, CounterLimit) VALUES (2,'MessageCount', 20);

不能使用networkinggui(没有PHP) – 所以我不知道这是否是正确的。 正在search并尝试不同的政策示例,但错误仍然完全相同。

policyd2 sqlite3数据库文件的权限是错误的。

PolicyD2能够以特定的用户身份运行守护进程,在我的情况下: 

 /etc/policyd.conf # User to run this daemon as user=policyd group=policyd

数据库的权限是root:root。 

 -rw-r--r-- root root policyd2.db

更改为policyd:policyd后,我可以发送电子邮件。 

 -rw-r--r-- policyd policyd policyd2.db

现在Acces否认错误是有道理的。