postfwd不限速sasl用户

我想使用postfwd版本2来限制我的saslauthentication用户发送的每日邮件数量。

我安装了最新的tarball:postfwd-1.35和Centos 6.4的最新的postfix

在我我只有这个规则

id=RULEZEROSASL sasl_username=~/^(\S+)$/ action=rcpt(sasl_username/500/86400/REJECT only 500 recipients per day for $$sasl_username) 

它应该只拒绝具有authentication用户的邮件(不是来自信任的邮件服务器的邮件)。

我postfwd2监听tcp 10045和我的后缀main.cf我有

 # Restriction Classes smtpd_restriction_classes = postfwdcheck postfwdcheck = check_policy_service inet:127.0.0.1:10045 127.0.0.1:10045_time_limit = 3600 ... smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_tls_clientcerts reject_unauth_destination check_recipient_access hash:/etc/postfix/access reject_invalid_helo_hostname # postfwd con rate limiting check_policy_service inet:127.0.0.1:10045 warn_if_reject reject_non_fqdn_helo_hostname warn_if_reject reject_unknown_helo_hostname warn_if_reject reject_unknown_client reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain warn_if_reject reject_unverified_sender reject_unverified_recipient reject_rbl_client zen.spamhaus.org permit 

在/ etc / postfix / policy中

 . postfwdcheck 

我在日志和命令中看不到规则匹配条目

 postfwd2 -vv --dumpcache -f /etc/postfwd.cf 

显示请求号码

 [STATS] postfwd2::policy 1.35: **5** requests since 0 days, 01:05:31 hours 

仅增加手动testing:

  nc 127.0.0.1 10045 <request.sample 

任何想法为什么postfwd不参与postfix?

Postfix限制类可以返回三个答案,OK,REJECT或DUNNO,通常它们有(OK,DUNNO)或(REJECT,DUNNO),因为postfix的function方式。 DENY和OK意味着其余的检查被忽略,DUNNO意味着进行下一个检查。

所以,在你的情况下, permit_mynetworkspermit_sasl_authenticated返回OK,所以它不会进一步检查smtpd_recipient_restrictions ,尽pipe你可以把它放在另一个限制类,然后首先必须返回OK,邮件被转发。

您不应该对“action = rcpt(…)”使用“smtpd_recipient_restrictions”,因为它需要知道recipient_count属性。 从手册页:

  rcpt (<item>/<max>/<time>/<action>) this command works similar to the rate() command with the difference, that the rate counter is increased by the request's recipient_count attribute. to do this reliably you should call postfwd from smtpd_data_restrictions or smtpd_end_of_data_restrictions. if you want to be sure, you could check it within the ruleset: # recipient count limit 3 per hour per client id=RCPT01 ; protocol_state==END-OF-MESSAGE ; client_address!=10.1.1.1 action=rcpt(client_address/3/3600/450 4.7.1 sorry, max 3 recipients per hour) 

因此,如果您在smtpd_data_restrictions中使用“check_policy_service inet:127.0.0.1:10045”,它将起作用。 希望如此。