我想使用postfwd版本2来限制我的saslauthentication用户发送的每日邮件数量。
我安装了最新的tarball:postfwd-1.35和Centos 6.4的最新的postfix
在我我只有这个规则
id=RULEZEROSASL sasl_username=~/^(\S+)$/ action=rcpt(sasl_username/500/86400/REJECT only 500 recipients per day for $$sasl_username)
它应该只拒绝具有authentication用户的邮件(不是来自信任的邮件服务器的邮件)。
我postfwd2监听tcp 10045和我的后缀main.cf我有
# Restriction Classes smtpd_restriction_classes = postfwdcheck postfwdcheck = check_policy_service inet:127.0.0.1:10045 127.0.0.1:10045_time_limit = 3600 ... smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_tls_clientcerts reject_unauth_destination check_recipient_access hash:/etc/postfix/access reject_invalid_helo_hostname # postfwd con rate limiting check_policy_service inet:127.0.0.1:10045 warn_if_reject reject_non_fqdn_helo_hostname warn_if_reject reject_unknown_helo_hostname warn_if_reject reject_unknown_client reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain warn_if_reject reject_unverified_sender reject_unverified_recipient reject_rbl_client zen.spamhaus.org permit
在/ etc / postfix / policy中
. postfwdcheck
我在日志和命令中看不到规则匹配条目
postfwd2 -vv --dumpcache -f /etc/postfwd.cf
显示请求号码
[STATS] postfwd2::policy 1.35: **5** requests since 0 days, 01:05:31 hours
仅增加手动testing:
nc 127.0.0.1 10045 <request.sample
任何想法为什么postfwd不参与postfix?
Postfix限制类可以返回三个答案,OK,REJECT或DUNNO,通常它们有(OK,DUNNO)或(REJECT,DUNNO),因为postfix的function方式。 DENY和OK意味着其余的检查被忽略,DUNNO意味着进行下一个检查。
所以,在你的情况下, permit_mynetworks或permit_sasl_authenticated返回OK,所以它不会进一步检查smtpd_recipient_restrictions ,尽pipe你可以把它放在另一个限制类,然后首先必须返回OK,邮件被转发。
您不应该对“action = rcpt(…)”使用“smtpd_recipient_restrictions”,因为它需要知道recipient_count属性。 从手册页:
rcpt (<item>/<max>/<time>/<action>) this command works similar to the rate() command with the difference, that the rate counter is increased by the request's recipient_count attribute. to do this reliably you should call postfwd from smtpd_data_restrictions or smtpd_end_of_data_restrictions. if you want to be sure, you could check it within the ruleset: # recipient count limit 3 per hour per client id=RCPT01 ; protocol_state==END-OF-MESSAGE ; client_address!=10.1.1.1 action=rcpt(client_address/3/3600/450 4.7.1 sorry, max 3 recipients per hour)
因此,如果您在smtpd_data_restrictions中使用“check_policy_service inet:127.0.0.1:10045”,它将起作用。 希望如此。