Topic: Sender throttling with Policyd on Debian Squeeze
The standard IRedMail instructions for throttling contain errors (for Debian Squeeze) and are very unclear in places (to me at least). Here's how I got it working. I'm posting this as a way of giving back and I hope it helps others. Be warned that until you do the following, there is NO throttling. If a spammer gets hold of an account, they can, and will, blast away until your mail server is on every blacklist in existence. iRedMail version is 0.7.3.
There are two files in /etc you need to be concerned with: postfix-policyd.conf and postfix-policyd_throttle.conf. The instructions wrongly refer to a postfix-policyd_sender_throttle.conf which doesn't exist. You could rename postfix-policyd_throttle.conf if you really want, but I'll assume you don't.
Now edit postfix-policyd.conf (in /etc), and be sure the following are set as indicated. Most should already be set, but just in case. Warning: This is NOT the complete file!
SENDERTHROTTLE=0
SENDER_THROTTLE_SASL=0
SENDER_THROTTLE_HOST=0
RECIPIENTTHROTTLE=1Now edit postfix-policyd_throttle.conf (in /etc), and be sure the following are set as indicated. Most should already be set, but just in case they aren't, I've listed them. You are turning off almost everything because the other policyd config file will handle that. Warning: This is NOT the complete file!
SENDERTHROTTLE=1
SENDER_THROTTLE_SASL=1
SENDER_THROTTLE_HOST=0
RECIPIENTTHROTTLE=0
WHITELISTING=0 #If 1, throttling won't work!
BLACKLISTING=0
BLACKLIST_HELO=0
BLACKLISTSENDER=0
HELO_CHECK=0
SPAMTRAPPING=0
GREYLISTING=0Create the file below as /etc/init.d/postfix-policyd_throttle. This is the complete file.
#! /bin/sh
### BEGIN INIT INFO
# Provides: postfix-policyd_throttle
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/postfix-policyd
CONFIG=/etc/postfix-policyd_throttle.conf
PIDFILE='/var/run/policyd_throttle.pid'
NAME=postfix-policyd_throttle
DESC="Postfix throttling policy daemon"
test -x $DAEMON || exit 0
# Include policyd defaults if available
#if [ -f /etc/default/postfix-policyd ] ; then
# . /etc/default/postfix-policyd
#fi
set -e
PIDFILE=`grep "PIDFILE" $CONFIG | awk -F "=" '{print $2}' | awk '{print $1}'`
case "$1" in
start)
echo -n "Starting $DESC: "
start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- -c $CONFIG
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
echo "$NAME."
;;
reload|force-reload)
echo -n "Reloading $DESC configuration: "
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON
echo "$NAME."
;;
restart)
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
sleep 1
start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- -c $CONFIG
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0Now set up and restart your policyd daemons by running the following commands:
update-rc.d postfix-policyd_sender_throttle defaults
/etc/init.d/postfix-policyd_sender_throttle restart
/etc/init.d/postfix-policyd restartNow run the following command to see if everything is working right. You should get two lines of output, with the important parts shown below:
netstat -ntlp | grep -i 1003
tcp 0 0 127.0.0.1:10031 0.0.0.0:*
tcp 0 0 127.0.0.1:10032 0.0.0.0:*Next, make one edit in /etc/postfix/main.cf. The following line should already be there, but commented out. Uncomment it. If it's not there, add it.
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10032Finally, force postfix to re-read your new configuration.
postfix reloadIf it works, you'll find lines similar to the following in /var/log/mail.log.
postfix-policyd: rcpt=81, throttle=update(a), host=127.0.0.1,
from=robert@example.com, to=someone@spamtrap.net, size=1749/10240000,
quota=30611/250000000, count=9/50(9), rcpt=9/3600(9), threshold=0%|16%|0%Setting individual quotas
If you want to set an individual quota, you'll need to use some sql. IRedMail does come with phpmyadmin, which makes this much easier. This needs to entered in the postfixpolicyd database. A sample sql statement to set robert@example.com to 50 emails per hour would be:
INSERT INTO throttle (_from,_count_max,_quota_max,_time_limit,_mail_size,_date,_priority)
VALUES ('robert@example.com', # from address
50, # maximum messages per time unit
250000000, # size in bytes (250 megs) (maximum is 2gig)
3600, # time unit in seconds (1 day)
10240000, # maximum message size (10 meg)
UNIX_TIMESTAMP(), # current time
10); # priority of recordBased on some tests I ran, it seems the count is incremented by the number of recipients plus 1, at least for messages sent through roundcube. So if you compose a message to 3 people, your message count goes up by 4, not 3. If you compose to 1 person, your message count goes up by 2.
Also, the time unit should really be read as in the last X seconds (I think; I'm not certain what time unit it uses for expiring old counts). For example, if my limit is 50 per hour (as above), and I send 10 messages at 1:00 PM, then 15 more at 1:10 PM (total count 25), at 2:01 PM, I can send 35 more (25 unsent, plus the first 10 have now expired).
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.
