1 (edited by jstewart 2018-12-01 04:56:57)

Topic: Throttling

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Centos &
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Question about inbound throttling - I'd like to set inbound for a domain at 250 messages per day, but I would like to allow specific inbound emails from outside to a higher threshold. Is that possible?

Addendum.
Inbound throttling doesn't seem to be working. I set one account to throttle inbound to 4 max per day, and so far I have sent 10 emails, and all went through. Am I missing something?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Throttling

iRedAdmin-Pro doesn't support setting throttle for external users, but the throttling plugin supports this.
You can find more details and sample in this file (comment lines):
https://bitbucket.org/zhb/iredapd/src/d … hrottle.py

3 (edited by jstewart 2018-12-02 22:22:32)

Re: Throttling

ZhangHuangbin wrote:

iRedAdmin-Pro doesn't support setting throttle for external users, but the throttling plugin supports this.
You can find more details and sample in this file (comment lines):
https://bitbucket.org/zhb/iredapd/src/d … hrottle.py

That plugin is installed and activated - has been since the install.

# Recipient restrictions
smtpd_recipient_restrictions =
    permit_mynetworks
    reject_non_fqdn_recipient
    reject_unlisted_recipient
    check_policy_service inet:127.0.0.1:7777
    permit_sasl_authenticated
    reject_unauth_destination

# END-OF-MESSAGE restrictions
smtpd_end_of_data_restrictions =
    check_policy_service inet:127.0.0.1:7777

I have inbound throttling set in the admin interface, the entries are in the "throttle" table, but throttling is not happening.

The newest iredapd is installed.

4

Re: Throttling

jstewart wrote:

Question about inbound throttling - I'd like to set inbound for a domain at 250 messages per day, but I would like to allow specific inbound emails from outside to a higher threshold. Is that possible?

OK, could you please re-describe this requirement with some sample domains? i'm afraid that i don't quite understand what you want. You can use "mydomain.com" for your own (or hosted) domain in your description, and "gmail.com" for external domain.

5 (edited by jstewart 2018-12-04 01:33:14)

Re: Throttling

ZhangHuangbin wrote:
jstewart wrote:

Question about inbound throttling - I'd like to set inbound for a domain at 250 messages per day, but I would like to allow specific inbound emails from outside to a higher threshold. Is that possible?

OK, could you please re-describe this requirement with some sample domains? i'm afraid that i don't quite understand what you want. You can use "mydomain.com" for your own (or hosted) domain in your description, and "gmail.com" for external domain.

domain hosted my iredmail: mydomain.com
any inbound mail throttled to 250 messages per day per account
Ideally, I would also like:

-incoming mail to mydomain.com limited to 500 messages per day total from any outside domain, not just per local account.

-ability to allow 1000 (or any number) messages total per day from selected outside domains, let's say gmail.com 1000 per day and somedomain2.com 750 per day.

As I said, inbound throttling is turned on and set to 250 messages per day per account
One test account I set to only 4 messages per day.
Throttling does not appear to be working, as I can send the account that is set to only four messages per day dozens of messages from anywhere, and they are all processed and delivered to the account.

Update - it seems that neither inbound nor outbound throttling is working. The database table throttle_tracking is being updated with the cur_msgs incrementing properly the tid appears correct, but it seems that the system isn't reading the settings from the throttle table. My test account is set to throttle at 3 messages outbound and 4 messages inbound, but I send as many emails from the account as I want, and all inbound mail is arriving as well.

6

Re: Throttling

Did you try this throttle setting for external domain/sender/ip?
https://bitbucket.org/zhb/iredapd/src/7 … #lines-128

jstewart wrote:

Update - it seems that neither inbound nor outbound throttling is working. The database table throttle_tracking is being updated with the cur_msgs incrementing properly the tid appears correct, but it seems that the system isn't reading the settings from the throttle table. My test account is set to throttle at 3 messages outbound and 4 messages inbound, but I send as many emails from the account as I want, and all inbound mail is arriving as well.

Try to turn on debug mode in iRedAPD, it logs more detailed message for troubleshooting.
FYI: https://docs.iredmail.org/debug.iredapd.html

7 (edited by jstewart 2018-12-06 21:43:39)

Re: Throttling

ZhangHuangbin wrote:

Did you try this throttle setting for external domain/sender/ip?
https://bitbucket.org/zhb/iredapd/src/7 … #lines-128

jstewart wrote:

Update - it seems that neither inbound nor outbound throttling is working. The database table throttle_tracking is being updated with the cur_msgs incrementing properly the tid appears correct, but it seems that the system isn't reading the settings from the throttle table. My test account is set to throttle at 3 messages outbound and 4 messages inbound, but I send as many emails from the account as I want, and all inbound mail is arriving as well.

Try to turn on debug mode in iRedAPD, it logs more detailed message for troubleshooting.
FYI: https://docs.iredmail.org/debug.iredapd.html

This user is throttled to max 3 outbound per day. I send 5, and they all went through

2018-12-06 08:32:16 DEBUG smtp session: request=smtpd_access_policy
2018-12-06 08:32:16 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2018-12-06 08:32:16 DEBUG smtp session: protocol_name=ESMTP
2018-12-06 08:32:16 DEBUG smtp session: client_address=127.0.0.1
2018-12-06 08:32:16 DEBUG smtp session: client_name=localhost
2018-12-06 08:32:16 DEBUG smtp session: reverse_client_name=localhost
2018-12-06 08:32:16 DEBUG smtp session: helo_name=_
2018-12-06 08:32:16 DEBUG smtp session: sender=sender@mydomain.com
2018-12-06 08:32:16 DEBUG smtp session: recipient=receiver@gmail.com
2018-12-06 08:32:16 DEBUG smtp session: recipient_count=1
2018-12-06 08:32:16 DEBUG smtp session: queue_id=4DC8F42C74C3
2018-12-06 08:32:16 DEBUG smtp session: instance=1526.5c0924e0.4d90e.0
2018-12-06 08:32:16 DEBUG smtp session: size=375
2018-12-06 08:32:16 DEBUG smtp session: etrn_domain=
2018-12-06 08:32:16 DEBUG smtp session: stress=
2018-12-06 08:32:16 DEBUG smtp session: sasl_method=LOGIN
2018-12-06 08:32:16 DEBUG smtp session: sasl_username=sender@mydomain.com
2018-12-06 08:32:16 DEBUG smtp session: sasl_sender=
2018-12-06 08:32:16 DEBUG smtp session: ccert_subject=
2018-12-06 08:32:16 DEBUG smtp session: ccert_issuer=
2018-12-06 08:32:16 DEBUG smtp session: ccert_fingerprint=
2018-12-06 08:32:16 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-12-06 08:32:16 DEBUG smtp session: encryption_protocol=TLSv1
2018-12-06 08:32:16 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-12-06 08:32:16 DEBUG smtp session: encryption_keysize=256
2018-12-06 08:32:16 DEBUG LDAP connection initialied success.
2018-12-06 08:32:16 DEBUG LDAP bind success.
2018-12-06 08:32:16 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-12-06 08:32:16 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-12-06 08:32:16 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-12-06 08:32:16 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2018-12-06 08:32:16 DEBUG --> Apply plugin: throttle
2018-12-06 08:32:16 DEBUG Found sasl_username, consider this sender as an internal sender.
2018-12-06 08:32:16 DEBUG Check sender throttling.
2018-12-06 08:32:16 DEBUG [LDAP] query target domain of given alias domain (cyg.net).
2018-12-06 08:32:16 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=cyg.net)))
2018-12-06 08:32:16 DEBUG result: []
2018-12-06 08:32:16 DEBUG [SQL] Query throttle setting:
2018-12-06 08:32:16 DEBUG [SQL] Query result:
2018-12-06 08:32:16 DEBUG sender throttle setting: msg_size=0 (bytes)/id=9/account=sender@mydomain.com; max_msgs=3/id=9/account=sender@mydomain.com; max_quota=0 (bytes)/id=9/account=sender@mydomain.com;
2018-12-06 08:32:16 DEBUG [SQL] Query throttle tracking data:
2018-12-06 08:32:16 DEBUG [SQL] Query result:
2018-12-06 08:32:16 DEBUG Tracking IDs: {(9L, 'sender@mydomain.com'): 256284L}
2018-12-06 08:32:16 INFO [127.0.0.1] sender throttle, sender@mydomain.com -> msg_size (375/0, period: 86400 seconds, time left: 23 hours, 59 minutes, 14 seconds)
2018-12-06 08:32:16 INFO [127.0.0.1] sender throttle, sender@mydomain.com -> max_quota (1125/0, period: 86400 seconds, time left: 23 hours, 59 minutes, 14 seconds)
2018-12-06 08:32:16 DEBUG [SQL] Update tracking record(s):
2018-12-06 08:32:16 DEBUG [OK] Passed all sender throttle settings.
2018-12-06 08:32:16 DEBUG Bypass recipient throttling (found sasl_username).
2018-12-06 08:32:16 DEBUG <-- Result: DUNNO
2018-12-06 08:32:16 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2018-12-06 08:32:16 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2018-12-06 08:32:16 DEBUG Session ended.
2018-12-06 08:32:16 INFO [127.0.0.1] END-OF-MESSAGE, sender@mydomain.com => receiver@gmail.com, DUNNO [recipient_count=1, size=375, process_time=0.0084s]
2018-12-06 08:32:16 DEBUG Close LDAP connection.

Why would it be skipping these:
2018-12-06 08:32:16 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-12-06 08:32:16 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-12-06 08:32:16 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-12-06 08:32:16 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)

They are enabled in settings.py, and files are in the plugins folder

8

Re: Throttling

jstewart wrote:

Why would it be skipping these:
2018-12-06 08:32:16 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-12-06 08:32:16 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-12-06 08:32:16 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-12-06 08:32:16 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)

Postfix will send info to iRedAPD TWICE for EACH email, with protocol_state == RCPT and END-OF-MESSAGE.
These skipped plugins are applied in RCPT state, and you didn't copy its log from iRedAPD log file.

Throttling for max messages is applied in RCPT, please check iRedAPD log again, copy them here for troubleshooting.

9

Re: Throttling

I finally figured out why throttling wasn't kicking in for me.
I had put "check_policy_service inet:127.0.0.1:7777" after "permit_mynetworks" in smtpd_recipient_restrictions
Changing it's position to before and now throttling is working exactly as it should.

Thought I would share that in case anyone else has a similar problem.