1 (edited by bradford 2019-05-07 08:03:16)

Topic: Inbound mail throttled as outbound

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 9.9 MariaDB
- Deployed with iRedMail Easy or the downloadable installer: Probably downloadable version 9.7 or before
- Linux/BSD distribution name and version: CentOS Linux release 7.6.1810 (Core)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro: Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello again,

After upgrading iRedMail, iRedAPD, iRedAdmin-Pro (SQL) we are seeing outside addresses being throttled  as "outbound".

The emails we get about the quota are like this:
Subject: Throttle quota exceeded: account@anotherdomain.tld, max_msgs=200
Body:
- User: account@anotherdomain.tld
- Client IP address: <out mail gateway ip address>
- Throttle type: outbound
- Throttle setting: max_msgs
- Limit: 200
- Detailed setting: msg_size=0 (bytes)/id=1/account=@.; max_msgs=200/id=1/account=@.; max_quota=0 (bytes)/id=1/account=@.;

Related "account" from table iredapd.throttle:

MariaDB [(none)]> select * from iredapd.throttle where account = '@.'\G;
*************************** 1. row ***************************
id: 1
account: @.
kind: outbound
priority: 0
period: 86400
msg_size: 0
max_msgs: 200
max_quota: 0
1 row in set (0.00 sec)

As you can see it's kind is "outbound", we do not have "anotherdomain.tld" listed anywhere as ours, yet it shows up as "outbound". This is the only record where priority is 0, everything else is higher. Domains are 5 and individual accounts are 10. We only have one inbound throttle and it's for an individual account.

Edit: Also, outbound quotas do work, I have set up a test account with max_msgs = 2, when I hit this quota it acts appropriately, so it's not a simple inverted where clause or something like that... or so I assume.

Let me know if you need any other information and thanks for the help!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Inbound mail throttled as outbound

Could you please turn on debug mode in iRedAPD, then send a testing email from external to trigger this issue?
I need the full original log for troubleshooting.

FYI: https://docs.iredmail.org/debug.iredapd.html

3 (edited by bradford 2019-05-14 23:59:45)

Re: Inbound mail throttled as outbound

ZhangHuangbin wrote:

Could you please turn on debug mode in iRedAPD, then send a testing email from external to trigger this issue?
I need the full original log for troubleshooting.

FYI: https://docs.iredmail.org/debug.iredapd.html

Thank you, I have attached relevant lines from iredapd and replaced IP's, hostnames, and account/domains.

We get mail from ping@foreigndomain.tld every n minutes which hits a gateway smtp.domain.tld (192.168.0.1), which then passes it on to mail.domain.tld (192.168.0.2). The mail is received and forwarded back to pong@foreigndomain.tld.

So our domain is domain.tld
Their domain is foreigndomain.tld
Our servers are {smtp, mail}.domain.tld (192.168.0.1-2)

Our account pong@domain.tld has an unlimited outbound quota and we don't throttle inbound.

Post's attachments

iredapd-debug.log 24.91 kb, 1 downloads since 2019-05-14 

You don't have the permssions to download the attachments of this post.

4

Re: Inbound mail throttled as outbound

smtp.domain.ltd (192.168.0.1) is the mail gateway, and it's IP address is listed as a trusted client (parameter "MYNETWORKS" in /opt/iredapd/settings.py), in this case, iRedAPD considers it as an internal sender like sending from iRedMail server (mail.domain.tld), so outbound throttle settings are applied.

Seems this logic is not ok for you.

Question:

1) do you want to throttle emails sent from any trusted clients?
2) Or bypass the throttling for trusted clients? This can be done by adding setting "THROTTLE_BYPASS_MYNETWORKS = True" (without quotes) in /opt/iredapd/settings.py (and restart iredapd service).

5

Re: Inbound mail throttled as outbound

ZhangHuangbin wrote:

smtp.domain.ltd (192.168.0.1) is the mail gateway, and it's IP address is listed as a trusted client (parameter "MYNETWORKS" in /opt/iredapd/settings.py), in this case, iRedAPD considers it as an internal sender like sending from iRedMail server (mail.domain.tld), so outbound throttle settings are applied.

Seems this logic is not ok for you.

Question:

1) do you want to throttle emails sent from any trusted clients?
2) Or bypass the throttling for trusted clients? This can be done by adding setting "THROTTLE_BYPASS_MYNETWORKS = True" (without quotes) in /opt/iredapd/settings.py (and restart iredapd service).

This was my suspicion but it doesn't make much sense to be categorized as outbound when the message is received and delivered to a local mailbox.

I have removed the gateway from MYNETWORKS (from /opt/iredapd/settings.py) and restarted the iredapd service, the quota still applies. Incoming mail from the gateway (and from domains not ours) get throttled (mail is rejected).

To answer your question though, we only throttle our own accounts sending out, max of say 200 out per 24 hours. This is why I simply removed the gateway from MYNETWORKS.

The "DEBUG: [SQL] Query throttle setting" is:

SELECT id, account, priority, period, max_msgs, max_quota, msg_size
FROM throttle
WHERE kind='outbound' AND account IN ('192.168.0.1', '@ip', 'ping@remotedomain.tld', '@remotedomain.tld', '@.', '@.remotedomain.tld', '@.com', '192.168.0.*', '192.168.*.1')
ORDER BY priority DESC

The result of this is:

id: 1
account: @.
priority: 0
period: 86400
max_msgs: 200
max_quota: 0
msg_size: 0
1 row in set (0.00 sec)

What is "@." and is this causing the quota to be applied to anyone?

6

Re: Inbound mail throttled as outbound

"@." is a catch-all account for global setting, if no per-user or per-domain throttle setting found, global setting will be applied.

The problem is why iRedAPD considers the email is outbound. If removed from MYNETWORKS, it should be considered as inbound. Do you have detailed debug log (after removed from MYNETWORKS)?

7

Re: Inbound mail throttled as outbound

ZhangHuangbin wrote:

Do you have detailed debug log (after removed from MYNETWORKS)?

Here is from service start:

May 22 07:42:30 mail.domain.tld systemd[1]: Starting iRedAPD (A simple posfix policy server)...
May 22 07:42:30 mail.domain.tld python2[7892]: iredapd INFO: Starting iRedAPD (version: 2.7, backend: mysql), listening on 127.0.0.1:7777.
May 22 07:42:30 mail.domain.tld python2[7892]: iredapd INFO: Loading plugin (priority: 100): reject_null_sender
May 22 07:42:30 mail.domain.tld python2[7892]: iredapd INFO: Loading plugin (priority: 99): wblist_rdns
May 22 07:42:30 mail.domain.tld python2[7892]: iredapd INFO: Loading plugin (priority: 90): reject_sender_login_mismatch
May 22 07:42:30 mail.domain.tld python2[7892]: iredapd INFO: Loading plugin (priority: 80): greylisting
May 22 07:42:30 mail.domain.tld python2[7892]: iredapd INFO: Loading plugin (priority: 60): throttle
May 22 07:42:30 mail.domain.tld python2[7892]: iredapd INFO: Loading plugin (priority: 50): sql_alias_access_policy
May 22 07:42:30 mail.domain.tld python2[7892]: iredapd INFO: Loading plugin (priority: 40): amavisd_wblist
May 22 07:42:30 mail.domain.tld python2[7892]: iredapd INFO: Starting SRS sender rewriting channel, listening on 127.0.0.1:7778.
May 22 07:42:30 mail.domain.tld python2[7892]: iredapd INFO: Starting SRS recipient rewriting channel, listening on 127.0.0.1:7779.
May 22 07:42:30 mail.domain.tld systemd[1]: PID file /run/iredapd.pid not readable (yet?) after start.
May 22 07:42:30 mail.domain.tld systemd[1]: Started iRedAPD (A simple posfix policy server).

Here is are all events at the time of checking this specific address:

May 22 07:34:07 mail.domain.tld python2[19193]: iredapd INFO: [192.168.0.1] RCPT, ping@foreigndomain.tld -> pong@domain.tld, DUNNO [sasl_username=, sender=ping@foreigndomain.tld, client_name=smtp.domain.tld, reverse_client_name=smtp.domain.tld, helo=smtp.domain.tld, encryption_protocol=TLSv1.2, process_time=0.0129s]
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] request=smtpd_access_policy
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] protocol_state=END-OF-MESSAGE
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] protocol_name=ESMTP
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] client_address=192.168.0.1
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] client_name=smtp.domain.tld
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] reverse_client_name=smtp.domain.tld
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] helo_name=smtp.domain.tld
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] sender=ping@foreigndomain.tld
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] recipient=pong@domain.tld
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] recipient_count=1
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] queue_id=B7FE921294E1
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] instance=32f.5ce55ddf.a4570.0
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] size=2023
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] etrn_domain=
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] stress=
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] sasl_method=
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] sasl_username=
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] sasl_sender=
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] ccert_subject=
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] ccert_issuer=
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] ccert_fingerprint=
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] ccert_pubkey_fingerprint=
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] encryption_protocol=TLSv1.2
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] encryption_cipher=ECDHE-RSA-AES256-GCM-SHA384
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [policy] encryption_keysize=256
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
--
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd INFO: [192.168.0.1] sender throttle, ping@foreigndomain.tld -> max_quota (233944/0, period: 86400 seconds, time left: 14 hours, 29 minutes, 51 seconds)
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [SQL] Update tracking record(s):
    UPDATE throttle_tracking
    SET period = 86400,last_time = 1558535647,init_time = 1558501139,cur_msgs = cur_msgs + 1,cur_quota = cur_quota + 2023
    WHERE id=10044;
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [OK] Passed all sender throttle settings.
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: Check recipient throttling.
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [SQL] query target domain of given alias domain (domain.tld):
    SELECT alias_domain.target_domain
    FROM alias_domain, domain
    WHERE domain.active=1
    AND domain.domain=alias_domain.target_domain
    AND alias_domain.alias_domain='domain.tld'
    LIMIT 1
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [SQL] query result: None
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [SQL] Query throttle setting:
    SELECT id, account, priority, period, max_msgs, max_quota, msg_size
    FROM throttle
    WHERE kind='inbound' AND account IN ('192.168.0.1', '@ip', 'pong@domain.tld', '@domain.tld', '@.', '@.domain.tld', '@.tld', '192.168.0.*', '192.168.*.1')
    ORDER BY priority DESC
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: [SQL] Query result: []
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: No recipient throttle setting.
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: <-- Result: DUNNO
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: Skip plugin: sql_alias_access_policy (protocol_state != END-OF-MESSAGE)
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd DEBUG: Session ended.
May 22 07:34:07 mail.domain.tld python2[19193]: iredapd INFO: [192.168.0.1] END-OF-MESSAGE, ping@foreigndomain.tld -> pong@domain.tld, DUNNO [recipient_count=1, size=2023, process_time=0.0243s]

Here are the events where the sender ping@foreigndomain.tld is exceeding the quote and being throttled:

May 22 09:29:11 mail.domain.tld python2[7896]: iredapd INFO: [192.168.0.1] RCPT, ping@foreigndomain.tld -> pong@domain.tld, DUNNO [sasl_username=, sender=ping@foreigndomain.tld, client_name=smtp.domain.tld, reverse_client_name=smtp.domain.tld, helo=smtp.domain.tld, encryption_protocol=TLSv1.2, process_time=0.0196s]
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] request=smtpd_access_policy
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] protocol_state=END-OF-MESSAGE
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] protocol_name=ESMTP
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] client_address=192.168.0.1
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] client_name=smtp.domain.tld
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] reverse_client_name=smtp.domain.tld
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] helo_name=smtp.domain.tld
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] sender=ping@foreigndomain.tld
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] recipient=pong@domain.tld
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] recipient_count=1
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] queue_id=9B1E020EB512
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] instance=29e1.5ce578d7.8393e.0
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] size=2024
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] etrn_domain=
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] stress=
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] sasl_method=
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] sasl_username=
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] sasl_sender=
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] ccert_subject=
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] ccert_issuer=
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] ccert_fingerprint=
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] ccert_pubkey_fingerprint=
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] encryption_protocol=TLSv1.2
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] encryption_cipher=ECDHE-RSA-AES256-GCM-SHA384
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [policy] encryption_keysize=256
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: --> Apply plugin: throttle
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: Client address (192.168.0.1) is trusted networks (MYNETWORKS).
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: Client is sending from trusted network without SMTP AUTH, consider this sender as an internal sender.
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: Check sender throttling.
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [SQL] query target domain of given alias domain (foreigndomain.tld):
    SELECT alias_domain.target_domain
    FROM alias_domain, domain
    WHERE domain.active=1
    AND domain.domain=alias_domain.target_domain
    AND alias_domain.alias_domain='foreigndomain.tld'
    LIMIT 1
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [SQL] query result: None
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [SQL] Query throttle setting:
    SELECT id, account, priority, period, max_msgs, max_quota, msg_size
    FROM throttle
    WHERE kind='outbound' AND account IN ('192.168.0.1', '@ip', 'ping@foreigndomain.tld', '@foreigndomain.tld', '@.', '@.foreigndomain.tld', '@.tld', '192.168.0.*', '192.168.*.1')
    ORDER BY priority DESC
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [SQL] Query result:
    [(1L, u'@.', 0, 86400L, 200L, 0L, 0L)]
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: sender throttle setting: msg_size=0 (bytes)/id=1/account=@.; max_msgs=200/id=1/account=@.; max_quota=0 (bytes)/id=1/account=@.;
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [SQL] Query throttle tracking data:
    SELECT id, tid, account, cur_msgs, cur_quota, init_time, last_time, last_notify_time
    FROM throttle_tracking
    WHERE (tid=1 AND account='192.168.0.1') OR (tid=1 AND account='ping@foreigndomain.tld')
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [SQL] Query result:
    [(10044L, 1L, u'ping@foreigndomain.tld', 199, 280496L, 1558501139L, 1558542241L, 0L)]
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: Tracking IDs: {(1L, u'ping@foreigndomain.tld'): 10044L}
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd INFO: [192.168.0.1] sender throttle, ping@foreigndomain.tld -> msg_size (2024/0, period: 86400 seconds, time left: 12 hours, 34 minutes, 58 seconds)
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd INFO: [192.168.0.1] sender throttle, ping@foreigndomain.tld -> max_quota (280496/0, period: 86400 seconds, time left: 12 hours, 34 minutes, 58 seconds)
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [SQL] Update tracking record(s):
    UPDATE throttle_tracking
    SET period = 86400,last_time = 1558542551,init_time = 1558501139,cur_msgs = cur_msgs + 1,cur_quota = cur_quota + 2024
    WHERE id=10044;
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [OK] Passed all sender throttle settings.
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: Check recipient throttling.
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [SQL] query target domain of given alias domain (domain.tld):
    SELECT alias_domain.target_domain
    FROM alias_domain, domain
    WHERE domain.active=1
    AND domain.domain=alias_domain.target_domain
    AND alias_domain.alias_domain='domain.tld'
    LIMIT 1
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [SQL] query result: None
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [SQL] Query throttle setting:
    SELECT id, account, priority, period, max_msgs, max_quota, msg_size
    FROM throttle
    WHERE kind='inbound' AND account IN ('192.168.0.1', '@ip', 'pong@domain.tld', '@domain.tld', '@.', '@.domain.tld', '@.com', '192.168.0.*', '192.168.*.1')
    ORDER BY priority DESC
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: [SQL] Query result:
    []
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: No recipient throttle setting.
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: <-- Result: DUNNO
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: Skip plugin: sql_alias_access_policy (protocol_state != END-OF-MESSAGE)
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd DEBUG: Session ended.
May 22 09:29:11 mail.domain.tld python2[7896]: iredapd INFO: [192.168.0.1] END-OF-MESSAGE, ping@foreigndomain.tld -> pong@domain.tld, DUNNO [recipient_count=1, size=2024, process_time=0.0127s]

8

Re: Inbound mail throttled as outbound

The log lines:

... iredapd DEBUG: --> Apply plugin: throttle
... iredapd DEBUG: Client address (192.168.0.1) is trusted networks (MYNETWORKS).
... iredapd DEBUG: Client is sending from trusted network without SMTP AUTH, consider this sender as an internal sender.

I mentioned the solution in my early reply:

ZhangHuangbin wrote:

2) Or bypass the throttling for trusted clients? This can be done by adding setting "THROTTLE_BYPASS_MYNETWORKS = True" (without quotes) in /opt/iredapd/settings.py (and restart iredapd service).

In your reply, you mentioned:

bradford wrote:

I have removed the gateway from MYNETWORKS (from /opt/iredapd/settings.py) and restarted the iredapd service, the quota still applies.

The log shows it's still present in MYNETWORKS (log "Client address (192.168.0.1) is trusted networks (MYNETWORKS).").

The logic of considering trusted client as a internal sender is: if iRedMail is used as a relay server, throttling should be applied. In your case, this logic is not right because it's trusted by not use iRedMail as relay, and throttling should still be applied.

Please apply this patch to fix your issue:
https://bitbucket.org/zhb/iredapd/commi … 15268b2fc2

9

Re: Inbound mail throttled as outbound

This makes sense. I have swapped in the patch, restarted iredapd, and watched to see if the count would still increase for ping@foreigndomain.tld, it has not. So, this does seem to solve the issue but I will continue testing to make sure everything works as expected and let you know if I need to make further adjustments.

Thank you for your help, Zhang!