1 Topic by jung

  • jung
  • Member
  • Offline
  • Registered: 2020-01-08
  • Posts: 97

Topic: Throttle is not working

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.4
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version: ubuntu 22.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Web server (Apache or Nginx):nginx
- Manage mail accounts with iRedAdmin-Pro? free
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Dear iRedmail community,

I configured throttle to limit 1 user from sending 3 messages within 1 minute, what i did was :
-enabled throttle in iredapd (iredapd version 5.3)
-insert into throttle (account, kind, period, priority, max_msgs, msg_size) values ('emailaddress@domain.com', outbound, 60, 255, 3, 0);
-check_policy_service inet:127.0.0.1:7777  was added just after smtpd_sender_restrictions and smtpd_recipient_restrictions
-restarted mysql, iredapd, nginx and postfix

throttle did not stop me from sending 5 messages or more within 1 minute.

your advice is highly appreciated. Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,704

Re: Throttle is not working

You should enable iredapd in smtpd_end_of_data_restrictions and smtpd_recipient_restrictions. For example:

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_recipient_restrictions = reject_unknown_recipient_domain reject_non_fqdn_recipient reject_unlisted_recipient check_recipient_access pcre:/etc/postfix/recipient_access.pcre check_recipient_access pcre:/opt/iredmail/custom/postfix/recipient_access.pcre check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_policy_service inet:127.0.0.1:12340

3 Reply by jung (edited by jung 2026-06-16 21:26:44)

  • jung
  • Member
  • Offline
  • Registered: 2020-01-08
  • Posts: 97

Re: Throttle is not working

ZhangHuangbin wrote:

You should enable iredapd in smtpd_end_of_data_restrictions and smtpd_recipient_restrictions. For example:

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_recipient_restrictions = reject_unknown_recipient_domain reject_non_fqdn_recipient reject_unlisted_recipient check_recipient_access pcre:/etc/postfix/recipient_access.pcre check_recipient_access pcre:/opt/iredmail/custom/postfix/recipient_access.pcre check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_policy_service inet:127.0.0.1:12340

Dear Zhang,

- smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777 -  is already in main.cf by default.

i added the below entry under (smtpd_recipient_restrictions)
-reject_unlisted_recipient check_recipient_access         
      pcre:/etc/postfix/recipient_access.pcre
-check_recipient_access pcre:/opt/iredmail/custom/postfix/recipient_access.pcre
-reject_unauth_destination check_policy_service inet:127.0.0.1:12340

after restarting the iredapd, nginx, mysql and postfix then login and start sending 4 messages in 1 minute and throttle let me sent 4 message within a minute

please see below /etc/postfix/main.cf
smtpd_sender_restrictions =
    #ADDED JUNE 16, 2026
    check_policy_service inet:127.0.0.1:7777
    #TILL HERE
    permit_mynetworks
    permit_sasl_authenticated
    #ADDED JUNE 15, 2026 FOR THROTTLE
    reject_unauth_destination
    #check_policy_service inet:127.0.0.1:7777
    #TILL HERE
    check_sender_access pcre:/etc/postfix/sender_access.pcre
    # To check outgoing messages
    #Added August 28, 2023
    # add entry in /etc/postfix/internal_clients_filter - check
    #check_client_access cidr:/etc/postfix/internal_clients_filter
    ##
    reject_non_fqdn_sender
    reject_unlisted_sender
    #Added August 28, 2023
    reject_unknown_sender_domain
    reject_sender_login_mismatch
    reject_unknown_reverse_client_hostname
    reject_unknown_client_hostname

# Recipient restrictions
smtpd_recipient_restrictions =
    #ADDED JUNE 16, 2026
    check_policy_service inet:127.0.0.1:7777
    #TILL HERE
    #orig entry (when disabled and enable the permit_mynetworks and permit_sasl_authenticated below - i am not able to send email)
    permit_mynetworks
    permit_sasl_authenticated
    #TILL HERE
    reject_non_fqdn_recipient
    #ADDED JUNE 16, 2026
    reject_unknown_recipient_domain
    check_recipient_access pcre:/etc/postfix/recipient_access.pcre
    check_recipient_access pcre:/opt/iredmail/custom/postfix/recipient_access.pcre
    #TILL HERE
    reject_unlisted_recipient
    reject_unauth_destination
    #Added August 28, 2023
    reject_invalid_hostname
    #reject_unknown_recipient_domain
    reject_unauth_pipelining
    #Added Augst 29, 2023
    reject_non_fqdn_recipient
    reject_non_fqdn_sender
    #reject_unKown_sender_domain
    #ADDED JUNE 16, 2026
    #permit_mynetworks
    #permit_sasl_authenticated
    #TILL HERE
    check_policy_service inet:127.0.0.1:12340
    #Added December 1, 2024
    reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]
    reject_rbl_client b.barracudacentral.org=127.0.0.2

# END-OF-MESSAGE restrictions
smtpd_end_of_data_restrictions =
    check_policy_service inet:127.0.0.1:7777

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,704

Re: Throttle is not working

1: Your setting is a mess.
2: Do not add it in smtpd_sender_restrictions.
3: I suggest restore smtpd_recipient_restrictions to the one in my first reply. If your server was not deployed with iRedMail Easy or iRedMail Enterprise Edition, please remove the rules with "/opt/iredmail/custom/..." path.

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,704

Re: Throttle is not working

WARNING: The order of restriction rules matter a lot, you cannot simply add rule 1 / 2 / 3 randomly. Postfix applies the rule one by one, you should understand what the rule is used for and when you should apply it.

6 Reply by jung

  • jung
  • Member
  • Offline
  • Registered: 2020-01-08
  • Posts: 97

Re: Throttle is not working

Dear Zhang,

smtpd_sender_restrictions =
    #ADDED JUNE 16, 2026
    check_policy_service inet:127.0.0.1:7777 - ***this i deleted already***
    #TILL HERE
    permit_mynetworks
    permit_sasl_authenticated
    #ADDED JUNE 15, 2026 FOR THROTTLE
    reject_unauth_destination
    #check_policy_service inet:127.0.0.1:7777
    #TILL HERE
    check_sender_access pcre:/etc/postfix/sender_access.pcre
    # To check outgoing messages
    #Added August 28, 2023
    # add entry in /etc/postfix/internal_clients_filter - check
    #check_client_access cidr:/etc/postfix/internal_clients_filter
    ##
    reject_non_fqdn_sender
    reject_unlisted_sender
    #Added August 28, 2023
    reject_unknown_sender_domain
    reject_sender_login_mismatch
    reject_unknown_reverse_client_hostname
    reject_unknown_client_hostname

# Recipient restrictions
smtpd_recipient_restrictions =
    #ADDED JUNE 16, 2026
    check_policy_service inet:127.0.0.1:7777
    #TILL HERE
    #orig entry (when disabled and enable the permit_mynetworks and permit_sasl_authenticated below - i am not able to send email)
    permit_mynetworks
    permit_sasl_authenticated
    #TILL HERE
    reject_non_fqdn_recipient
    #ADDED JUNE 16, 2026
    reject_unknown_recipient_domain
    check_recipient_access pcre:/etc/postfix/recipient_access.pcre
    check_recipient_access pcre:/opt/iredmail/custom/postfix/recipient_access.pcre
    #TILL HERE
    reject_unlisted_recipient
    reject_unauth_destination
    #Added August 28, 2023
    reject_invalid_hostname
    #reject_unknown_recipient_domain
    reject_unauth_pipelining
    #Added Augst 29, 2023
    reject_non_fqdn_recipient
    reject_non_fqdn_sender
    #reject_unKown_sender_domain
    #ADDED JUNE 16, 2026
    #permit_mynetworks                ***   if it is enabled, i cannot sent message***
    #permit_sasl_authenticated      ***if it is enabled, i cannot send message***
    #TILL HERE
    check_policy_service inet:127.0.0.1:12340
    #Added December 1, 2024
    reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]
    reject_rbl_client b.barracudacentral.org=127.0.0.2

# END-OF-MESSAGE restrictions
smtpd_end_of_data_restrictions =
    check_policy_service inet:127.0.0.1:7777


note: if the permit_mynetworks and permit_sasl_authentication is enabled in the middle part of the configuration located in the "ADDED JUNE 16, 2026". I am not able to send email

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,704

Re: Throttle is not working

Cannot help more if you insist in your own config.