I am getting some odd results when I try to send mail that contains one or more invalid addresses -- I don't want the mail client to reject sending the message altogether, just report back the errors. It seems as if I get greylisted almost immediately, which shouldn't happen (I thought) unless I exceed a certain number of tries within a certain length of time. If policyd is disabled totally, I obviously don't have this problem, so the task is to find out how to make policy more tolerant. Suggestions, please? Here are some of the details -- let me know if you need more. Thanks in advance, --Tobias
From policyd log: Oct 10 00:31:10 mailgateway policyd: rcpt=53, greylist=new, host=WWW.XXX.YY.ZZ (sending.machine.com), [EMAIL PROTECTED], [EMAIL PROTECTED], size=413 From the postfix maillog: Oct 10 00:31:10 mailgateway postfix/smtpd[29235]: 2B3189E0002: reject: RCPT from sending.machine.com[WWW.XXX.YY.ZZ]: 450 4.7.1 <[EMAIL PROTECTED]>: Recipient address rejected: Policy Rejection- Please try later.; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo=<[WWW.XXX.YY.ZZ]> Here is the part of the postfix main.cf file that affects it: smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031 check_client_access hash:/etc/postfix/bypass_amavis permit_mynetworks reject_unauth_destination reject_unknown_recipient_domain reject_non_fqdn_recipient permit_auth_destination permit_mx_backup A brief explanation to the above: We want to throttle any senders, excepting specific IP addresses/subdomains in the whitelist, so everything goes first through policyd to "tag" each and every message. Yes, it's not he most efficient way to do things, but the machines can handle the load just fine. The amavis bypass has to do with allowing certain machines to send email without having the email scanned. From policyd.conf: SENDERTHROTTLE=1 # # throttle SASL users default=on # # throttling based upon envelope sender addresses does # not work very well as it can of course be easily forged. # if your users are forced to authenticate via SASL, enable # this option so that quotas stick like glue regardless of # what they try. # # if this option is enabled, and a remote client connects # WITHOUT sasl, it will then use the clients sending/FROM # address. # 1=on 0=off SENDER_THROTTLE_SASL=0 # # throttle IP addresses default=on # # throttling based upon the ip address of the sender # will ensure that the host does not send more than # their allowed quota. you may only enable # SENDER_THROTTLE_SASL or SENDER_THROTTLE_HOST but # *NOT* both. # 1=on 0=off SENDER_THROTTLE_HOST=1 # # quota exceeded temp rejection: default: 5xx # # select temp reject (4xx) or hard reject (5xx) on quota exceeded # # 1=4xx 0=5xx QUOTA_EXCEEDED_TEMP_REJECT=1 # # throttle rejection: default: "Quota Exceeded" # # what error message the connecting host will recieve # when they have exceeded any of their quotas. # SENDER_QUOTA_REJECTION="Quota Exceeded." # # throttle max message size reject message default: Message size too big # # # SENDER_SIZE_REJECTION="Message size too big." # # maximum mail sent per time period default: 5000 # # how many messages a user is allowed to send out # before the time limit has expired. # ####SENDERMSGLIMIT=512 #SENDERMSGLIMIT=5 SENDERMSGLIMIT=500 # # maximum mail recipients per time period default: 5000 # # how many recipients a user is allowed to send out # before the time limit has expired. # SENDERRCPTLIMIT=3600 ##SENDERRCPTLIMIT=10 # # maximum mail quota/size per time period default: 250 meg # # how much mail will be allowed from a user (in megs) # which will be accepted before the timelimit has expired. # note: the maximum supported size is 2gig # SENDERQUOTALIMIT=250000000 # # sender time limit: default: 24 hours # # after how long does all quota last before counters # are reset back to to zero. # SENDERTIMELIMIT=1h ##SENDERTIMELIMIT=10m # # sender message size: default: 10 meg # # this is the maximum sender mail size # ##SENDERMSGSIZE=10240000 SENDERMSGSIZE=20500000 # # sender "warning" threshold # # this is the threshold (in percentage) that will trigger a # a warning to syslog. valid percentages are 1 -> 99 # SENDERMSGSIZE_WARN=50 # # sender "panic" threshold # # this is the threshold (in percentage) that will trigger a # a warning to syslog. valid percentages are 1 -> 99 # SENDERMSGSIZE_PANIC=90 # # inactive sender database record cleanup default: 31 days # # this allows you to specify how long the throttling # records of inactive senders kept in the database. # this allows to keep the database small. a setting # of 0 keeps all entries. # # # NOTE: Make sure this is _longer_ than the value set for # # SENDER_THROTTLE_AUTOBLACKLIST_EXPIRE if you use it ##SENDER_INACTIVE_EXPIRE=31d SENDER_INACTIVE_EXPIRE=8h From Thunderbird: An error occurred while sending mail. The mail server responded: 4.7.1 <[EMAIL PROTECTED]>: Recipient address rejected: Policy Rejection- Please try later.. Please check the message recipients and try again. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
