These are all good things to do to QMT, and I hope to have separate
tcprules for smtp and submission ports in the stock QMT at some point.
Tony, from what you've indicated though, I expect it's the intrusion
threshold rule that's biting you. I'm not certain what triggers this
rule, and I could be wrong about this. Hopefully Tonino will clarify
things in this regard.
Please let us know if changing the CHKUSER_RCPTLIMIT variable gets you
going or not.
--
-Eric 'shubes'
On 12/24/2012 04:53 AM, Rajesh M wrote:
tony
we faced similar problems and this is what we have done
in the /var/qmail/supervise
there are folders smtp and submission
smtp is for people connecting on port 25 -- primarily external users
if you open smtp/run then you will see a line
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
this tcp.smtp.cdb is generated from the file tcp.smtp
when you run the command
tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp
tcp.smtp contains the chkuser rules
since you already have spamdyke you don't need to set the maximum number
of recepients in chkuser
CHKUSER_RCPTLIMIT="150"
coming to your specific problem is submission
transmission via submission port 587 is authenticated ie your clients use it
the submission/run file also uses the
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" -- which is by default
this means that you will be compelled to use the same setting for smtp
however what we have done is make a duplicate of tcp.smtp ie tcp.smtp.587
this allows me to have separate chkuser rules exclusively submission port.
next i created cdb file out of it using command
tcprules tcp.smtp.587.cdb tcp.smtp.587.tmp < tcp.smtp.587
next i changed the submission/run file to use
TCP_CDB="/etc/tcprules.d/tcp.smtp.587.cdb"
and i got a separate rule applied for submission port exclusively
my smtp port has spamdyke and chkuser protecting it while my authenticated
senders via submission port can enjoy unrestricted services
if you want one single static ip to have a separate rule then
you can add this line just above the allow: line in
/etc/tcprules.d/tcp.smtp.587
xxx.xxx.xxx.:allow,CHKUSER_RCPTLIMIT="300"
here xxx.xxx.xxx is the static ip of your customer
NOTE : we have also compiled chkuser so that we can start or stop chkuser
using the CHKUSER_START="ALWAYS" OR CHKUSER_START="NONE"
rajesh
Hi Eric,
Yes, it is on a static IP and that IP is in the whitelist for spamdyke.
Also they are using the submission port for sending. The client has
to use M$ Outlook unless you can suggest a an alternative?
One point is that Outlook seems to attach everything as winmail.dat!
Yet sometimes it attaches as a PDF.
best wishes
Tony White
Yea Computing Services
http://www.ycs.com.au
4 The Crescent
Yea
Victoria
Australia 3717
Telephone No's
VIC : 03 9008 5614
FAX : 03 9008 5610 (FAX2Email)
IMPORTANT NOTICE
This communication including any file attachments is intended solely for
the use of the individual or entity to whom it is addressed. If you are
not the intended recipient, or the person responsible for delivering
this communication to the intended recipient, please immediately notify
the sender by email and delete the original transmission and its
contents. Any unauthorised use, dissemination, forwarding, printing or
copying of this communication including file attachments is prohibited.
It is your responsibility to scan this communication including any file
attachments for viruses and other defects. To the extent permitted by
law, Yea Computing Services and its associates will not be liable for
any loss or damage arising in any way from this communication including
any file attachments.
You may not disclose this information to a third party without written
permission from the Author.
On 23/12/2012 03:40, Eric Shubert wrote:
I guess it's coming from chkuser after all. 571 is the
chkuser_intrusionthreshold_string.
I don't see any variable setting for this threshold at
http://opensource.interazioni.it/qmail/chkuser/documentation/chkuser_settings.html
This would only be helpful though if the user was coming from a specific
static IP address. Is this the case?
Hey Tonino (chkuser author), any suggestions or insight?
Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
