Hello everybody,
The Policyd mailing lists are moving off lists.sourceforge.net and
lists.linuxrulz.net to lists.policyd.org .
The new mailing lists are as follows...
=> [EMAIL PROTECTED]
New list to address announcements of releases & critical patches to
stable releases
=> [EMAIL PROTECTED]
M
> As far as I know postfix's policy protocol does not include body or header
> of processed mails.
> I wonder how the amavis module of policyd v2 can scan mails without these
> data.
The module in the policyd v2 cbp/modules directory enables email
tracking, it does nothing else. Email tracking i
> > This would unfortunately nuke any response another module has set.
>
> Of course. But the decision of the quota module only comes to effect
> when the previous modules gave no decision - in all cases except
> PROT_PASS processing consecutive modules is skipped (protocol response
> returns CBP
> So, I've spent some time on debugging and I think I found the bug. Maybe
> your patch addresses the same issue (the response from the quota module
> is not cleared when the quota is not reached), but unfortunately it did
> not work. The attached diff solved my problem -- if verdict is not set,
>
> > I'll need to get my test box back up (raid array fried last week) and
> > see if I can find anything.
> >
> > Looking at the code I cannot see how the wrong verdict is reaching
> > postfix unless its matched something explicitly.
>
> but it definitely sends the wrong reply:
>
> > [2008/07/1
> > with that patch there is just no way the verdict can be reaching
> > postfix ...
>
> hmm, is there some caching active?
caching is not used in v2 yet.
> > only other thing I can think of is stripping down your installation to a
> > bare minimum, remove all policies, everything, load only th
> > My previous patch was b0rked ... this one introduces the fix for all
> > protocols, not just Postfix and will hopefully work.
>
> I'm sorry, the same behavior as before:
>
> > [2008/07/15-22:04:23 - 22370] [CORE] INFO: module=Quotas, mode=update,
> > host=192.168.98.31, helo=automatix.seier
Yo,
> > If you restart cbpolicyd and send one test message, does it trigger the
> > same result?
>
> Well, now I put all other mails in the queue on hold and sent two
> testmails, one before restarting cbpolicyd and one after restarting the
> daemon.
>
> The first mail got deferred:
>
> > [2008
Hi,
> Had policyd suddenly stop accepting connections so all my mail was
> bouncing with "451 4.3.5 Server configuration problem;". There's just
> one line in /var/log/messages at the time it started:
> Jul 12 11:51:10 aardvark kernel: [1646433.801717]
> postfix-policyd[16294]: segfault at 0 rip 7
> > So I'd like to know why the mail is not accepted although the quota is
> not reached
>
> cd /cluebringer
> grep -r 'more transa' *
>
> no hits
>
> so its not policyd
Users can configure their own return data in v2 :)
I have a idea this could possibly be caused by pipelining policy
re
> > Enable full debugging in the config file for policies and modules, you
> > will then see the policies matched which should lead you in the right
> > direction. action=none means nothing is returned to postfix and
> > reason=no_quota means there was no quota found.
>
> OK, first I've defined
> I've one more question concerning quotas. I've defined quota on per
> domain delivery (50 mails per 900s). When sending plenty of mails to
> certain domains, throttling works well. However, mails to domains with a
> low number of domains also gets deferred.
>
> Here are the two interesting line
Hi,
> Thanks for your quick response,
:)
> Nigel Kukard wrote:
> >> I'd like to limit the number of mails delivered per hour for certain
> >> domains. As far as I understand, the quota module might manage this.
> >> However, I wondered why I can
> I'd like to limit the number of mails delivered per hour for certain
> domains. As far as I understand, the quota module might manage this.
> However, I wondered why I can only choose between Reject, Hold, Drop,
> Filter, etc. but there is no 'Defer' option. What is the reason
> therefore or do
Anyone with problems with 2.0.1 is advised to try the above snapshot.
Please post any problems you may have so I can address them before I
release 2.0.2.
Below a list of updates...
* Better support for newer versions of Cache-FastMmap.
* Handling of the Postfix policy delegation protocol has been
> I am not sure about the amavis mail span in policyd,
> but in normally, we setting those configuration in user's home
> directory ( use System user, not use
> virtual account), so, I guest, policyd can't do more things in that
> part.
Actually it can.
George, if the menu items weren't workin
Attached patch that should resolve the issue when policyd is called in a
state other than RCPT.
Index: cbpolicyd
===
--- cbpolicyd (revision 251)
+++ cbpolicyd (working copy)
@@ -395,8 +395,7 @@
# Data mangling...
$request->{'sen
>
> > I've turned on all cluebringer debugging and this is what I see:
> >
> > [2008/06/26-14:32:38 - 5761] [CORE] INFO: 2008/06/26-14:32:38 CONNECT
> > TCP Peer: "127.0.0.1:47941" Local: "127.0.0.1:10031"
> > [2008/06/26-14:32:38 - 5761] [PROTOCOLS/Postfix] DEBUG: Possible
> > Postfix protoc
On Thu, 2008-06-26 at 14:33 +0200, Helge Waastad wrote:
> I've turned on all cluebringer debugging and this is what I see:
>
> [2008/06/26-14:32:38 - 5761] [CORE] INFO: 2008/06/26-14:32:38 CONNECT
> TCP Peer: "127.0.0.1:47941" Local: "127.0.0.1:10031"
> [2008/06/26-14:32:38 - 5761] [PROTOCOLS/Pos
* Set table charset to latin1 for MySQL or we exceed the MySQL index
length limitation
MySQL has an index limitation of 1000 bytes. Using some character sets,
especially UTF-8 requires 3x the number of bytes for storage and exceeds
this limit in some tables.
-N
Index: convert-tsql
===
> and thx for your answer.
>
> I've upgraded to stable today, but the problem has been there also
> through the last release (snapshot)
>
> I'm now testing with a evolution client
>
> Just trying to send an email to two contacts (outbound)
> (BTW, it also happens on inbound email)
>
> Please
> >> > Could you give me some instruction how to reproduce?
> >> >
> >> > /[EMAIL PROTECTED]/ <= that is the regex being used to check for a valid
> > email
> >> > address.
> >> >
> >> > Are you running latest stable? It should give you one or two more
> > lines
> >> > of info.
> >>
> >> Will
* Fixed rogue ,'s in SQL
* Added CREATE INDEX instead of INDEX() for better cross-database
support
* Added indexing back to sqlite
Index: convert-tsql
===
--- convert-tsql (revision 251)
+++ convert-tsql (revision 252)
@@ -59,7 +59,6 @
> >> I've been running the policyd v2 for a while now. Everything works as
> >> a charm, but I have one problem.
> >> If I enable the smtpd_end_of_data_restrictions and using policyd, I
> >> always get bounced when I try mailing several contacts:
> >>
> >> postfix:
> >> reject: END-OF-MESSAGE fr
Good day,
> I've been running the policyd v2 for a while now. Everything works as
> a charm, but I have one problem.
> If I enable the smtpd_end_of_data_restrictions and using policyd, I
> always get bounced when I try mailing several contacts:
>
> postfix:
> reject: END-OF-MESSAGE from unknown[
This patch fixes a problem in some browsers which do not allow a form
element to have 'action' as a name.
Fix is committed to trunk.
-N
webgui-action-fix.patch.bz2
Description: application/bzip
signature.asc
Description: This is a digitally signed message part
Hi there Voytek,
> > I've released v2.0.1 stable. Please check the v2 site for more details
> > www.policyd.org/v2/ .
> >
> > This version is based on Perl and has been running in production on a
> > few contributors systems for some time under a great deal of load.
>
>
> many thanks
>
> is the
> I had deployed policyd v2 in a rhel4 testing env for test,
> when i trying to startup the daemon, got such error message:
> ./cbpolicyd --fg
> Pid_file "/var/run/cbpolicyd.pid" already exists. Overwriting!
> [2008/06/26-11:26:24 - 3727] [CBPOLICYD] NOTICE: Initializing system
> modules.
> perl:
Hi Guys,
I've released v2.0.1 stable. Please check the v2 site for more details
www.policyd.org/v2/ .
This version is based on Perl and has been running in production on a
few contributors systems for some time under a great deal of load.
Kind Regards
Nigel
signature.asc
Description: This is
> >> Anyway, I'm a bit farther, but whatever I choose in the web interface, I
> >> get an empty page and an error in Apache's log:
> >>
> >>
> >> PHP Fatal error: Class 'PDO' not found in
> >> /srv/www/webui/includes/db.php on line 14, referer: http://server/webui/
> >
> > PHP 5 is required, w
> > MySQL said:
> > #1071 - Specified key was too long; max key length is 765 bytes
> >
> >
> > Any clues what needs to be corrected? I have MySQL 5.
>
> Aah, a common problem with UTF. Which can be workaround by not using UTF
> for a database collation. But I wish it could be fixed.
Can you
Fixed in commit 244.
-N
On Thu, 2008-05-08 at 13:27 -0500, Tod A. Sandman wrote:
> Following the "INSTALL" instructions in the latest CVS, the postgresql
> schema file created with "convert-tsql pgsql ..." results in many error
> messages when loaded into the database:
>
> ERROR: column "%int
> Following the "INSTALL" instructions in the latest CVS, the postgresql
> schema file created with "convert-tsql pgsql ..." results in many error
> messages when loaded into the database:
>
> ERROR: column "%internal_ips,%internal_domains" does not exist
> LINE 3: (2,"%internal_ips,%intern
> A long while a go, Cami wrote a patch for me for policyd 1.8x that
> would allow me to check if a specific sender/recipient combination was
> allowed or not (I'm not even sure if it made it into the main
> distribution of policyd).
>
> In other words, the ability to say:
> sender/sender dom
> It's getting weird now :-)
>
> Sorry to abuse you this way, but i get errors on messages like this:
> ===START
> This is the mail system at host smtp.vacsin.com.
>
>
> # THIS IS A WARNING ONLY. YOU DO NOT NEED TO RESEND YOUR
> >
> Found the issue. And there is another one popping up. I forgot to
> enable the following in postfix:
>
> #smtpd_end_of_data_restrictions=
> # check_policy_service inet:127.0.0.1:10031
>
> But, after enable this, some messages will not go out, giving me a
> 'try later' message.
>
>
> I do have a question:
>
> When does a message hit the different policies that are inside? When i
> use the 'internal' policy and i put some counters there, nothing is in
> the database, whilst there are messages handled for 'internal' mails?
>
> Maybe i do forget something?
>
> I have interna
> Nigel, Other members of the list,
>
> Installed latest cvn version this afternoon and it's looking good,
> exept for one small thing:
>
> I get from amavis this error:
>
> Apr 20 19:25:10 gandalf amavis[6556]: (06556-06) (!!)[TRACKING] ERROR:
> No session data
> Apr 20 19:25:10 gandalf amavis
On Sat, 2008-04-19 at 01:29 +0200, Jacco van Koll wrote:
> Maple,
>
> You are facing another problem with the amavisd-policyd.pm than i
> have. I am still looking for a solution, so i cannot help you further
> on this. Also, on my system the module starts complaining about that
> it cannot find t
> > This should be included in your Perl installation :-) So, download it
> > from your fedora repository and install. Else, use CPAN.
> >
> > On 17-04-08 22:00, Maple Thorpe wrote:
> > > I using Fedora Core 8 and downloaded cluebringer-snapshot-200803151435].
> > > Where is IniFiles.pm?
> > >
> On my Fedora 8 system, while working on the installation of cluebringer,
> I revered back to policyd-1.82. postfix main.cf remains configured with
> check policy statements described in the cluebringer INSTALL
> instructions, i.e smtpd_recipient_restrictions and
> smtpd_end_of_data_restrictions.
> is it possible that you can use a policyd v1 database with policyd v2?
Not at present. I'm sure the triplets could be imported though, as can
most other data. I was working on some scripts to do this.
-N
signature.asc
Description: This is a digitally signed message part
> After 2 days of hacking, trying, and debugging, the webui will not
> work.
>
> I can get the postfix stuff working, but the other database, not
> it keeps coming with Error conneting to DB: invalid data source name
>
> Content of config.php:
>
>
> # mysql:host=xx;dbname=yyy
> #
> # pgs
> I have downloaded cluebringer-snapshot-200803151435 and followed
> instructions in INSTALL.
Yea, seems its not as complete as I would like either, I'll try and
improve it.
> There are files left like cbpadmin and cbpolicyd, where should
> they be
> placed?
cbp
> > v2 overcomes this and tracks the recipients for each smtpd instance. To
> > track quotas precisely v2 can be used in smtpd_recipient_restrictions
> > and smtpd_end_of_data_restrictions. v2 knows about the various
> > restrictions.
> False. You will not be able to use Reci
> >>> v2 overcomes this and tracks the recipients for each smtpd instance. To
> >>> track quotas precisely v2 can be used in smtpd_recipient_restrictions
> >>> and smtpd_end_of_data_restrictions. v2 knows about the various
> >>> restrictions.
> >> False. You will not be able to use Recipient throt
> > v2 overcomes this and tracks the recipients for each smtpd instance. To
> > track quotas precisely v2 can be used in smtpd_recipient_restrictions
> > and smtpd_end_of_data_restrictions. v2 knows about the various
> > restrictions.
>
> False. You will not be able to use Recipient throttling at
> > Recipient Throttling can not work at smtpd_end_of_data_restrictions.
> > What happens when 1 message has multiple recipients?
> >
> > Cami
> >
> Yes, the problem arises as soon as there is a message with more than one
> recipient. As far as I know, Postfix does not pass multiple recipient
> >> Sorry for being unclear. I have of course used the convert-tsql
> >> according to the INSTALL document. The "TINYTEXT" and "DATETIME" seam
> >> to be omitted.
> >
> > I don't think there are any columns which have DATETIME types, they are
> > all integers storing unix timestamps.
>
> The DA
> Sorry for being unclear. I have of course used the convert-tsql
> according to the INSTALL document. The "TINYTEXT" and "DATETIME" seam
> to be omitted.
I don't think there are any columns which have DATETIME types, they are
all integers storing unix timestamps.
Send me the output which is
Good day,
> we are trying out policyd v2 with PostgreSQL and have some question/remarks.
>
> 1.) The script for creating the tables uses some mysql only datatypes
> like "TINYTEXT" and "DATETIME" which are not supported by PostgreSQL.
> Would it be better to use the "portabel" types "VARCHAR(
> > I would be willing to try, though it would require some manpower and
> > thus has to be planned in advance because more than one team is affected
> > (we do not administer the SQL server, only Postfix and relevant
> > processes).
>
> As Nigel has pointed out, changing it for a test is probabl
> > Could there be some problem, with regards to DB or table locking and
> > policyd accessing the tables at same time?
>
> Well, when LOCK's occur, queries from Policyd -> MySQL will (forcefully)
> timeout to prevent any delay. The reason we are using MyISAM instead of
> InnoDB is because duri
>
> btw i'm just a "user" and i'm afraid i will not contribute anything to
> the community
Testing is contributing, and as you've already found a bug ... you've
already contributed ;)
Latest commit fixes the daemonization btw.
> > 1. I'll commit a patch to make this the default, appears I ov
Hi there Zen,
> i recently install policyd v2 which is perl base,
> and i have few questions regarding this new version.
> 1.how i can daemonized the process ?
> 2.in maillog i saw these msg : Mar 12 13:46:30 core amavis[18703]:
> (18703-01) (!)policyd/process_policy: No session data found
> wha
By the way, today marks the 3rd anniversary of Policyd ;)
signature.asc
Description: This is a digitally signed message part
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008
Changes:
* Added greylisting support and added auto-whitelisting,
auto-blacklisting based on count or count and percentage of auth vs.
nonauth triplets.
* Fixed bugs with amavisd-new plugin.
* Added SASL support to policies.
Features:
Package currently has a working policy engine and supports the
> I wrote a simple C program to test it. You will need to compile and run
> it on your policyd database server. For me, it outputs:
>
> Long query returned 7662499
> Long query returned -1
> Short query returned 7662499
> Short query returned 1
>
> but it should output:
>
> Long query return
> You should be able to spot it your logs. Look for "=failed" in your
> policyd logs. Look at the next one or two policyd logs and see if they
> make sense. The easiest thing to spot is when you get "greylist=failed"
> followed by "whitelist=update" and the whitelisted host isn't in your
> whit
> First to go on, I would like to clarify some points:
>
> - Does any web interface for policyd exist?
Policyd v2 has a web gui, v1 doesn't have an official gui but there are
a few out there :)
> - I have different SMTP gateways, on each of which I have to install
> policyd. Is it possible to
Hi Guys,
Just for interest sake, feel free to join us in the official Policyd IRC
channel on Freenode.
Server: irc.freenode.net
Channel: #policyd
Regards
Nigel
signature.asc
Description: This is a digitally signed message part
--
Hi everyone,
I'm sure quite a number of you have been anticipating details on Policyd
v2, well here it is ...
I've just released a snapshot version, updated the Policyd site and
uploaded the Policyd v2 site (http://www.policyd.org/v2/). Including
updated Sourceforge and Freshmeat.
Policyd v2 (co
Hrmmm ...
> SElinux policy files are included below, and procedure for
> building/loading is documented at http://tanso.net/selinux/policyd/
>
Maybe a better idea is creating a file with a link to the above site ...
your selinux howto is very helpfull!
Would this be ok?
Regards
Nigel
signa
Hi Jan-Frode,
> SElinux policy files are included below, and procedure for
> building/loading is documented at http://tanso.net/selinux/policyd/
>
I'll include these in the contrib directory shortly.
Regards
Nigel
signature.asc
Description: OpenPGP digital signature
--
Hi,
> I've got problem with legitimate deliveries. Messages with multiply
> rcpt's are not accepted by policyd
> May anybody give some workaround?
>
>
> Aug 31 17:03:33 postfix-policyd-greylist: DEBUG: fd: 113 select(): fd
> 113 is ready for read
> Aug 31 17:03:33 postfix-policyd-greylist: DEBU
About:
Policyd is an anti-spam plugin for Postfix that does greylisting, sender
(envelope, SASL, or host/IP)-based throttling (on messages and/or volume
per defined time unit), spam trap monitoring/blacklisting, HELO
auto-blacklisting, and HELO randomization prevention (HRP).
Release focus:
Minor
About:
Policyd is an anti-spam plugin for Postfix that does greylisting, sender
(envelope, SASL, or host/IP)-based throttling (on messages and/or volume
per defined time unit), spam trap monitoring/blacklisting, HELO
auto-blacklisting, and HELO randomization prevention (HRP).
Release focus:
Major
Hi,
> thanx, but where is the dokumentation?
>
README file in the policyd tarball.
Problem here is with different versions of policyd the documentation may
differ slightly, for instance setting up the upcoming 1.9x branch which
uses ./configure . I don't think its really possible to have one
st
Hi Guys,
Policyd has a new home at: www.policyd.org
I've put in redirects on the old site and updated the SourceForge
project page.
I've also uploaded all the previous versions of Policyd to SourceForge
aswell as the latest development snapshots.
Kind Regards
Nigel
Patch submissions => => policyd-devel mailing list ;o)
signature.asc
Description: OpenPGP digital signature
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and tak
Hi Guys,
Policyd now has a developers mailing list, policyd-devel. The purpose of
this list is to provide an environment for the developers of Policyd,
entities maintaining their own patchsets or anyone with something to
contribute to come and discuss. This list is aimed at the development
side of
71 matches
Mail list logo
