Policyd wrong message count

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
tobia1
Posts: 1
Joined: Fri Feb 26, 2016 10:36 am

Policyd wrong message count

Post by tobia1 »

Hello
I have set up Policyd on ZCS 8.6 using the official Wiki page plus an addition of mine (using Zimbra's MySQL with InnoDB tables instead of Sqlite3, for performance reasons.)
The issue I'm having is that sometimes Policyd counts each message 2 times, depending on how the message is received:

If the message is received over SMTP port 25, with or without STARTTLS, each message is counted twice.
This is evidenced by 2 INFO lines in log/cbpolicyd.log and the fact that a limit of 2 messages per SASLUsername only lets 1 message through, before the Counter column jumps to 2.00 and the next messages in the time slot are discarded. Another limit of 2 messages per Sender, limited to the server IP address (to catch messages sent through the Webmail, that lack SASLUsername) also lets 1 message through and then blocks.
If the messages are received over SMTP/SSL port 465, each message is correctly counted once.
The same limit of 2 messages per SASLUsername lets 3 messages through (which I believe is correct) before the Counter rises to 2.99 and successive messages are discarded.

This is quite troublesome, especially because the SASLUsername rule may count messages a different number of times, depending on the trasport prococol used by the user!
I noticed that check_policy_service was being specified both in smtpd_recipient_restrictions and in smtpd_end_of_data_restrictions (probably in order to support mail count quotas and mail size quotas.) So I tried disabling the latter (by issuing postconf smtpd_end_of_data_restrictions= followed by postfix reload) but it didn't seem to change the above behaviour. (Or maybe that's not the correct way to reload Postfix.)
Can anybody suggest a fix or a workaround?
tayyabsaeed
Posts: 15
Joined: Fri Jan 23, 2015 12:07 am
Location: Karachi, Pakistan
Contact:

Re: Policyd wrong message count

Post by tayyabsaeed »

Dear ,

Have you resolved this issue, if yes kindly share the solution.

Thanks in advance.
User avatar
gabrieles
Outstanding Member
Outstanding Member
Posts: 233
Joined: Tue Feb 14, 2017 9:40 am

Re: Policyd wrong message count

Post by gabrieles »

It is due to the zimbra mail flow. Postfix->amavis->postfix.
As a workaround, double always your limits.
If using policyd to mitigate spam outbreach (as the majority of the Accounting and Quotas policies i've seen) think of it in order of magnitude.
Sending out 300 or 600 spam message is the same thing, so doubling you threshold is not so dangerous.
User avatar
fs.schmidt
Outstanding Member
Outstanding Member
Posts: 278
Joined: Sat Sep 13, 2014 3:37 am
Location: Brazil
Contact:

Re: Policyd wrong message count

Post by fs.schmidt »

tobia1 wrote:Hello
I have set up Policyd on ZCS 8.6 using the official Wiki page plus an addition of mine (using Zimbra's MySQL with InnoDB tables instead of Sqlite3, for performance reasons.)
The issue I'm having is that sometimes Policyd counts each message 2 times, depending on how the message is received:

If the message is received over SMTP port 25, with or without STARTTLS, each message is counted twice.
This is evidenced by 2 INFO lines in log/cbpolicyd.log and the fact that a limit of 2 messages per SASLUsername only lets 1 message through, before the Counter column jumps to 2.00 and the next messages in the time slot are discarded. Another limit of 2 messages per Sender, limited to the server IP address (to catch messages sent through the Webmail, that lack SASLUsername) also lets 1 message through and then blocks.
If the messages are received over SMTP/SSL port 465, each message is correctly counted once.
The same limit of 2 messages per SASLUsername lets 3 messages through (which I believe is correct) before the Counter rises to 2.99 and successive messages are discarded.

This is quite troublesome, especially because the SASLUsername rule may count messages a different number of times, depending on the trasport prococol used by the user!
I noticed that check_policy_service was being specified both in smtpd_recipient_restrictions and in smtpd_end_of_data_restrictions (probably in order to support mail count quotas and mail size quotas.) So I tried disabling the latter (by issuing postconf smtpd_end_of_data_restrictions= followed by postfix reload) but it didn't seem to change the above behaviour. (Or maybe that's not the correct way to reload Postfix.)
Can anybody suggest a fix or a workaround?
Hello,

Please see my post about this issue:

viewtopic.php?f=15&t=64790
imanudin11
Outstanding Member
Outstanding Member
Posts: 304
Joined: Sat Sep 13, 2014 2:23 am
ZCS/ZD Version: Release 8.8.15.GA.3829.UBUNTU16.64
Contact:

Re: Policyd wrong message count

Post by imanudin11 »

tobia1 wrote:Hello
I have set up Policyd on ZCS 8.6 using the official Wiki page plus an addition of mine (using Zimbra's MySQL with InnoDB tables instead of Sqlite3, for performance reasons.)
The issue I'm having is that sometimes Policyd counts each message 2 times, depending on how the message is received:

If the message is received over SMTP port 25, with or without STARTTLS, each message is counted twice.
This is evidenced by 2 INFO lines in log/cbpolicyd.log and the fact that a limit of 2 messages per SASLUsername only lets 1 message through, before the Counter column jumps to 2.00 and the next messages in the time slot are discarded. Another limit of 2 messages per Sender, limited to the server IP address (to catch messages sent through the Webmail, that lack SASLUsername) also lets 1 message through and then blocks.
If the messages are received over SMTP/SSL port 465, each message is correctly counted once.
The same limit of 2 messages per SASLUsername lets 3 messages through (which I believe is correct) before the Counter rises to 2.99 and successive messages are discarded.

This is quite troublesome, especially because the SASLUsername rule may count messages a different number of times, depending on the trasport prococol used by the user!
I noticed that check_policy_service was being specified both in smtpd_recipient_restrictions and in smtpd_end_of_data_restrictions (probably in order to support mail count quotas and mail size quotas.) So I tried disabling the latter (by issuing postconf smtpd_end_of_data_restrictions= followed by postfix reload) but it didn't seem to change the above behaviour. (Or maybe that's not the correct way to reload Postfix.)
Can anybody suggest a fix or a workaround?
Hello,
If you want counting only 1, you can remove policyd checking on smtpd_sender or smtpd_recipient. What i do is remove policyd checking on smtpd_recipient

Code: Select all

su - zimbra
vi /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf
remove this line

Code: Select all

%%contains VAR:zimbraServiceEnabled cbpolicyd^ check_policy_service inet:localhost:%%zimbraCBPolicydBindPort%%%%
Restart MTA

Code: Select all

zmmtactl restart
Post Reply