Hi,
I have gone thru Postfix Policyd - Zimbra :: Wiki and How-to for cbpolicyd - Zimbra :: Wiki .
I have setup quota policies and limits.
While someting must be wrong, it works OK when I send emails from Zimbra web client, but it does not work for emails sent from Thunderbird (with encrypted smtp to 587 port).
What may I be missing?
Some debugs are:
[2013/08/27-00:25:00 - 17814] [TRACKING] DEBUG: Request translated into session data: $VAR1 = {
'SASLUsername' => '',
'QueueID' => '0A114E3A40',
'RecipientData' => '/#0=1,6;',
'EncryptionCipher' => '',
'Instance' => '4c85.521bd5bb.de80e.0',
'Size' => '1',
'EncryptionKeySize' => '0',
'UnixTimestamp' => 1377555900,
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => '',
'Helo' => 'OFFICE.xxx.xxx',
'ClientAddress' => '192.168.47.50',
'ClientName' => 'yyy.xxx.xxx',
'Sender' => 'piotr@xxx.xxx',
'SASLSender' => '',
'_ClientAddress' => bless( {
'raw_ip' => '192.168.47.50',
'ip' => '192.168.47.50',
'ip_version' => 4,
'cidr' => 32
}, 'awitpt::netip' ),
'ProtocolState' => 'END-OF-MESSAGE',
'_Recipient_To_Policy' => {
'pkam@XXX' => {
'0' => [
'1',
'6'
]
}
},
'Protocol' => 'ESMTP',
'ClientReverseName' => 'yyy.xxx.xxx',
'SASLMethod' => ''
};
This is followed by
[2013/08/27-00:24:59 - 17814] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
[2013/08/27-00:25:00 - 17814] [CORE] INFO: module=Quotas, mode=update, host=192.168.47.50,
[cut]
And the bad one:
[2013/08/27-01:00:48 - 17815] [TRACKING] DEBUG: Request translated into session data: $VAR1 = {
'SASLUsername' => 'piotr@xxx.xxx',
'QueueID' => '2567EE3A42',
'RecipientData' => '',
'Instance' => '6ee1.521bde20.1a1cf.0',
'EncryptionCipher' => 'ECDHE-RSA-AES256-SHA',
'Size' => '1',
'EncryptionKeySize' => '256',
'UnixTimestamp' => 1377558048,
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => 'TLSv1',
'Helo' => '[192.168.47.201]',
'ClientAddress' => '192.168.47.1',
'ClientName' => 'unknown',
'Sender' => 'piotr@xxx.xxx',
'SASLSender' => '',
'_ClientAddress' => bless( {
'raw_ip' => '192.168.47.1',
'ip' => '192.168.47.1',
'ip_version' => 4,
'cidr' => 32
}, 'awitpt::netip' ),
'ProtocolState' => 'END-OF-MESSAGE',
'Protocol' => 'ESMTP',
'ClientReverseName' => 'unknown',
'SASLMethod' => 'PLAIN'
};
This is followed by
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] INFO: Got request #1
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Running module: Access Control Plugin
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Module 'Access Control Plugin' returned CBP_SKIP
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Running module: HELO/EHLO Check Plugin
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Module 'HELO/EHLO Check Plugin' returned CBP_SKIP
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Running module: SPF Check Plugin
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Module 'SPF Check Plugin' returned CBP_SKIP
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Running module: Greylisting Plugin
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Module 'Greylisting Plugin' returned CBP_SKIP
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Module 'Quotas Plugin' returned CBP_SKIP
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Running module: Accounting Plugin
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Module 'Accounting Plugin' returned CBP_SKIP
[2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Done with modules
[2013/08/27-01:00:48 - 28390] [CORE] DEBUG: Child Preforked (28390)
[2013/08/27-01:00:48 - 28390] [CBPOLICYD] DEBUG: Starting up caching engine
Please help! I have run out of ideas where to look for a mistake.
Regards
Piotr
cbpolicy quota module - working via Zimbra web client, not working with smtp emails
cbpolicy quota module - working via Zimbra web client, not working with smtp emails
bump...
anyone willing to help ?
anyone willing to help ?
cbpolicy quota module - working via Zimbra web client, not working with smtp emails
[quote user="inqueue"]Hello bloom,
Are you sure you want to enable cbpolicyd for your authenticated SMTP clients? cbpolicyd restrictions are not configured (Postfix master.cf) on the submission smtpd on 587.[/QUOTE]
Are you saying this is by design?
Yes, I am looking how to limit number of emails possible to send in order to prevent mass mailing from hijacked account. I had such a problem recently when a lot of spam emails were sent. I have not been able to remove the the sever's IP from some RBLs yet.
So, yes. I am desperately looking for a way to prevent using my ZCS installs by spammers.
Regards,
Piotr
Are you sure you want to enable cbpolicyd for your authenticated SMTP clients? cbpolicyd restrictions are not configured (Postfix master.cf) on the submission smtpd on 587.[/QUOTE]
Are you saying this is by design?
Yes, I am looking how to limit number of emails possible to send in order to prevent mass mailing from hijacked account. I had such a problem recently when a lot of spam emails were sent. I have not been able to remove the the sever's IP from some RBLs yet.
So, yes. I am desperately looking for a way to prevent using my ZCS installs by spammers.
Regards,
Piotr
cbpolicy quota module - working via Zimbra web client, not working with smtp emails
Why not implement a) strong passwords on your ZCS server and b) rate limiting for outbound mail?
cbpolicy quota module - working via Zimbra web client, not working with smtp emails
[quote user="10330phoenix"]Why not implement a) strong passwords on your ZCS server and b) rate limiting for outbound mail?[/QUOTE]
a) even strong passwords may get stolen and misused
b) that is what I am trying to achieve. I have set the rate limit and it works OK, but only when sending emails from ZWC. Emails submitted to 587 port are not rate limited. Please take a look at my first post.
If there is something I need to show, configs, or quota and quota_limits tables - I am willing to. But I believe it is done correctly because it works (for ZWC).
Help still needed.
Regards
Piotr
a) even strong passwords may get stolen and misused
b) that is what I am trying to achieve. I have set the rate limit and it works OK, but only when sending emails from ZWC. Emails submitted to 587 port are not rate limited. Please take a look at my first post.
If there is something I need to show, configs, or quota and quota_limits tables - I am willing to. But I believe it is done correctly because it works (for ZWC).
Help still needed.
Regards
Piotr
cbpolicy quota module - working via Zimbra web client, not working with smtp emails
[quote user="bloom"]a) even strong passwords may get stolen and misused[/QUOTE]Of course but they're less likely to get hacked if they're also forced to change them regularly.
[quote user="bloom"]Please take a look at my first post.[/QUOTE]Unfortunately I missed it on the second viewing when I posted my reply and I don't have any answer for why it's not processing port 587, sorry.
[quote user="bloom"]Please take a look at my first post.[/QUOTE]Unfortunately I missed it on the second viewing when I posted my reply and I don't have any answer for why it's not processing port 587, sorry.
cbpolicy quota module - working via Zimbra web client, not working with smtp emails
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
cbpolicy quota module - working via Zimbra web client, not working with smtp emails
[quote user="inqueue"]Hello bloom,
Are you sure you want to enable cbpolicyd for your authenticated SMTP clients? cbpolicyd restrictions are not configured (Postfix master.cf) on the submission smtpd on 587.[/QUOTE]
@inqueue : Could you please give me some advice how to make cbpolicyd restrictions work also for mail submitted to smtpd on 587 port? Thanks.
Regards,
Piotr
Are you sure you want to enable cbpolicyd for your authenticated SMTP clients? cbpolicyd restrictions are not configured (Postfix master.cf) on the submission smtpd on 587.[/QUOTE]
@inqueue : Could you please give me some advice how to make cbpolicyd restrictions work also for mail submitted to smtpd on 587 port? Thanks.
Regards,
Piotr
cbpolicy quota module - working via Zimbra web client, not working with smtp emails
You could modify the /opt/zimbra/postfix/conf/master.cf.in file until bug#83922 is fixed.
Under the section that starts with "submission" where it has:
-o smtpd_recipient_restrictions=
Change it to
-o smtpd_recipient_restrictions=check_policy_service inet:localhost:10031
You can do the same thing under the section that starts with port 465.
Once you have modified master.cf.in, run postfix stop; postfix start as the zimbra user so that the master.cf file is rewritten.
This would hard code cbpolicyd checks for both ports.
--Quanah
Under the section that starts with "submission" where it has:
-o smtpd_recipient_restrictions=
Change it to
-o smtpd_recipient_restrictions=check_policy_service inet:localhost:10031
You can do the same thing under the section that starts with port 465.
Once you have modified master.cf.in, run postfix stop; postfix start as the zimbra user so that the master.cf file is rewritten.
This would hard code cbpolicyd checks for both ports.
--Quanah
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/