Policyd wrong message count
Posted: Fri Feb 26, 2016 12:06 pm
Hello
I have set up Policyd on ZCS 8.6 using the official Wiki page plus an addition of mine (using Zimbra's MySQL with InnoDB tables instead of Sqlite3, for performance reasons.)
The issue I'm having is that sometimes Policyd counts each message 2 times, depending on how the message is received:
If the message is received over SMTP port 25, with or without STARTTLS, each message is counted twice.
This is evidenced by 2 INFO lines in log/cbpolicyd.log and the fact that a limit of 2 messages per SASLUsername only lets 1 message through, before the Counter column jumps to 2.00 and the next messages in the time slot are discarded. Another limit of 2 messages per Sender, limited to the server IP address (to catch messages sent through the Webmail, that lack SASLUsername) also lets 1 message through and then blocks.
If the messages are received over SMTP/SSL port 465, each message is correctly counted once.
The same limit of 2 messages per SASLUsername lets 3 messages through (which I believe is correct) before the Counter rises to 2.99 and successive messages are discarded.
This is quite troublesome, especially because the SASLUsername rule may count messages a different number of times, depending on the trasport prococol used by the user!
I noticed that check_policy_service was being specified both in smtpd_recipient_restrictions and in smtpd_end_of_data_restrictions (probably in order to support mail count quotas and mail size quotas.) So I tried disabling the latter (by issuing postconf smtpd_end_of_data_restrictions= followed by postfix reload) but it didn't seem to change the above behaviour. (Or maybe that's not the correct way to reload Postfix.)
Can anybody suggest a fix or a workaround?
I have set up Policyd on ZCS 8.6 using the official Wiki page plus an addition of mine (using Zimbra's MySQL with InnoDB tables instead of Sqlite3, for performance reasons.)
The issue I'm having is that sometimes Policyd counts each message 2 times, depending on how the message is received:
If the message is received over SMTP port 25, with or without STARTTLS, each message is counted twice.
This is evidenced by 2 INFO lines in log/cbpolicyd.log and the fact that a limit of 2 messages per SASLUsername only lets 1 message through, before the Counter column jumps to 2.00 and the next messages in the time slot are discarded. Another limit of 2 messages per Sender, limited to the server IP address (to catch messages sent through the Webmail, that lack SASLUsername) also lets 1 message through and then blocks.
If the messages are received over SMTP/SSL port 465, each message is correctly counted once.
The same limit of 2 messages per SASLUsername lets 3 messages through (which I believe is correct) before the Counter rises to 2.99 and successive messages are discarded.
This is quite troublesome, especially because the SASLUsername rule may count messages a different number of times, depending on the trasport prococol used by the user!
I noticed that check_policy_service was being specified both in smtpd_recipient_restrictions and in smtpd_end_of_data_restrictions (probably in order to support mail count quotas and mail size quotas.) So I tried disabling the latter (by issuing postconf smtpd_end_of_data_restrictions= followed by postfix reload) but it didn't seem to change the above behaviour. (Or maybe that's not the correct way to reload Postfix.)
Can anybody suggest a fix or a workaround?