IRedMail/FAQ/Enable.Throttling/Debian.Ubuntu
From iRedMail
(Difference between revisions)
| (3 intermediate revisions not shown) | |||
| Line 1: | Line 1: | ||
iRedMail ships Policyd-1.8.x for sender & recipient throttling, but it's disabled by default. You can enable it by follow below steps on Debian: | iRedMail ships Policyd-1.8.x for sender & recipient throttling, but it's disabled by default. You can enable it by follow below steps on Debian: | ||
| - | * Disable sender throttling in '''/etc/postfix-policyd.conf''', but enable recipient throttling: | + | * Disable sender throttling in '''/etc/postfix-policyd.conf''', but enable recipient throttling. Warning: This is '''NOT''' the complete file. |
{{cfg|/etc/postfix-policyd.conf|<pre> | {{cfg|/etc/postfix-policyd.conf|<pre> | ||
SENDERTHROTTLE=0 | SENDERTHROTTLE=0 | ||
| Line 7: | Line 7: | ||
SENDER_THROTTLE_HOST=0 | SENDER_THROTTLE_HOST=0 | ||
| - | RECIPIENTTHROTTLE= | + | RECIPIENTTHROTTLE=0 |
</pre>}} | </pre>}} | ||
| - | * Enable throttling in '''/etc/postfix-policyd_throttle.conf''': | + | * Enable throttling in '''/etc/postfix-policyd_throttle.conf'''. Warning: This is '''NOT''' the complete file. |
{{cfg|/etc/postfix-policyd_throttle.conf|<pre> | {{cfg|/etc/postfix-policyd_throttle.conf|<pre> | ||
SENDERTHROTTLE=1 | SENDERTHROTTLE=1 | ||
| Line 16: | Line 16: | ||
SENDER_THROTTLE_HOST=0 | SENDER_THROTTLE_HOST=0 | ||
| - | RECIPIENTTHROTTLE= | + | RECIPIENTTHROTTLE=1 # <-- Enable recipient throttling in this instance. |
| + | |||
| + | WHITELISTING=0 # <-- If set to 1, throttling won't work! | ||
| + | BLACKLISTING=0 | ||
| + | BLACKLIST_HELO=0 | ||
| + | BLACKLISTSENDER=0 | ||
| + | HELO_CHECK=0 | ||
| + | SPAMTRAPPING=0 | ||
| + | GREYLISTING=0 | ||
</pre>}} | </pre>}} | ||
| - | * | + | * Save below content as file '''/etc/init.d/postfix-policyd_sender_throttle'''. This is the complete file. |
| - | + | <pre> | |
| - | # | + | #! /bin/sh |
| - | # ---- | + | ### BEGIN INIT INFO |
| - | # | + | # Provides: postfix-policyd_throttle |
| - | # | + | # Required-Start: $remote_fs $syslog |
| + | # Required-Stop: $remote_fs $syslog | ||
| + | # Default-Start: 2 3 4 5 | ||
| + | # Default-Stop: 0 1 6 | ||
| + | ### END INIT INFO | ||
| - | + | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin | |
| - | + | DAEMON=/usr/sbin/postfix-policyd | |
| - | CONFIG= | + | CONFIG=/etc/postfix-policyd_throttle.conf |
PIDFILE='/var/run/policyd_throttle.pid' | PIDFILE='/var/run/policyd_throttle.pid' | ||
| + | NAME=postfix-policyd_throttle | ||
| + | DESC="Postfix throttling policy daemon" | ||
| - | + | test -x $DAEMON || exit 0 | |
| - | + | ||
| - | # | + | # Include policyd defaults if available |
#if [ -f /etc/default/postfix-policyd ] ; then | #if [ -f /etc/default/postfix-policyd ] ; then | ||
| - | # . /etc/default/postfix-policyd | + | # . /etc/default/postfix-policyd |
#fi | #fi | ||
| - | </pre> | + | |
| + | set -e | ||
| + | |||
| + | PIDFILE=`grep "PIDFILE" $CONFIG | awk -F "=" '{print $2}' | awk '{print $1}'` | ||
| + | |||
| + | case "$1" in | ||
| + | start) | ||
| + | echo -n "Starting $DESC: " | ||
| + | start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- -c $CONFIG | ||
| + | echo "$NAME." | ||
| + | ;; | ||
| + | stop) | ||
| + | echo -n "Stopping $DESC: " | ||
| + | start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON | ||
| + | echo "$NAME." | ||
| + | ;; | ||
| + | reload|force-reload) | ||
| + | echo -n "Reloading $DESC configuration: " | ||
| + | start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON | ||
| + | echo "$NAME." | ||
| + | ;; | ||
| + | restart) | ||
| + | echo -n "Restarting $DESC: " | ||
| + | start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON | ||
| + | sleep 1 | ||
| + | start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- -c $CONFIG | ||
| + | echo "$NAME." | ||
| + | ;; | ||
| + | *) | ||
| + | N=/etc/init.d/$NAME | ||
| + | echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 | ||
| + | exit 1 | ||
| + | ;; | ||
| + | esac | ||
| + | |||
| + | exit 0 | ||
| + | </pre> | ||
* Start policyd via '''/etc/init.d/postfix-policyd_sender_throttle''': | * Start policyd via '''/etc/init.d/postfix-policyd_sender_throttle''': | ||
{{cmd|<pre> | {{cmd|<pre> | ||
| + | # chmod 0755 /etc/init.d/postfix-policyd_sender_throttle | ||
# update-rc.d postfix-policyd_sender_throttle defaults | # update-rc.d postfix-policyd_sender_throttle defaults | ||
# /etc/init.d/postfix-policyd_sender_throttle restart | # /etc/init.d/postfix-policyd_sender_throttle restart | ||
| Line 46: | Line 97: | ||
</pre>}} | </pre>}} | ||
| - | + | Now run command '''netstat''' to see if everything is working right. You should get two lines of output like below: | |
{{cmd|<pre> | {{cmd|<pre> | ||
# netstat -ntlp | grep -i 1003 | # netstat -ntlp | grep -i 1003 | ||
| Line 53: | Line 104: | ||
</pre>}} | </pre>}} | ||
| - | * Enable throttling in Postfix '''/etc/postfix/main.cf''' | + | The most important info is port numbers: 10031, 10032. |
| + | |||
| + | * Enable throttling in Postfix '''/etc/postfix/main.cf'''. The following line should already be there, but commented out by default. Uncomment it. If it's not there, add it. | ||
{{cfg|/etc/postfix/main.cf|<pre> | {{cfg|/etc/postfix/main.cf|<pre> | ||
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10032 | smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10032 | ||
</pre>}} | </pre>}} | ||
| - | Restart postfix | + | * Restart postfix to re-read new configuration. |
{{cmd|<pre> | {{cmd|<pre> | ||
# /etc/init.d/postfix restart | # /etc/init.d/postfix restart | ||
</pre>}} | </pre>}} | ||
| - | That's all. | + | That's all. |
| + | |||
| + | If it works, you'll find lines similar to the following in /var/log/mail.log. | ||
| + | <pre> | ||
| + | postfix-policyd: rcpt=81, throttle=update(a), host=127.0.0.1, | ||
| + | from=robert@example.com, to=someone@spamtrap.net, size=1749/10240000, | ||
| + | quota=30611/250000000, count=9/50(9), rcpt=9/3600(9), threshold=0%|16%|0% | ||
| + | </pre> | ||
Refer to Policyd official documentation to set throttling: http://policyd.sourceforge.net/readme.html | Refer to Policyd official documentation to set throttling: http://policyd.sourceforge.net/readme.html | ||
Revision as of 14:10, 26 July 2012
iRedMail ships Policyd-1.8.x for sender & recipient throttling, but it's disabled by default. You can enable it by follow below steps on Debian:
- Disable sender throttling in /etc/postfix-policyd.conf, but enable recipient throttling. Warning: This is NOT the complete file.
| File: /etc/postfix-policyd.conf |
SENDERTHROTTLE=0 SENDER_THROTTLE_SASL=0 SENDER_THROTTLE_HOST=0 RECIPIENTTHROTTLE=0 |
- Enable throttling in /etc/postfix-policyd_throttle.conf. Warning: This is NOT the complete file.
| File: /etc/postfix-policyd_throttle.conf |
SENDERTHROTTLE=1 SENDER_THROTTLE_SASL=1 SENDER_THROTTLE_HOST=0 RECIPIENTTHROTTLE=1 # <-- Enable recipient throttling in this instance. WHITELISTING=0 # <-- If set to 1, throttling won't work! BLACKLISTING=0 BLACKLIST_HELO=0 BLACKLISTSENDER=0 HELO_CHECK=0 SPAMTRAPPING=0 GREYLISTING=0 |
- Save below content as file /etc/init.d/postfix-policyd_sender_throttle. This is the complete file.
#! /bin/sh
### BEGIN INIT INFO
# Provides: postfix-policyd_throttle
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/postfix-policyd
CONFIG=/etc/postfix-policyd_throttle.conf
PIDFILE='/var/run/policyd_throttle.pid'
NAME=postfix-policyd_throttle
DESC="Postfix throttling policy daemon"
test -x $DAEMON || exit 0
# Include policyd defaults if available
#if [ -f /etc/default/postfix-policyd ] ; then
# . /etc/default/postfix-policyd
#fi
set -e
PIDFILE=`grep "PIDFILE" $CONFIG | awk -F "=" '{print $2}' | awk '{print $1}'`
case "$1" in
start)
echo -n "Starting $DESC: "
start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- -c $CONFIG
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
echo "$NAME."
;;
reload|force-reload)
echo -n "Reloading $DESC configuration: "
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON
echo "$NAME."
;;
restart)
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
sleep 1
start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- -c $CONFIG
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0
- Start policyd via /etc/init.d/postfix-policyd_sender_throttle:
| Terminal: |
# chmod 0755 /etc/init.d/postfix-policyd_sender_throttle # update-rc.d postfix-policyd_sender_throttle defaults # /etc/init.d/postfix-policyd_sender_throttle restart # /etc/init.d/postfix-policyd restart |
Now run command netstat to see if everything is working right. You should get two lines of output like below:
| Terminal: |
# netstat -ntlp | grep -i 1003 tcp 0 0 127.0.0.1:10031 0.0.0.0:* LISTEN 3454/policyd tcp 0 0 127.0.0.1:10032 0.0.0.0:* LISTEN 3459/policyd |
The most important info is port numbers: 10031, 10032.
- Enable throttling in Postfix /etc/postfix/main.cf. The following line should already be there, but commented out by default. Uncomment it. If it's not there, add it.
| File: /etc/postfix/main.cf |
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10032 |
- Restart postfix to re-read new configuration.
| Terminal: |
# /etc/init.d/postfix restart |
That's all.
If it works, you'll find lines similar to the following in /var/log/mail.log.
postfix-policyd: rcpt=81, throttle=update(a), host=127.0.0.1, from=robert@example.com, to=someone@spamtrap.net, size=1749/10240000, quota=30611/250000000, count=9/50(9), rcpt=9/3600(9), threshold=0%|16%|0%
Refer to Policyd official documentation to set throttling: http://policyd.sourceforge.net/readme.html
