Loading ...
Sorry, an error occurred while loading the content.

postfwd, ratelimiting and whitelisting questions

Expand Messages
  • Miha Valencic
    Hi! I sent similar mail to postfwd mailing list as well, but it seems that the list is very slow, and I could not find any archives on the net as well. With
    Message 1 of 2 , Dec 21, 2012
    • 0 Attachment
      Hi!

      I sent similar mail to postfwd mailing list as well, but it seems that
      the list is very slow, and I could not find any archives on the net as
      well. With regards to postfwd, we're thinking about implementing
      postfwd in a large-scale environment. I searched the documentation and
      could not find some
      specific answers:

      1) If we want to rate-limit every client, even the ones in
      "mynetworks", do we need to move mynetworks checks to postfwd, or just
      call postfwd from a different stage (i.e. end of data restrictions)?

      2) How does postfwd handle multiple-server installations? Specifically,
      how are counters shared between servers? I noticed in the command line
      configuration options, that there are some settings related to cache,
      cache port, etc.. but nothing documented enough so that I could see
      what it does exactly.

      3) How does postfwd handle counters? For instance, in a rate limit
      scenario. If we have a rate limit of 10 recipients per minute. Does it
      really store the timestamps of messages so that it really knows
      whether the limit was exceeded? For instance, If I send 10 emails at
      09:00:30 and then send 5 emails at 09:01:05, the limit should be hit.
      Or, if I send 2 emails every 12 seconds, the limit should not be hit.
      Does it perhaps use the 'token bucket' algorithm?

      4) Are counters persistent? Meaning, do they survive the postfwd daemon restart?


      Thanks,
      Miha.
    • Rich Bishop
      I recently implemented postfwd here to help with our smtp-auth spammer problems. ... We just call the policy service before we permit anything.
      Message 2 of 2 , Dec 21, 2012
      • 0 Attachment
        I recently implemented postfwd here to help with our smtp-auth spammer
        problems.

        On 12/21/2012 05:28 AM, Miha Valencic wrote:
        > Hi!
        >
        > I sent similar mail to postfwd mailing list as well, but it seems that
        > the list is very slow, and I could not find any archives on the net as
        > well. With regards to postfwd, we're thinking about implementing
        > postfwd in a large-scale environment. I searched the documentation and
        > could not find some
        > specific answers:
        >
        > 1) If we want to rate-limit every client, even the ones in
        > "mynetworks", do we need to move mynetworks checks to postfwd, or just
        > call postfwd from a different stage (i.e. end of data restrictions)?

        We just call the policy service before we permit anything.

        smtpd_recipient_restrictions =
        check_recipient_access hash:/etc/postfix/overquota,
        .
        . < Some more reject lists >
        .
        check_policy_service inet:127.0.0.1:10061,
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination,
        .
        .
        .

        >
        > 2) How does postfwd handle multiple-server installations? Specifically,
        > how are counters shared between servers? I noticed in the command line
        > configuration options, that there are some settings related to cache,
        > cache port, etc.. but nothing documented enough so that I could see
        > what it does exactly.

        The counters are local to that instance of postfwd, but postfwd also
        comes with hapolicyd which you can use to send all your queries to a
        single postfwd instance (and fail over if there are any problems). See
        http://postfwd.org/hapolicy/index.html


        >
        > 3) How does postfwd handle counters? For instance, in a rate limit
        > scenario. If we have a rate limit of 10 recipients per minute. Does it
        > really store the timestamps of messages so that it really knows
        > whether the limit was exceeded? For instance, If I send 10 emails at
        > 09:00:30 and then send 5 emails at 09:01:05, the limit should be hit.
        > Or, if I send 2 emails every 12 seconds, the limit should not be hit.
        > Does it perhaps use the 'token bucket' algorithm?

        They're stored in a perl hash. You can see the cache with
        postfwd2 --dumpcache .

        >
        > 4) Are counters persistent? Meaning, do they survive the postfwd daemon restart?
        Not by default. It looks like you can do this with --save-rates <file> ,
        but we don't currently.

        Rich
      Your message has been successfully submitted and would be delivered to recipients shortly.