Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: cbpolicy quota module - working via Zimbra web client, not working with smtp emails

  1. #1
    bloom is offline Intermediate Member
    Join Date
    Nov 2012
    Location
    Poland
    Posts
    16
    Rep Power
    2

    Default cbpolicy quota module - working via Zimbra web client, not working with smtp emails

    Hi,

    I have gone thru Postfix Policyd - Zimbra :: Wiki and How-to for cbpolicyd - Zimbra :: Wiki .
    I have setup quota policies and limits.

    While someting must be wrong, it works OK when I send emails from Zimbra web client, but it does not work for emails sent from Thunderbird (with encrypted smtp to 587 port).

    What may I be missing?

    Some debugs are:

    Code:
    [2013/08/27-00:25:00 - 17814] [TRACKING] DEBUG: Request translated into session data: $VAR1 = {
              'SASLUsername' => '',
              'QueueID' => '0A114E3A40',
              'RecipientData' => '/<pkam@XXX>#0=1,6;',
              'EncryptionCipher' => '',
              'Instance' => '4c85.521bd5bb.de80e.0',
              'Size' => '1',
              'EncryptionKeySize' => '0',
              'UnixTimestamp' => 1377555900,
              'ProtocolTransport' => 'Postfix',
              'EncryptionProtocol' => '',
              'Helo' => 'OFFICE.xxx.xxx',
              'ClientAddress' => '192.168.47.50',
              'ClientName' => 'yyy.xxx.xxx',
              'Sender' => 'piotr@xxx.xxx',
              'SASLSender' => '',
              '_ClientAddress' => bless( {
                                           'raw_ip' => '192.168.47.50',
                                           'ip' => '192.168.47.50',
                                           'ip_version' => 4,
                                           'cidr' => 32
                                         }, 'awitpt::netip' ),
              'ProtocolState' => 'END-OF-MESSAGE',
              '_Recipient_To_Policy' => {
                                          'pkam@XXX' => {
                                                                   '0' => [
                                                                            '1',
                                                                            '6'
                                                                          ]
                                                                 }
                                        },
              'Protocol' => 'ESMTP',
              'ClientReverseName' => 'yyy.xxx.xxx',
              'SASLMethod' => ''
            };
    This is followed by
    Code:
    [2013/08/27-00:24:59 - 17814] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
    [2013/08/27-00:25:00 - 17814] [CORE] INFO: module=Quotas, mode=update, host=192.168.47.50,
    [cut]
    And the bad one:

    Code:
    [2013/08/27-01:00:48 - 17815] [TRACKING] DEBUG: Request translated into session data: $VAR1 = {
              'SASLUsername' => 'piotr@xxx.xxx',
              'QueueID' => '2567EE3A42',
              'RecipientData' => '',
              'Instance' => '6ee1.521bde20.1a1cf.0',
              'EncryptionCipher' => 'ECDHE-RSA-AES256-SHA',
              'Size' => '1',
              'EncryptionKeySize' => '256',
              'UnixTimestamp' => 1377558048,
              'ProtocolTransport' => 'Postfix',
              'EncryptionProtocol' => 'TLSv1',
              'Helo' => '[192.168.47.201]',
              'ClientAddress' => '192.168.47.1',
              'ClientName' => 'unknown',
              'Sender' => 'piotr@xxx.xxx',
              'SASLSender' => '',
              '_ClientAddress' => bless( {
                                           'raw_ip' => '192.168.47.1',
                                           'ip' => '192.168.47.1',
                                           'ip_version' => 4,
                                           'cidr' => 32
                                         }, 'awitpt::netip' ),
              'ProtocolState' => 'END-OF-MESSAGE',
              'Protocol' => 'ESMTP',
              'ClientReverseName' => 'unknown',
              'SASLMethod' => 'PLAIN'
            };
    This is followed by

    Code:
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] INFO: Got request #1
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Running module: Access Control Plugin
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Module 'Access Control Plugin' returned CBP_SKIP
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Running module: HELO/EHLO Check Plugin
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Module 'HELO/EHLO Check Plugin' returned CBP_SKIP
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Running module: SPF Check Plugin
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Module 'SPF Check Plugin' returned CBP_SKIP
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Running module: Greylisting Plugin
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Module 'Greylisting Plugin' returned CBP_SKIP
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Module 'Quotas Plugin' returned CBP_SKIP
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Running module: Accounting Plugin
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Module 'Accounting Plugin' returned CBP_SKIP
    [2013/08/27-01:00:48 - 17815] [CBPOLICYD] DEBUG: Done with modules
    [2013/08/27-01:00:48 - 28390] [CORE] DEBUG: Child Preforked (28390)
    [2013/08/27-01:00:48 - 28390] [CBPOLICYD] DEBUG: Starting up caching engine
    Please help! I have run out of ideas where to look for a mistake.
    Regards
    Piotr
    Last edited by bloom; 09-06-2013 at 02:38 PM. Reason: hiding domains

  2. #2
    bloom is offline Intermediate Member
    Join Date
    Nov 2012
    Location
    Poland
    Posts
    16
    Rep Power
    2

    Default nobody??

    bump...

    anyone willing to help ?

  3. #3
    inqueue is offline Zimbra Employee
    Join Date
    Mar 2006
    Location
    Greenwood, IN
    Posts
    90
    Rep Power
    9

    Default

    Hello bloom,

    Are you sure you want to enable cbpolicyd for your authenticated SMTP clients? cbpolicyd restrictions are not configured (Postfix master.cf) on the submission smtpd on 587.
    --
    Jason Bryan
    Zimbra R&D

  4. #4
    bloom is offline Intermediate Member
    Join Date
    Nov 2012
    Location
    Poland
    Posts
    16
    Rep Power
    2

    Default

    Quote Originally Posted by inqueue View Post
    Hello bloom,

    Are you sure you want to enable cbpolicyd for your authenticated SMTP clients? cbpolicyd restrictions are not configured (Postfix master.cf) on the submission smtpd on 587.
    Are you saying this is by design?
    Yes, I am looking how to limit number of emails possible to send in order to prevent mass mailing from hijacked account. I had such a problem recently when a lot of spam emails were sent. I have not been able to remove the the sever's IP from some RBLs yet.

    So, yes. I am desperately looking for a way to prevent using my ZCS installs by spammers.

    Regards,
    Piotr

  5. #5
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,504
    Rep Power
    57

    Default

    Why not implement a) strong passwords on your ZCS server and b) rate limiting for outbound mail?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    bloom is offline Intermediate Member
    Join Date
    Nov 2012
    Location
    Poland
    Posts
    16
    Rep Power
    2

    Default

    Quote Originally Posted by phoenix View Post
    Why not implement a) strong passwords on your ZCS server and b) rate limiting for outbound mail?
    a) even strong passwords may get stolen and misused

    b) that is what I am trying to achieve. I have set the rate limit and it works OK, but only when sending emails from ZWC. Emails submitted to 587 port are not rate limited. Please take a look at my first post.

    If there is something I need to show, configs, or quota and quota_limits tables - I am willing to. But I believe it is done correctly because it works (for ZWC).

    Help still needed.
    Regards
    Piotr

  7. #7
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,504
    Rep Power
    57

    Default

    Quote Originally Posted by bloom View Post
    a) even strong passwords may get stolen and misused
    Of course but they're less likely to get hacked if they're also forced to change them regularly.

    Quote Originally Posted by bloom View Post
    Please take a look at my first post.
    Unfortunately I missed it on the second viewing when I posted my reply and I don't have any answer for why it's not processing port 587, sorry.
    Last edited by phoenix; 09-03-2013 at 10:19 PM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,271
    Rep Power
    10

    Default

    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  9. #9
    bloom is offline Intermediate Member
    Join Date
    Nov 2012
    Location
    Poland
    Posts
    16
    Rep Power
    2

    Default

    Quote Originally Posted by inqueue View Post
    Hello bloom,

    Are you sure you want to enable cbpolicyd for your authenticated SMTP clients? cbpolicyd restrictions are not configured (Postfix master.cf) on the submission smtpd on 587.
    @inqueue : Could you please give me some advice how to make cbpolicyd restrictions work also for mail submitted to smtpd on 587 port? Thanks.

    Regards,
    Piotr

  10. #10
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,271
    Rep Power
    10

    Default

    You could modify the /opt/zimbra/postfix/conf/master.cf.in file until bug#83922 is fixed.

    Under the section that starts with "submission" where it has:
    Code:
    -o smtpd_recipient_restrictions=
    Change it to

    Code:
    -o smtpd_recipient_restrictions=check_policy_service inet:localhost:10031
    You can do the same thing under the section that starts with port 465.

    Once you have modified master.cf.in, run postfix stop; postfix start as the zimbra user so that the master.cf file is rewritten.

    This would hard code cbpolicyd checks for both ports.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 1
    Last Post: 11-19-2012, 05:39 AM
  2. Replies: 1
    Last Post: 10-05-2009, 05:12 AM
  3. Get emails out of zimbra or get it working again?
    By kingfeanor in forum Migration
    Replies: 9
    Last Post: 11-25-2008, 01:02 AM
  4. Quota sync not working
    By k3rmit in forum Zimbra Connector for Outlook
    Replies: 2
    Last Post: 03-27-2008, 02:50 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •