Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: [SOLVED] apolicyd and smtpd_end_of_data_restrictions

  1. #1
    Join Date
    Jun 2009
    Location
    Istanbul
    Posts
    6
    Rep Power
    6

    Unhappy [SOLVED] apolicyd and smtpd_end_of_data_restrictions

    Hello,

    I'm trying to use apolicyd to limit mail size per user.

    I installed apolicyd, added lines to /opt/zimbra/conf/postfix_recipient_restrictions.cf files like Postfix Policy page.

    Everyting ok, but I couldn't add this to main.cf file :
    smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10001

    I want to add line to zmtta.cnf file, but I couldn't figure out how to add. I try this, but didn't work :
    POSTCONF smtpd_end_of_data_restrictions LOCAL check_policy_service inet:127.0.0.1:10001

    So, how can I add "smtpd_end_of_data_restrictions" property to zimbra?

    Thank you.

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Welcome to the forums

    No need to touch zmmta.cf why not just do
    Code:
    su - zimbra
    zmprov mcf zimbraMtaRestriction "smtpd_end_of_data_restrictions LOCAL check_policy_service inet:127.0.0.1:10001"
    zmmtactl stop
    zmmtactl start
    just like in the PolicyD wiki article ?

  3. #3
    Join Date
    Jun 2009
    Location
    Istanbul
    Posts
    6
    Rep Power
    6

    Default

    zmprov mcf zimbraMtaRestriction "smtpd_end_of_data_restrictions LOCAL check_policy_service inet:127.0.0.1:10001"
    ERROR: account.INVALID_ATTR_VALUE (zimbraMtaRestriction value length(78) larger then max allowed: 64)

  4. #4
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Oops, so try
    Code:
    su - zimbra
    postconf -e smtpd_end_of_data_restrictions LOCAL check_policy_service inet:127.0.0.1:10001
    and if it fails what error message is being returned ?

  5. #5
    Join Date
    Jun 2009
    Location
    Istanbul
    Posts
    6
    Rep Power
    6

    Default

    This is working :
    su - zimbra
    postconf -e "smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10001"

    And apolicy is working too.

    But this change is not permanent. It will gone when I restart smtp server.
    How can I do this permanent?

  6. #6
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    As a workaround you could try adding it to /opt/zimbra/postfix/conf/main.cf.default and restart the MTA ... I would also recommend filing a RFE at Bugzilla Main Page to increase the size of that LDAP variable so large parameters can be entered.

  7. #7
    Join Date
    Jun 2009
    Location
    Istanbul
    Posts
    6
    Rep Power
    6

    Default

    System is not using /opt/zimbra/postfix/conf/main.cf.default file. So it is worthless.
    I added attribute size limit change enhancement to Bugzilla.

  8. #8
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Why are you adding apolicy to data_restrictions and not client_restrictions as the documentation says ? I have just installed apolicy to test and can get the client_restrictions to stick across restarts using
    Code:
    su - zimbra
    zmlocalconfig -e postfix_smtpd_client_restrictions="reject_unauth_pipelining,check_policy_service inet:127.0.0.1:10001"

  9. #9
    Join Date
    Jun 2009
    Location
    Istanbul
    Posts
    6
    Rep Power
    6

    Default

    I already added to postfix_smtpd_client_restrictions.

    But I need to use "size acl" and it is not working properly without smtpd_end_of_data_restrictions .

  10. #10
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Hmmm, only option I can see is to use either postconf or move your AS/AV checking infront of ZCS; which is infact what I am working on at the moment.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •