Results 1 to 2 of 2

Thread: Policyd, Zimbra 7.2.2, outbound only?

  1. #1
    Join Date
    Apr 2009
    Posts
    93
    Rep Power
    6

    Default Policyd, Zimbra 7.2.2, outbound only?

    Is it possible to enable policyd on outbound mail only?

    I'm trying to rate-limit email coming FROM my users, not to them. This is to help mitigate the ill effects of compromised accounts sending spam. So, i'd like to limit my users to x messages per minute leaving my network, but not limit external senders from sending messages TO my users.

    It seems that no matter how i configure policyd, it affects both inbound and outbound.

    I'm currently using the SASLUsername Tracker. I assumed that if the mesage came from an unauthenticated source, that it woud not hit the trigger, but this doesn not seem to be the case.

    Thanks!

  2. #2
    Join Date
    Apr 2009
    Posts
    93
    Rep Power
    6

    Default

    I seem to have resolved this on my own.

    Essentially, when setting up policyd, according to the wiki, Postfix Policyd - Zimbra :: Wiki, you're told to add a policy group for zimbra.

    Code:
    BEGIN TRANSACTION;
    INSERT INTO "policies" (Name,Priority,Description) VALUES('Zimbra CBPolicyd Policies', 0, 'Zimbra CBPolicyd Policies');
    INSERT INTO "policy_members" (PolicyID,Source,Destination) VALUES(6, 'any', 'any');
    COMMIT;
    Once you get how policyd works, you realize that this policy is configred to match any source and any destination. You can get fancy with that.

    In my environment, all inbound mail, from the internet, passes through our Proofpoint scanners. So, as far as zimbra is concerned, all inbound mail comes from one of two ip's (the ip's of the spam appliances). So, i created another goup, and added my proofpoint ip's to it. Then instead of matching any/any, i match on pps_ips/any. It looks something like this (this includes everything you need to do the whitelist, and add a 20 mesages per minute rate-limit):

    Code:
    BEGIN TRANSACTION;
    
    INSERT INTO policy_groups (Name,Disabled,Comment) VALUES('PPS_ips',0,'Proofpoint MTA ips');
    INSERT INTO policy_group_members (PolicyGroupId,Member,Disabled,Comment) VALUES(3,'1.2.3.4',0,'spam appliance 1');
    INSERT INTO policy_group_members (PolicyGroupId,Member,Disabled,Comment) VALUES(3,'5.6.7.8',0,'spam appliance 2');
    
    INSERT INTO "policies" (Name,Priority,Description) VALUES('Zimbra CBPolicyd Policies', 0, 'Zimbra CBPolicyd Policies');
    INSERT INTO "policy_members" (PolicyID,Source,Destination) VALUES(6, '!%PPS_ips', 'any');
    
    INSERT INTO "quotas" (PolicyID,Name,Track,Period,Verdict,Data) VALUES (6, 'SASLUsername','SASLUsername', 60, 'DEFER', 'Deferring: Too many messages from sender.');
    INSERT INTO "quotas_limits" (QuotasID,Type,CounterLimit) VALUES(3, 'MessageCount', 20);
    COMMIT;

Similar Threads

  1. Zimbra 8.0.1 Policyd
    By niam in forum Administrators
    Replies: 5
    Last Post: 12-24-2013, 02:40 AM
  2. installing policyd on zimbra 7.0
    By rajeshkodali in forum Administrators
    Replies: 3
    Last Post: 04-20-2013, 06:43 PM
  3. PolicyD v2 doesn't work with Zimbra
    By vavai in forum Administrators
    Replies: 1
    Last Post: 04-20-2013, 06:42 PM
  4. Replies: 2
    Last Post: 08-04-2009, 03:12 AM
  5. about zimbra and policyd installation
    By prasenjitbehera in forum General Questions
    Replies: 0
    Last Post: 09-18-2008, 11:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •