Postfix rate limiter SMTP policy daemon
It depends on the Postfix policy delegation protocol, it searches for the sasl_username
and based on the defined limits stored in a MySQl database it rejects or allows action=DUNNO
the email to be sent.
USAGE:
policyd-rate-limit [OPTIONS] --dsn <dsn> [SUBCOMMAND]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-d, --dsn <dsn> mysql://<username>:<password>@tcp(<host>:<port>)/<database>
--max <max> mysql pool max connections [default: 50]
--min <min> mysql pool min connections [default: 3]
-s, --socket <socket> path to Unix domain socket [default: /tmp/policy-rate-limit.sock]
SUBCOMMANDS:
cuser Create the user if not found, defaults: 100 messages per day
help Prints this message or the help of the given subcommand(s)
For the subcommand cuser
:
Create the user if not found, defaults: 100 messages per day
USAGE:
policyd-rate-limit --dsn <dsn> cuser [OPTIONS]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-l, --limit <limit> maximum allowed messages [default: 100]
-r, --rate <rate> rate in seconds, limits the messages to be sent in the defined period [default: 86400]
Use a supervisor (immortal) to run policyd-rate-limit
,
for example to create users if not found and to only allow 3 emails every hour
use:
policyd-rate-limit -d mysql://root:test@tcp(localhost)/policyd -s /var/run/policy-rate-limit.sock cuser -l 3 -r 3600
The database schema:
CREATE SCHEMA IF NOT EXISTS `policyd` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
USE policyd;
CREATE TABLE IF NOT EXISTS `ratelimit` (
`username` VARCHAR(128) NOT NULL COMMENT 'sender address (SASL username)',
`quota` INT(10) UNSIGNED NOT NULL DEFAULT '0' COMMENT 'limit',
`used` INT(10) UNSIGNED NOT NULL DEFAULT '0' COMMENT 'current recipient counter',
`rate` INT(10) UNSIGNED DEFAULT '0' COMMENT 'seconds after which the counter gets reset',
`rdate` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT 'datetime when counter was reset',
PRIMARY KEY (`username`))
ENGINE = InnoDB
DEFAULT CHARACTER SET = utf8
COLLATE = utf8_general_ci;
Add the path of the policy-rate-limit socket to smtpd_sender_restrictions
for example:
smtpd_sender_restrictions: check_policy_service { unix:/tmp/policy-rate-limit.sock, default_action=DUNNO }
check the perms of the socket, you may need
chmod 666