How To Configure Rate Limit Sending Message on PolicyD

-

Why we must configuring rate limit sending message?

If there user have compromised password, spammer will sending email to outside with random email address receipt  and very much email have been sent. Usually, public IP address will have blacklisted on any RBL and cannot sending email to outside. To prevent it, we can use Policyd and configure rate limit sending message with quotas modules on Policyd. Quotas modules can prevent user@domain or other configuration can sending some email per minutes or per hours. For example, per users can sending maximum 200 emails per hours


How to configure it?

This is step by step how to configure it. Assuming you have been install/enable Policyd.

Access Policyd WebUI via browser http://zimbraserver:7780/webui/index.php. Ensure your Zimbra service apache have been running

Select Policies | Groups. Select action and add groups. given name list_domain. On comment, you can empty or filled with comment. Select a group that has been made. On action, select members and fill with your domain. See the following example. make sure disabled status is no at groups or members groups





Select Policies | Main. Create new policy and give name rate limit sending message. See the following example



Select new policy has been made. On action, select members and fill with the group that has previously been made. Ensure disabled is no. See the following example





Select Quotas | Configure. Select action | add. fill with the following example

Name : Rate Limit
Track : sender:user@domain
Period : 3600
Link to policy : Rate Limit Sending Message
Verdict : Defer (delay)
Data : information who give to users if policy have been meet or you can empty. Example : Sorry, your quotas to sending email has been full. please try again later



If all selection has been configured, click Submit Query. Select new quotas that has previously been made | select action | Limits. Add limit and configure. See the following example



Ensure disabled status is no



Above configuration will limit sending message from domain local to outside and outside to any domain with maximum message 200 email/user/hour. Please try to sending message to other domain and see the log information on /opt/zimbra/log/cbpolicyd.log

[2014/09/08-21:32:39 - 4871] [CORE] INFO: module=Quotas, mode=create, host=127.0.0.1, helo=mail, from=admin@imanudin.net, to=ahmadiman@gmail.com, reason=quota_create, policy=6, quota=3, limit=4, track=Sender:admin@imanudin.net, counter=MessageCount, quota=1.00/200 (0.5%)
[2014/09/08-21:32:39 - 4871] [CBPOLICYD] INFO: Got request #2 (pipelined)
[2014/09/08-21:32:39 - 4871] [CORE] INFO: module=Quotas, mode=update, host=127.0.0.1, helo=mail, from=admin@imanudin.net, to=ahmadiman@gmail.com, reason=quota_update, policy=6, quota=3, limit=4, track=Sender:admin@imanudin.net, counter=MessageCount, quota=2.00/200 (1.0%)
Good luck and hopefully useful 😀

Comments

Post a Comment

Popular posts from this blog

Cambium cnPilot E400/E410/E500 Configuration Tutorial

-
Image
Basic Connectivity:   Router (Broadband/mikrotik |dhcp enabled) >>> E400/E410/E500 + LAPTOP Cambium (Powered ON) [POE port] >>>> LAPTOP [LAN port] Step 1: Open Cambium controller in the browser. Step 2: After entering in to the site click on the Onboard Device option from Home Tab of Left Panel. Step 3: In the Onboard Option, we will get Claim Device option to adopt a Cambium AP. Step 4: Now we will move to the Cambium AP configuration Part. Below are credentials of default login access of cnpilot E400/E410/E500/E410/E500. IP:192.168.0.1 Command Line Access: Username: admin Telnet: Disabled by default Password: admin SSH: Enabled by default (on standard port: 22) ***We can also use dhcp IP to login to the cnpilot E400/E410/E500. We will get login page. Step 5: We can see several TAB on left panel. On the DashBoard Tab, we will get some overall information. Some are useful for the configuration; some are useful for troubleshoo...
Read more

Disabling Zimbra's AntiSpam, Amavis and AntiVirus filtering

-
 Check whether antispam and antivirus service is enabled currently on server using the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  The above command will list all the services which are currently installed and enabled on the server. Disable the antivirus and antispam services using the given commands zmprov -l ms <mail.example.com> -zimbraServiceEnabled antispam  zmprov -l ms <mail.example.com> -zimbraServiceEnabled amavis zmprov -l ms <mail.example.com> -zimbraServiceEnabled antivirus  Comment the following line in the file /opt/zimbra/postfix/conf/main.cf content_filter = smtp-amavis:[127.0.0.1]:10024  Restart services on server zmcontrol restart  Confirm that the antispam and antivirus services are disabled with the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  zmcontrol status 
Read more

Error "Unable to retrive Zimbra GPG key for package validation"

-
From the installation log we see: Executing: /tmp/tmp.mSlzRMclVa/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79 gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com gpg: keyserver timed out gpg: keyserver receive failed: keyserver error 1. Open port 11371 11371 tcp,udp hkp OpenPGP HTTP Keyserver 2. Force it to use port 80: gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9BE6ED79 Ref: https://wiki.zimbra.com/wiki/Error_%22Unable_to_retrive_Zimbra_GPG_key_for_package_validation%22
Read more