Postfix mailbox (13): Throttling policy

1. Set the page timeout time

[[email protected] ~]# Vi/var/www/extsuite/extmail/webmail.cfsys_sess_timeout = 30msys_sess_cookie_only = 1

30 minutes no operation will disconnect the page, and the multi-domain environment can be set separately for each domain.

can also be set to timeout when the user closes the browser:

Sys_sess_timeout = 0sys_sess_cookie_only = 1

2. Limit message size

[[email protected] ~]# Vi/var/www/extsuite/extmail/webmail.cfsys_message_size_limit = 20971520

Mail 20M, including attachments, messages sent for the web;

Multi-domain environments can be set individually for each domain.

3. Limit attachments and Mailbox sizes

[[email protected] ~]# Vi/etc/postfix/main.cfmessage_size_limit = 10485760mailbox_size_limit = 2097152000

Attachment 10M, Mailbox 2G.

4. Limit the maximum number of recipients

[[email protected] ~]# Vi/etc/postfix/main.cfsmtpd_recipient_limit = 100[[email protected] ~]# service Postfix Reload

5. Limit the maximum number of connections

Maillog log error when exceeding the limit of connections:

Mail Imapd:maximum connection limit reached for <IPADDRESS> disconnected

[Email protected] ~]# vi/usr/lib/courier-imap/etc/pop3d# Maximum number of POP3 servers started maxdaemons=100 # Maximu M number of connections to accept from the same IP address Maxperip=10[[email protected] ~]#/usr/lib/courier-imap/libexec /pop3d.rc Stop[[email protected] ~]#/usr/lib/courier-imap/libexec/pop3d.rc start

[[email protected] ~]# vi/usr/lib/courier-imap/etc/imapd# The maximum number of IMAP service processes started maxdaemons=100 # accept the maximum number of connections from the same IP address maxperip= 10[[email protected] ~]#/usr/lib/courier-imap/libexec/imapd.rc stop[[email protected] ~]#/usr/lib/courier-imap/ Libexec/imapd.rc start

6. Set the mailbox Capacity 90% reminders (maildrop)

(1) Prerequisites:

--enable-maildirquota was added when compiling the installation Maildrop

(2) configuration postfix:(added when configuring Maildrop,-W 90 indicates a warning when capacity reaches 90%)

[[email protected] ~]# vi/etc/postfix/master.cfmaildrop unix-n N--pipe F Lags=drhu user=vmail argv=/usr/local/bin/maildrop-w 90-d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop }

(3) To view the warning message template path:

[Email protected] ~]# cat/usr/local/src/maildrop-2.7.2/libs/maildir/quotawarnmsg.h#define quotawarnmsg "/usr/local /etc/quotawarnmsg "

(4) Copy the warning message template (copied to the path above):

[Email protected] ~]# Cp/usr/local/src/maildrop-2.7.2/libs/maildir/quotawarnmsg/usr/local/etc/[[email protected] ~ ]# chmod 755/usr/local/etc/quotawarnmsg

(5) Set the warning message template :

[Email protected] ~]# vi/usr/local/etc/quotawarnmsgx-comment:rename/copy This file to Quotawarnmsg, and make Appropriat e changesx-comment:see Deliverquota Mans page for more informationfrom:mail Delivery System <[email protected]>repl y-to: [Email protected]to:valued Customer:; Subject:mail quota Warningmime-version:1.0content-type:text/plain; Charset=iso-8859-1content-transfer-encoding:7bit Your mailbox on the server are now more than 90% full. So, you can continueto receive mail, need to remove some messages from your mailbox.

(5) If you want to use the Chinese sender name and the Chinese theme, you can do the following:

[Email protected] ~]# perl-e ' use mime::base64; Print encode_base64 ("system administrator") '; 57o757uf566h55cg5zgy[[email protected] ~]# perl-e ' use mime::base64; Print encode_base64 ("Mailbox Quota warning") '; 6yku566x6ywn6akd6k2m5zgk[[email protected] ~]# vi/usr/local/etc/quotawarnmsgfrom: "= ? UTF-8? b?57o757uf566h55cg5zgy?= "<[email protected]> Subject: =? UTF-8? B?6yku566x6ywn6akd6k2m5zgk?=content-type:text/plain; Charset=unicode (UTF-8) Content-transfer-encoding:8bit Your mailbox space has been used 90%, if you want to use it properly, clear some messages from your mailbox, or contact your administrator. Your mailbox on the server are now more than 90% full. So, you can continueto receive mail, need to remove some messages from your mailbox.

Test:

[email protected] The default space size of the email account is 5 m:

using [email protected] to send a 4M attachment to test, test will receive a warning message:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/84/wKioL1SczIOAAnzwAAHHbPDtBYM163.jpg "style=" float: none; "title=" Qq20141226104046.png "alt=" Wkiol1sczioaanzwaahhbpdtbym163.jpg "/>

Note: The content of the message displayed on the Web side is normal, and the Foxmail client receives the message content is garbled, the conversion encoding format is UTF-8 after the display is normal, so it is best to write the English content in the template.

7. Postfix Black and white list

MAIN.CF commented out the AMAVISD 10024 filter, so the message does not go through the AMAVISD black and white list

(1) Add Access table restrictions:

Smtpd_client_restrictions =

Check_client_access hash:/etc/postfix/client_access #限制客户端IP地址

Smtpd_sender_restrictions =

Check_sender_access hash:/etc/postfix/sender_access #限制发件人地址

Smtpd_recipien_restrictions =

Check_recipien_access hash:/etc/postfix/recipien_access #限制收件人地址

(2) Create an Access table

Vi/etc/postfix/client_access

10.188.1.172 REJECT "IP 172 is User Ywzhou"

192.168.1 REJECT

Extmail.org REJECT

Vi/etc/postfix/sender_access

[Email protected] REJECT

[Email protected] REJECT

Abc.example.com REJECT

Vi/etc/postfix/recipien_access

[Email protected] REJECT

(3) Convert to database format

As long as you modify the Access table to do the conversion operation:

Postmap/etc/postfix/client_access

Postmap/etc/postfix/sender_access

Postmap/etc/postfix/recipien_access

The xxx_access.db file will be generated

(4) Load configuration file

Service Postfix Reload

8, restrict users to send mail to group mailbox

Process: Mail comes in via smtpd, sender filters, check that the recipient is the group address in groups [email protected],

The address calls the class GROUP_LIMIT_RSB, the class call accesses the table RSB, checks if the sender is set to OK in the table, and then rejects the

(1) Add Access table restrictions:

Vi/etc/postfix/main.cf

Smtpd_sender_restrictions =

#这里和前面不同, add the To access table in the from limit

Check_recipient_access hash:/etc/postfix/group_limit/groups

#定义 the "Check recipient" class, a group account corresponds to a

Smtpd_restriction_classes =

GROUP_LIMIT_RSB,

GROUP_LIMIT_CWB,

Group_limit_all

#为类添加发件人访问表

GROUP_LIMIT_RSB =

Check_sender_access HASH:/ETC/POSTFIX/GROUP_LIMIT/RSB,

Reject

GROUP_LIMIT_CWB =

Check_sender_access HASH:/ETC/POSTFIX/GROUP_LIMIT/CWB,

Reject

Group_limit_all =

Check_sender_access Hash:/etc/postfix/group_limit/all,

Reject

#给类添加规则, check the sender Access table, other deny

(2) Create an Access table

Mkdir/etc/postfix/group_limit

#群组账号列表, and the class that it calls

Vi/etc/posftix/group_limit/groups

[Email protected] GROUP_LIMIT_RSB

[Email protected] GROUP_LIMIT_CWB

[Email protected] Group_limit_all

#设置类调用的访问表

Vi/etc/postfix/group_limit/rsb

[Email protected] Ok

Vi/etc/postfix/group_limit/cwb

[Email protected] Ok

Vi/etc/postfix/group_limit/all

Yourmail.com OK

(3) Convert to hash database format

Postmap/etc/postfix/group_limit/group_limit

Postmap/etc/postfix/group_limit/rsb

Postmap/etc/postfix/group_limit/cwb

Postmap/etc/postfix/group_limit/all

(4) Load configuration file

Service Postfix Reload

Problem

With Extmail web, any user can be a group of aliases

Because Webmail is sent via a pipe call/usr/sbin/sendmail email is not subject to this limitation

The webmail must be sent using SMTP to implement this restriction

9, restrict the user can only send and receive mail inside

Refer to the previous section group restrictions

Process: Outgoing mail to test01~03, recipient filtering, check its sender call local_senders_in Access table,

01 and 02 are set in the table to call the Local_limit_in class, which calls Local_domains to access the Table sender table,

The table does not have an extranet sender's domain name and therefore rejects 01 and 02, but 03 is normal;

Similarly 01~03 email to the extranet, local_senders_out limit 01 and 03 can only be sent to the domain in Local_domains,

Therefore, 02 is not restricted.

(1) Add Access table restrictions:

Vi/etc/postfix/main.cf

Smtpd_recipient_restrictions =

Check_sender_access hash:/etc/postfix/group_limit/local_senders_in

Check_recipient_access Hash:/etc/postfix/group_limit/local_senders_out

Smtpd_restriction_classes =

Local_limit_in,

Local_limit_out

Local_limit_in =

Check_sender_access Hash:/etc/postfix/group_limit/local_domains,

Reject

Local_limit_out =

Check_recipient_access Hash:/etc/postfix/group_limit/local_domains,

Reject

(2) Create an Access table

Vi/etc/posftix/group_limit/local_senders_in

[Email protected] local_limit_in

[Email protected] local_limit_in

Vi/etc/posftix/group_limit/local_senders_out

[Email protected] Local_limit_out

[Email protected] Local_limit_out

Vi/etc/postfix/group_limit/local_domains

Yourmail.com OK

seconed.cn OK

(3) Convert to hash database format

Postmap/etc/postfix/group_limit/local_domains

Postmap/etc/postfix/group_limit/local_senders_in

Postmap/etc/postfix/group_limit/local_senders_out

(4) Load configuration file

Service Postfix Reload

10. AMAVISD Limit

Vi/etc/amavisd.conf

#对本地发出的邮件不进行内容过滤

$policy _bank{' mynets '} = {# mail originating from @mynetworks

Originating = 1, # is true in Mynets by default, but let's make it explicit

Os_fingerprint_method = undef, # don ' t query p0f for internal clients

Allow_disclaimers = 1, # enables disclaimer insertion if available

#添加以下三行参数, do not check

Bypass_spam_checks_maps = [1],

Bypass_banned_checks_maps = [1],

Bypass_header_checks_maps = [1],

};

# Enable auto-learning white list

$sa _auto_whitelist = 1;

# Configure the Black and white list, can not set, so postfix commented out 10024 filters, will not go through this list

Read_hash (\%whitelist_sender, '/etc/amavisd/whitelist ');

Read_hash (\%blacklist_sender, '/etc/amavisd/blacklist ');

VI Whitelist

[Email protected] #单个邮件地址

test.com #整个域

. test1.com #整个域及其子域

#限制附件格式

$banned _filename_re = New_re (

QR ' _\. (Exe-ms|dll) $ ',

QR ' \. [_./]*[a-za-z][_./*\. ( Exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? $ ' I,

qr '. \. (exe|vbs|pif|scr|cpl) $ ' I,

To release attachments in the specified format, delete the fields, such as bat.

Service AMAVISD Restart

This article is from the "Moon Ching Xing Fei" blog, please be sure to keep this source http://ywzhou.blog.51cto.com/2785388/1596169

Postfix mailbox (13): Throttling policy