[Postfixbuch-users] policyd Version2 oder Version1 ?

Christian Felsing hostmaster at taunusstein.net
So Okt 10 10:48:24 CEST 2010


Hallo,

bisher setze ich den Policyd Version 1.80 (debian Paket) ein, der auch
gute Dienste leistet. Im Rahmen eines größeren System Upgrades stellt
sich nun die Frage, ob Policyd Version 2 eingesetzt werden soll.

Ein Studium der Dokumentation auf der Homepage war allerdings nicht sehr
ermutigend, so gibt es nicht einmal einen Hinweis darauf, wie man z.B.
Access Controls konfiguriert. Es wird zwar beschrieben, dass man da
etwas konfigurieren kann, aber nicht wie man das macht.

Hier das Config File, das grundsätzlich auch funktioniert:

#
# Server configuration
#
[server]

# Protocols to load
protocols=<<EOT
Postfix
Bizanga
EOT

# Modules to load
modules=<<EOT
Core
AccessControl
CheckHelo
CheckSPF
Greylisting
Quotas
EOT

# User to run this daemon as
user=policyd
group=policyd

# Filename to store pid of parent process
pid_file=/var/run/policyd/cbpolicyd.extern.pid

# Uncommenting the below option will prevent cbpolicyd going into the
background
#background=no

# Preforking configuration
#
# min_server		- Minimum servers to keep around
# min_spare_servers	- Minimum spare servers to keep around ready to
# 			  handle requests
# max_spare_servers	- Maximum spare servers to have around doing nothing
# max_servers		- Maximum servers alltogether
# max_requests		- Maximum number of requests each child will serve
#
# One may want to use the following as a rough guideline...
# Small mailserver:  2, 2, 4, 10, 1000
# Medium mailserver: 4, 4, 12, 25, 1000
# Large mailserver: 8, 8, 16, 64, 1000
#
#min_servers=4
#min_spare_servers=4
#max_spare_servers=12
#max_servers=25
#max_requests=1000



# Log level:
# 0 - Errors only
# 1 - Warnings and errors
# 2 - Notices, warnings, errors
# 3 - Info, notices, warnings, errors
# 4 - Debugging
#log_level=2

# File to log to instead of stdout
#log_file=/var/log/cbpolicyd.log

# Log destination for mail logs...
# main		- Default. Log to policyd's main log mechanism, accepts NO args
# syslog	- log mail via syslog
#			format: log_mail=facility at method,args
#
# Valid methods for syslog:
# native	- Let Sys::Syslog decide
# unix		- Unix socket
# udp		- UDP socket
# stream	- Stream (for Solaris)
#
# Example: unix native
#log_mail=mail at syslog:native
#
# Example: unix socket
#log_mail=mail at syslog:unix
#
# Example: udp
#log_mail=mail at syslog:udp,127.0.0.1
#
# Example: Solaris
#log_mail=local0 at syslog:stream,/dev/log
log_mail=maillog

# Things to log in extreme detail
# modules 	- Log detailed module running information
# tracking 	- Log detailed tracking information
# policies 	- Log policy resolution
# protocols 	- Log general protocol info, but detailed
# bizanga 	- Log the bizanga protocol
#
# There is no default for this configuration option. Options can be
# separated by commas. ie. protocols,modules
#
#log_detail=

# IP to listen on, * for all
host=127.0.0.1

# Port to run on
port=10032

# Timeout in communication with clients
#timeout=120

# cidr_allow/cidr_deny
# Comma, whitespace or semi-colon separated. Contains a CIDR block to
# compare the clients IP to.  If cidr_allow or cidr_deny options are
# given, the incoming client must match a cidr_allow and not match a
# cidr_deny or the client connection will be closed.
cidr_allow=127.0.0.1/8
#cidr_deny=

[database]
#DSN=DBI:SQLite:dbname=policyd.sqlite
DSN=DBI:mysql:database=postfixpolicyd;host=localhost
Username=postfix-policyd
Password=***
#

# What do we do when we have a database connection problem
# tempfail	- Return temporary failure
# pass		- Return success
bypass_mode=pass

# How many seconds before we retry a DB connection
bypass_timeout=30

# Access Control module
[AccessControl]
enable=1


# Greylisting module
[Greylisting]
enable=1


# CheckHelo module
[CheckHelo]
enable=1

# CheckSPF module
[CheckSPF]
enable=1


# Quotas module
[Quotas]
enable=1

Es ist allerdings nich einmal möglich, irgendwo auch nur das unter
http://www.policyd.org/tiki-index.php?page=AccessControl&structure=Documentation
Beispiel einzutragen:

      Policy: Default Outbound Policy
      Verdict: REJECT
      Data: "No outbound mail allowed"^

führt stets zu einem Syntax Error.

Hat da jemand von Euch schon bessere Erfahrungen gemacht ?

Ansonsten werde ich bei der Version 1 bleiben, zu der es zumindest eine
brauchbare Dokumentation gibt.

Viele Grüße
Christian



Mehr Informationen über die Mailingliste Postfixbuch-users