Mail package TPmail for Unix systems

Language

[eng] [rus]

Module milter_quota. Description and usage.

Module milter-quota
Features list of milter-quota
Switches of milter-quota
Configuration file for milter-quota
Enable the basic options in configuration file
Connection rate control
Messages control
Quotas for user mailboxes
Regular expressions
Blocking dynamic lists
Configuration file sample
Examples of connection rate control
Examples of messages control
Examples of quotas of user mailboxes
Control and diagnostic program mq_client

Common notes about the milter modules you must see in the section of the module milter-agent.
The module milter-quota is provided the possibilites of the mail traffic control (quotas) by the various parameters: size of each message on sending and receiving, the quotas for the user's mailboxes and so on. Some parameters, for example, a maximum message size can be set in the program sendmail. But they will be have a global meaning, i.e. they will be set for all without the possibility to change in the wanted cases. Therefore milter-quota is provided for the users of the program sendmail additional options to control the mail traffic. Note, some modern mail servers with a tight integration of some system and user services also are provided just the same options. But we see that milter-quota doesn't leave the boundaries of sendmail, and it is containing the integrity of the problem solution inside the sendmail.

The milter-quota has the following possibilities to control of the mail traffic:

Dynamic re-configuration. A module is automatically loaded a new configuration, if last configuration doesn't had a syntax errors.
Loading on demand. The configiration can be loaded by external signal (USR1).
Syntax of configuration file is simple and intuitive.
Support of regular expressions for lists (IEEE Std. 1003.2).
Ouput of current configuration and state for module.
No stop processing if fatal error is encountered - disk is full an so on
Detail level info of events in logs.
Dynamic list of caching (to transfer later into blocking list).
Dynamic list of blocking (items are added by explicit user's command or implicitly through the caching list).
Quotas for user's mailboxes, sizes of incoming and outgoing messages.
Allowing to send of user's messages ony from selected hosts.
Control for connection rate or dynamic protection of sendmail from DoS attacks (Denial of Service attacks).
Experimental support of user's quotas syncronization between two servers.
Control of send/received quotas by users, hosts, messages count, messages volume, time period.
Removing from dynamic lists.

The program milter_quota is supported the following options from the command line
(they are also described in the standard manual man for milter_quota):

Option	Purpose
-h	print short help
-V	print version
-v	more detail info ouput
-c config	use this file as configuration file (default=/etc/mail/milter-quota.conf)
-p pipe	local socket (Unix domain socket) to data exchange with sendmail (default=unix:/var/spool/milter-quota/sock)
-i socket	local socket (Unix domain socket) to data exchange with user (default=unix:/var/spool/milter-quota/cmd)
-t timeout	operations timeout for socket of sendmail (default=0)
-u user	user's name, which rights will be used by milter-quota (default=_milter-quota)
-l vlevel	level of debugging print (default=0)
-d mode	working mode (0=daemon,>0=debug terminal)
-b bs_file	state file of blocking lists (default=empty)
-m ms_file	state file of messages control (default=empty)
-s cs_file	state file of preliminary cache (default=empty)
-x mbox_dir	catalog of user's mailboxes
-y ext_srv_addr	address of external server (quotas syncronization)
-z ext_srv_port	TCP port of external server (quotas syncronization)
-a	use blocking to access the configuration
-E	stop on any error
-C	dynamic control for configuration changing
-X	enable a support of regular expressions (POSIX.2)
-B	enable the dynamic lists (cache and blocking)
-M	enable control for messages volume and so on
-R	enable control for sendmail protection (control of rate connection)
-Q	enable control for user's mailbox quotas and so on
-q	use last in recipients list during message processing (default=first from list)

Common parameters of configuration file formilter-quota are same as the options for the command line. Remember that by default almost all the options of the modules are disabled.
All the configuration files are read and processed sequentially. Processing order in sections is also sequential. It is allowed the administrator to define what and in which order will be processed. All rules in the section are jointed logical AND.

Example 1. Start a module milter-quota.
# /usr/local/libexec/milter_quota -c /etc/mail/milter/milter-quota.conf -u mailnull -avBCXRMQ -l 1

Enable the basic options in the configuration file.
Always use the program mq_client to check the options changing!

[General_Parameters]
### Enable the connections rate control
connects_rate_control = 1

### Enable the blocking of address/envelopes in black list
enable_block_black_lists = 1
### Cache_list state file
cache_state_file = "/var/spool/milter-quota/cache.state"
### Block_list state file
block_state_file = "/var/spool/milter-quota/block.state"

### Enable the message control list
enable_message_control_lists = 1
### Message_control state file
message_ctl_state_file = "/var/spool/milter-quota/msg_ctl.state"

### Enable the quotas for user accounts (mailbox/message size)
enable_user_quota = 1
### User_quota state file
user_quota_state_file = "/var/spool/milter-quota/user_quotas.state"

Connection rate control is not same as sendmail's implementation. The implementation in milter-quota is a more flexible and effective. After the connectin rate control is enabled the module milter-quota will be used the dynamic list of the connections. If the connections number for some host is exceeded the set value by the administrator before the selected timeout expiration (by default - not more than 10 connections per minute) than any following connection from this host will be automatically rejected. When the selected interval is expired (by timeout) then the connections counter is reset to zero and this host can send again his messages to us. The default values can be appropriated not for all situations. In this case the administrator must set the own values. The given parameters are global, i.e. they will be acted for any hosts. But the administrator can set the wanted values (time interval, max.connectins number,host/domain) for the selected hosts. For example, for the reliable business partners or for all who always can send the large mail volume for a short time interval. A such senders can be the news agencies, tourist agencies or reclama agencies. It is recommended also to set for the local host (IP=127.0.0.1) the value is equal 120 messages/min or more to avoid a some problems with a local mail sending.

The messages control is provided the filter and limit of the mail traffic per a time period. The basic (mandatory) parameter is always a selected time interval (from seconds upto weeks). Other parameters can be divide in the following groups: hosts (IP addresses, names of hosts or domains), email envelope addresses (sender,receiver), messages (count,volume,size of one message).
The administrator can be combined all these values. Usually a such limitations are used for the unwanted correspondents (for example, legal spammers) or some own workers, who unexpectly will be send the huge mail volume. A such control can be used as the protection by the mail volume overhead, but this will be required from the administrator the knowledge of real values for limits.

The user's quotas are one of the possibilities of the module milter-quota. By the mail user account the administrator can set the following limits:
- allowed size of mailbox;
- allowed size of sending message;
- allowed size of receiving message;
- hosts or hosts list from which a user of a given account can be send a mail through our mail server;
- IP address or IP addresses list from which a user of a given account can be send a mail through our mail server;
- syncronization of quitas state with another server (experimental feature).
The quotas are checked twice - in the connection begining and after the message receiving end..
The administrator of the sendmail can limit the sending from any workstations. These limitations will be acted only the sender is used our mail server. It can be done by the following:
- set the mail account name - usually this is also the system account name of user;
- set on which workstation or workstations a given user will be worked with the mail;
- set other wanted limits for this account;
When this quota will be set then from a given workstation or workstations group will be send only for a set user or user;s group..
Note also, if you will be used the static white/black from the module milter-connect then it is possible additionally to limit a mail sending only with the names of hosts or domains from these lists (email addresses for envelopes).
By default, it is assumed that all mailboxes are located in catalog /var/mail.

The regular expressins are allowed for the most lists.
For short help of regular expression you can see re_format(7) and regex(3).

The blocking dynamic lists are contained from two lists:
- cache list or list of preliminary blocking;
- list of permament blocking.
Each item in any lists has the defined lifetime. The lifetime is set by default (4 hours) or by adding of new item into list. By lifetime expiration the item is automatically removed from the list. Any item is possible to remove from the list, using the control command mq_client. This command is also used to add the new items. Usually the dynamic lists are used for the temporary blocking of messages receiving from hosts or senders which are sent the viruses or like something.
Let's see the example how it will be done. Assume that the antivirus scanner running with a help of the module milter-agent is successfuly detected the viruses. We will be used "soft policy" in which the host or sender will not be blocked immediately. After a virus detection the antivirus scanner, using the call of the command mq_client, is added the new item into the cache list. Unlike other programs in the milter_quota the administrator can be used the various conditions to block - the regular expressions for the addresses/hosts or the selectin of the different netmasks for the hosts group. But in our case we will be block only this sender and this host. After the adding into the cache list a given host and sender will be present in this list during a defined time interval by the administrator, for example, 4 hours. If during this time interval we don't get the virus again, the this pair (host/sender) will be automatically removed from the cache list. If from this host during a defined time interval we get the virus again then we move this pair from the cache list into the permanent blocking list with a same time interval to check following the well-kwown principle: "from randomess through periodicity up fatal". If the sender is the same in both cases the we block only him allowing other senders from this host to send the mail to us. If the sender's address is changed then we block as softly as possible. But for the third attempt to send the virus to us we block any address (address in message's envelope) for this host. In this case only our administrator can exclude the blocking of messages for this host.
The blocking list (permanent blocking) has also the property "increase time of penalty". This means that the attempts to deliver the viruses from this host will be continued then the lifetime of this item in the blocking list will be automatically increased on value equal the lifetime's item , but not more than one day.

Configuration file sample (it is contained also in the ready package): milter-quota.conf.sample

Examples of connection rate control.

Example 1. Increase the allowed connection rate for local machine.
[RateControl]
connect_address = "127.0.0.1"
max_connects_value = 600

Example 2. Limit the allowed connection rate for hosts of listed domains.
[RateControl]
connect_hostname = "(domain1|domain2)\.ru"
max_connects_value = 5
connects_time_period = 600

Examples of message control.

Example 1. Limit the count and volume of messges for host.
[MessagesControl]
msg_ctl_hostaddr = "192.168.0.35"
msg_ctl_time_period = "1d"
msg_ctl_limit_count = "10"
msg_ctl_limit_volume = "150K"
msg_ctl_reject_message = "Are you tired about your traffic?"

Example 2. Limit the messages count between two users.
[MessagesControl]
msg_ctl_envfrom = "user1@domain1.com"
msg_ctl_envrcpt = "user2@domain2.ru"
msg_ctl_time_period = "4h30m"
msg_ctl_limit_count = "1"

Examples of user's quotas control.

Example 1. Limit for one user.
[UserQuota]
quota_user_name = "test"
quota_user_mbox_size = "1M500K"
quota_user_recv_msg_size = "100K"
quota_user_send_msg_size = "95K"
quota_user_allowed_send_hostname = "(host1|host2)\.domain\.com"

Example 2. Limit of users group.
[UserGroups]
group_name = "@testusers"
group_users = "uname1 uname2 uname3"
group_users = "uname4 uname5"
[UserQuota]
quota_user_name = "@testusers"
quota_user_mbox_size = "5M"

The program mq_client is worked with the loaded module milter_quota through the local socket (Unix domain socket). For a short help it is possible to run mq_client without parameters.

Example of usage 1. Get the current global settings of milter-quota.
# mq_client /var/spool/milter-quota/cmd 7

Example of usage 2. Get the current state for all configurations of message control in milter-quota.
# mq_client /var/spool/milter-quota/cmd 11

Last modified: $Date: 2008-01-02 16:11:59+03 $

Mail package TPmail for Unix systems

Language

Home

Documentation

Support

News

Resources

Contacts

Module milter_quota. Description and usage.

Contents