postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: anvil stats/restictions based on SASL usernam

Re: anvil stats/restictions based on SASL username?

From: Wietse Venema <wietse_at_nospam>
Date: Wed Oct 27 2010 - 14:21:06 GMT
To: Postfix users <postfix-users@postfix.org>

Wietse Venema:
> > This got me wondering if there's any easy way to have anvil report
> > stats based on the authenticated SASL username, in addition to the
> > remote IP address?
>
> Not at the moment, but a policy daemon could notice that (too) many
> connections use the same sasl_username attribute value.

Unfortunately, this would require a non-trivial change, because
it requires a new type of counter that does not yet exist.

Currently, the anvil daemon maintains one counter for each (service
name, client IP address, event type) tuple within the anvil_rate_time_unit
time interval, for some subset of all possible event types.

    For example the tuple (smtp, 192.168.1.2, connect) counts the
    number of connections from address 192.168.1.2 to the default
    SMTP port. The counters for STARTTLS, MAIL or RCPT commands
    work in the same way. If a counter exceeds a limit, then then
    Postfix SMTP server rejects the corresponding client command.

What you want requires that anvil maintains one counter for each
(service name, command type, command argument value) tuple within
the anvil_rate_time_unit time interval, for some subset of all
possible command types.

    For example, the tuple (submission, AUTH, user@example.com)
    would count the number of SASL logins under the name user@example.com
    within the anvil_rate_time_unit time interval. The counters
    for HELO command arguments, MAIL FROM addresses or RCPT TO
    addresses would work in the same way. If a counter exceeds a
    limit, then then Postfix SMTP server would reject the corresponding
    client command (in the case of AUTH, this would cause the
    authentication as user@example.com to fail).

So it is not just adding another counter like the existing ones
for connect, STARTTLS, MAIL or RCPT commands, but a whole new family
of counters.

        Wietse