The value 20 messages in 60sec is the normal value. For testing I decreased the value to 2.
Yes, I had sent mails from internal domain to an external domain. the same testmail matched the per-domain rule, so that should be fine.
Here is the log output (I just masked the real mail/domains):
[2014/01/31-17:36:40 - 14101] [CORE] INFO: Starting "1" children
[2014/01/31-17:36:40 - 14115] [CORE] INFO: 2014/01/31-17:36:40 CONNECT TCP Peer: "[127.0.0.1]:46801" Local: "[127.0.0.1]:10031"
[2014/01/31-17:36:40 - 14459] [CORE] DEBUG: Child Preforked (14459)
[2014/01/31-17:36:40 - 14459] [CBPOLICYD] DEBUG: Starting up caching engine
[2014/01/31-17:36:40 - 14115] [TRACKING] DEBUG: No session tracking data exists for request: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => 'PLAIN',
'sasl_sender' => '',
'size' => '428',
'_timestamp' => 1391186200,
'helo_name' => '[192.168.1.34]',
'reverse_client_name' => 'unknown',
'queue_id' => '',
'encryption_cipher' => 'ECDHE-RSA-AES256-SHA',
'encryption_protocol' => 'TLSv1',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'RCPT',
'stress' => '',
'sasl_username' => 'frank@xxx.net',
'recipient' => 'xxx@gmx.de',
'ccert_pubkey_fingerprint' => '',
'instance' => '3874.52ebd118.56f33.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '256',
'recipient_count' => '0',
'ccert_issuer' => '',
'sender' => 'frank@xxx.net',
'client_name' => 'unknown',
'client_address' => '217.7.160.170',
'_protocol_transport' => 'Postfix'
};
[2014/01/31-17:36:40 - 14115] [TRACKING] DEBUG: Added session tracking information for: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => 'PLAIN',
'sasl_sender' => '',
'size' => '428',
'_timestamp' => 1391186200,
'helo_name' => '[192.168.1.34]',
'reverse_client_name' => 'unknown',
'queue_id' => '',
'encryption_cipher' => 'ECDHE-RSA-AES256-SHA',
'encryption_protocol' => 'TLSv1',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'RCPT',
'stress' => '',
'sasl_username' => 'frank@xxx.net',
'recipient' => xxx@gmx.de',
'ccert_pubkey_fingerprint' => '',
'instance' => '3874.52ebd118.56f33.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '256',
'recipient_count' => '0',
'ccert_issuer' => '',
'sender' => 'frank@xxx.net',
'client_name' => 'unknown',
'client_address' => '217.7.160.170',
'_protocol_transport' => 'Postfix'
};
[2014/01/31-17:36:40 - 14115] [TRACKING] DEBUG: Protocol state is 'RCPT', resolving policy...
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: Going to resolve session data into policy: $VAR1 = {
'Recipient' => xxx@gmx.de',
'SASLUsername' => 'frank@xxx.net',
'QueueID' => '',
'RecipientData' => '',
'Instance' => '3874.52ebd118.56f33.0',
'EncryptionCipher' => 'ECDHE-RSA-AES256-SHA',
'Size' => '428',
'EncryptionKeySize' => '256',
'EncryptionProtocol' => 'TLSv1',
'Helo' => '[192.168.1.34]',
'ClientAddress' => '217.7.160.170',
'ClientName' => 'unknown',
'Sender' => 'frank@xxx.net',
'SASLSender' => '',
'Protocol' => 'ESMTP',
'ClientReverseName' => 'unknown',
'SASLMethod' => 'PLAIN'
};
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: Found policy member with ID '1' in policy 'Default'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: Found policy member with ID '2' in policy 'Default Outbound'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: Found policy member with ID '3' in policy 'Default Inbound'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: Found policy member with ID '4' in policy 'Default Internal'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: Found policy member with ID '5' in policy 'Test'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: Found policy member with ID '6' in policy 'whitelists'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: Found policy member with ID '7' in policy 'blacklists'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: Found policy member with ID '10' in policy 'no_greylisting'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: Found policy member with ID '11' in policy 'no_greylisting'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:1/Name:Default]: Source not defined or 'any', explicit match: matched=1
[2014/01/31-17:36:40 - 14115] [POLICIES] INFO: [ID:1/Name:Default]: Source matching result: matched=1
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:1/Name:Default]: Destination not defined or 'any', explicit match: matched=1
[2014/01/31-17:36:40 - 14115] [POLICIES] INFO: [ID:1/Name:Default]: Destination matching result: matched=1
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:2/Name:Default Outbound]: Main policy sources '%internal_ips,%internal_domains'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:2/Name:Default Outbound]: Group 'internal_ips' has 1 source(s) => 10.0.0.0/8
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:2/Name:Default Outbound]=>(group:internal_ips): - Resolved source '10.0.0.0/8' to a IP/CIDR specification, match = 0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:2/Name:Default Outbound]=>(group:internal_ips): Source group result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] INFO: [ID:2/Name:Default Outbound]: Source matching result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]: Main policy sources '!%internal_ips,!%internal_domains'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]: Group 'internal_ips' has 1 source(s) => 10.0.0.0/8
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]=>(group:internal_ips): - Resolved source '10.0.0.0/8' to a IP/CIDR specification, match = 0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]=>(group:internal_ips): Source group result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]: Group 'internal_domains' has 9 source(s) => @xxx.net,...
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]=>(group:internal_domains): - Resolved source '@xxx.biz' to a email address specification, match = 0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]=>(group:internal_domains): - Resolved source '@xxx.net' to a email address specification, match = 1
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:3/Name:Default Inbound]=>(group:internal_domains): Source group result: matched=1
[2014/01/31-17:36:40 - 14115] [POLICIES] INFO: [ID:3/Name:Default Inbound]: Source matching result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:4/Name:Default Internal]: Main policy sources '%internal_ips,%internal_domains'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:4/Name:Default Internal]: Group 'internal_ips' has 1 source(s) => 10.0.0.0/8
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:4/Name:Default Internal]=>(group:internal_ips): - Resolved source '10.0.0.0/8' to a IP/CIDR specification, match = 0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:4/Name:Default Internal]=>(group:internal_ips): Source group result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] INFO: [ID:4/Name:Default Internal]: Source matching result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:5/Name:Test]: Main policy sources '@example.net'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:5/Name:Test]: - Resolved source '@example.net' to a email address specification, match = 0
[2014/01/31-17:36:40 - 14115] [POLICIES] INFO: [ID:5/Name:Test]: Source matching result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:6/Name:whitelists]: Main policy sources '%whitelists'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:6/Name:whitelists]: Group 'whitelists' has 0 source(s) =>
[2014/01/31-17:36:40 - 14115] [POLICIES] WARNING: [ID:6/Name:whitelists]: No group members for source group 'whitelists'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:6/Name:whitelists]=>(group:whitelists): Source group result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] INFO: [ID:6/Name:whitelists]: Source matching result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:7/Name:blacklists]: Main policy sources '%blacklists'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:7/Name:blacklists]: Group 'blacklists' has 0 source(s) =>
[2014/01/31-17:36:40 - 14115] [POLICIES] WARNING: [ID:7/Name:blacklists]: No group members for source group 'blacklists'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:7/Name:blacklists]=>(group:blacklists): Source group result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] INFO: [ID:7/Name:blacklists]: Source matching result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:10/Name:no_greylisting]: Main policy sources '!%internal_ips,!%internal_domains'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:10/Name:no_greylisting]: Group 'internal_ips' has 1 source(s) => 10.0.0.0/8
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:10/Name:no_greylisting]=>(group:internal_ips): - Resolved source '10.0.0.0/8' to a IP/CIDR specification, match = 0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:10/Name:no_greylisting]=>(group:internal_ips): Source group result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:10/Name:no_greylisting]: Group 'internal_domains' has 9 source(s) => @xxx.net,...
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:10/Name:no_greylisting]=>(group:internal_domains): - Resolved source '@xxx.biz' to a email address specification, match = 0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:10/Name:no_greylisting]=>(group:internal_domains): - Resolved source '@xxx.net' to a email address specification, match = 1
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:10/Name:no_greylisting]=>(group:internal_domains): Source group result: matched=1
[2014/01/31-17:36:40 - 14115] [POLICIES] INFO: [ID:10/Name:no_greylisting]: Source matching result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:11/Name:no_greylisting]: Main policy sources '%no_greylisting_for_external'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:11/Name:no_greylisting]: Group 'no_greylisting_for_external' has 0 source(s) =>
[2014/01/31-17:36:40 - 14115] [POLICIES] WARNING: [ID:11/Name:no_greylisting]: No group members for source group 'no_greylisting_for_external'
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: [ID:11/Name:no_greylisting]=>(group:no_greylisting_for_external): Source group result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] INFO: [ID:11/Name:no_greylisting]: Source matching result: matched=0
[2014/01/31-17:36:40 - 14115] [POLICIES] DEBUG: END RESULT: prio=0 => policy ids: 1
[2014/01/31-17:36:40 - 14115] [TRACKING] DEBUG: Policy resolved into: $VAR1 = {
'0' => [
'1'
]
};
[2014/01/31-17:36:40 - 14115] [TRACKING] DEBUG: Request translated into session data: $VAR1 = {
'Recipient' => 'xxx@gmx.de',
'SASLUsername' => 'frank@xxx.net',
'QueueID' => '',
'RecipientData' => '',
'Instance' => '3874.52ebd118.56f33.0',
'EncryptionCipher' => 'ECDHE-RSA-AES256-SHA',
'Size' => '428',
'EncryptionKeySize' => '256',
'ParsedClientAddress' => {
'Broadcast_Long' => 3641155754,
'Network' => '217.7.160.170',
'IP_Long' => 3641155754,
'Broadcast' => '217.7.160.170',
'IP' => '217.7.160.170',
'Mask_Long' => 4294967295,
'Network_Long' => 3641155754
},
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => 'TLSv1',
'Helo' => '[192.168.1.34]',
'ClientAddress' => '217.7.160.170',
'ClientName' => 'unknown',
'Sender' => 'frank@xxx.net',
'SASLSender' => '',
'Timestamp' => 1391186200,
'ProtocolState' => 'RCPT',
'Policy' => {
'0' => [
'1'
]
},
'Protocol' => 'ESMTP',
'ClientReverseName' => 'unknown',
'SASLMethod' => 'PLAIN'
};
[2014/01/31-17:36:40 - 14115] [CBPOLICYD] DEBUG: Got request, running modules...
[2014/01/31-17:36:40 - 14115] [CBPOLICYD] DEBUG: Running module: Access Control Plugin
[2014/01/31-17:36:40 - 14115] [CBPOLICYD] DEBUG: Running module: HELO/EHLO Check Plugin
[2014/01/31-17:36:40 - 14115] [CBPOLICYD] DEBUG: Running module: SPF Check Plugin
[2014/01/31-17:36:40 - 14115] [CBPOLICYD] DEBUG: Running module: Greylisting Plugin
[2014/01/31-17:36:40 - 14115] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
[2014/01/31-17:36:40 - 14115] [CBPOLICYD] DEBUG: Done with modules
[2014/01/31-17:36:41 - 14420] [CORE] INFO: 2014/01/31-17:36:41 CONNECT TCP Peer: "[127.0.0.1]:46807" Local: "[127.0.0.1]:10031"
[2014/01/31-17:36:41 - 14420] [TRACKING] DEBUG: Protocol state is 'END-OF-MESSAGE', decoding policy...
[2014/01/31-17:36:41 - 14420] [TRACKING] DEBUG: Decoded into: $VAR1 = {
'xxx@gmx.de' => {
'0' => [
'1'
]
}
};
[2014/01/31-17:36:41 - 14420] [TRACKING] DEBUG: Request translated into session data: $VAR1 = {
'SASLUsername' => 'frank@xxx.net',
'QueueID' => '854286007D8',
'RecipientData' => '/<xxx@gmx.de>#0=1;',
'EncryptionCipher' => 'ECDHE-RSA-AES256-SHA',
'Instance' => '3874.52ebd118.56f33.0',
'Size' => '428',
'EncryptionKeySize' => '256',
'ParsedClientAddress' => {
'Broadcast_Long' => 3641155754,
'Network' => '217.7.160.170',
'IP_Long' => 3641155754,
'Broadcast' => '217.7.160.170',
'IP' => '217.7.160.170',
'Mask_Long' => 4294967295,
'Network_Long' => 3641155754
},
'ProtocolTransport' => 'Postfix',
'EncryptionProtocol' => 'TLSv1',
'Helo' => '[192.168.1.34]',
'ClientAddress' => '217.7.160.170',
'ClientName' => 'unknown',
'Sender' => 'frank@xxx.net',
'SASLSender' => '',
'Timestamp' => 1391186201,
'ProtocolState' => 'END-OF-MESSAGE',
'_Recipient_To_Policy' => {
'xxx@gmx.de' => {
'0' => [
'1'
]
}
},
'Protocol' => 'ESMTP',
'ClientReverseName' => 'unknown',
'SASLMethod' => 'PLAIN'
};
[2014/01/31-17:36:41 - 14420] [CBPOLICYD] DEBUG: Got request, running modules...
[2014/01/31-17:36:41 - 14420] [CBPOLICYD] DEBUG: Running module: Access Control Plugin
[2014/01/31-17:36:41 - 14420] [CBPOLICYD] DEBUG: Running module: HELO/EHLO Check Plugin
[2014/01/31-17:36:41 - 14420] [CBPOLICYD] DEBUG: Running module: SPF Check Plugin
[2014/01/31-17:36:41 - 14420] [CBPOLICYD] DEBUG: Running module: Greylisting Plugin
[2014/01/31-17:36:41 - 14420] [CBPOLICYD] DEBUG: Running module: Quotas Plugin
[2014/01/31-17:36:41 - 14420] [CBPOLICYD] DEBUG: Done with modules
[2014/01/31-17:37:11 - 14101] [CORE] INFO: Killing "1" children
[2014/01/31-17:37:11 - 14114] [CBPOLICYD] DEBUG: Shutting down caching engine (14114)
