From oscar.seoane en osux64.com  Wed Feb  6 17:51:46 2019
From: oscar.seoane en osux64.com (Oscar Manuel Seoane Cereijo)
Date: Wed, 06 Feb 2019 11:51:46 -0500
Subject: [Valvula] Valvula does not filter any emails
Message-ID: <fd1f002c-e2a2-43e6-b646-6d6132dabf1e@www.fastmail.com>

Hello

I am testing a solution based on postfix, haproxy and valvula. I have a server with haproxy like a load balancer. Also I have three servers with galera (MariaDB Cluster) and valvula installed. 

The problem is valvula does not filter any mails.

The load balancer (haproxy) runs fine.
Galera runs ok on the three servers.
Valvula does not have any errors.
Postfix have open relay to my network and runs ok.

[root en mfgalera1 ~]# valvulad -b
INFO: Database connection working OK

[root en mfgalera1 ~]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:3080          0.0.0.0:*               LISTEN      5291/valvulad       
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      5127/mysqld         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      4765/sshd           
tcp        0      0 0.0.0.0:4567            0.0.0.0:*               LISTEN      5127/mysqld         
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      4911/master         
tcp6       0      0 :::22                   :::*                    LISTEN      4765/sshd           
tcp6       0      0 :::25                   :::*                    LISTEN      4911/master   

[root en mfgalera1 ~]# systemctl status postfix
postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
   Active: active (running) since mar 2019-02-05 12:29:57 CST; 22h ago
  Process: 4798 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
  Process: 4786 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
  Process: 4763 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
 Main PID: 4911 (master)
   CGroup: /system.slice/postfix.service
           ??3374 pickup -l -t unix -u
           ??4911 /usr/libexec/postfix/master -w
           ??4919 qmgr -l -t unix -u
           ??6193 smtpd -n smtp -t inet -u -o stress= -s 2 -o smtpd_recipient_restrictions=check_policy_service,inet:127.0.0.1:3080,permit_mynetworks,permit_sasl_authenticated,reject
           ??6194 proxymap -t unix -u

And this is my valvula.conf

<?xml version='1.0' ?>
<valvula>
    <!-- -*- nxml -*- -->
    <!-- server configuration -->
    <global-settings>
        <!-- make valvula server to run with a low privileges user -->
        <running user='valvulad' group='valvulad' enabled='no' />
        <!-- uncomment the following instruction to make valvula to log
         all SQL sentences run by the engine. It is not recommended to
         have it enabled by default: it create lots of logs -->
        <!-- <debug-queries debug="yes" /> -->
        <log-reporting enabled='yes' use-syslog='yes' />
        <!-- Default signal action to take when a wrong signal is recevied (SIGSEGV or SIGABRT).
	 reexec : do a fresh server restart
	 hold : holds the process until it is killed for debugging.
	 backtrace : prints a backtrace to the console
	 default : if nothing is configured, kills the process after receiving this signal
    -->
        <signal action='reexec' />
        <!-- request line limit (leave it as is unless you know what you
         are doing). This is the number of lines a request can have
         before closing the connection. A request should be served in
         80 lines as much. -->
        <request-line limit='80' />
    </global-settings>
    <!-- GENERAL: configuration -->
    <general>
        <listen host='127.0.0.1' port='3080'>
            <run module='mod-mquota' />
        </listen>
    </general>
    <database>
        <!-- default mysql configuration -->
        <config driver='mysql' dbname='policyv' user='root' password='' host='localhost' port='' />
    </database>
    <enviroment>
        <!-- the following declaration will make valvula server to detect
         postfix configuration by opening its configuration, and
         taking a look into virtual_mailbox_domains and other postfix
         declarations. If everything works ok, the server will be able
         to know what domains, accounts and aliases are considered
         local so valvula can make better decisions. -->
        <local-domains config='autodetect' />
        <!-- if previous declaration does not work, try one these -->
        <!-- <local-domains config="mysql:user:password:database:hosts:SELECT domain FROM domain_table WHERE domain='%s' AND is_active = 1" /> -->
        <!-- <local-domains config="file:///etc/postfix/local_domains" /> -->
        <!-- mod-slm configuration -->
        <!-- Last paramter (allow-empty-mail-from) will allow sending empty mail from:<> as defined by RFC. This is 
         something that should be left enabled if you want to get DSN and/or mail error notifications. 
         Of course, there are people that do not agree. If any case, if you want a recommendation, leave it on (yes).
         For more information see: https://lists.debian.org/debian-isp/2004/01/msg00259.html

         If nothing is configured, it is assumed allow-empty-mail-from="yes"
    -->
        <sender-login-mismatch mode='same-domain' allow-empty-mail-from='yes' />
        <!-- sending and receiving quotas: used by mod-mquota  -->
        <default-sending-quota status='full' if-no-match='first' debug='yes'>
            <!-- account limit: 150/minute,  250/hour  and  750/global from 09:00 to 21:00 
           domain limit:  300/minute, 500/hour  and 2500/global 

           note: use -1 to disable any of the limits.  
           For example, to disable global limit, use globa-limit="-1" 
      -->
            <limit label='day quota' from='9:00' to='21:00' status='full' minute-limit='15' hour-limit='100' global-limit='300' domain-minute-limit='15' domain-hour-limit='100' domain-global-limit='300' />
            <!-- limit 15/minute, 50/hour  and 150/global from 21:00 to 09:00 -->
            <limit label='night quota' from='21:00' to='9:00' status='full' minute-limit='5' hour-limit='50' global-limit='150' domain-minute-limit='5' domain-hour-limit='50' domain-global-limit='150' />
        </default-sending-quota>
        <!-- <bwl debug="no" /> -->
        <!-- <lmm debug="no" /> -->
        <!-- mod-mw : mysql works -->
        <!-- It allows to run user defined sql queries with the provided
         credentials. Each SQL query is then personalized with support
         substitutions. All substitutions takes the value indicated or
         evals to emtpy string. -->
        <!-- Allowed substitutions are: 

	 - #queue-id# if defined, it is replaced by reported queue id
	 - #size# if defined, it is replaced by reported size (single size, you may have to consider having this value by #rpct-count# to have actual size to handle/send.
	 - #sasl_user# if defined, it is replaced by sasl user account used.
	 - #mail-from# if defined, it is replaced by mail from: reported account used.
	 - #rcpt-count# if defined, it is replaced by reported recipient count (recipient_count reported by postfix).This value is only reliable if valvula is connected to smtpd_data_restrictions.
	 - #rcpt-to# if defined, it is replaced by reported rcpt to: This value isn't reliable if connected to smtpd_data_restrictions (it may be empty for multi recipients operations). Connect valvula to smtpd_sender_restrictions if you want a reliable #rcpt-to# value.
	 - #client-address# if defined, it is replaced by reported connecting ip
    -->
        <!-- configuration example follows: -->
        <!-- 
      <mysql-works>
      <with-db-def use="valvula" port="3579"> 
	<run-on-request sql="INSERT INTO example_table (sasl_user, mail_from, rcpt_count) VALUES ('#sasl_user#', '#mail-from#', '#rcpt-count#')" />
	<run-every-hour sql="DELETE FROM example_table" />
      </with-db-def>
    </mysql-works> -->
    </enviroment>
    <!-- MODULE: configuration -->
    <modules>
        <!-- directory where to find modules to load -->
        <directory src='/etc/valvula/mods-enabled' />
    </modules>
</valvula>

Any idea?

Best regards.

From francis.brosnan en aspl.es  Wed Feb  6 18:00:58 2019
From: francis.brosnan en aspl.es (Francis Brosnan =?ISO-8859-1?Q?Bl=E1zquez?=)
Date: Wed, 06 Feb 2019 18:00:58 +0100
Subject: [Valvula] Valvula does not filter any emails
In-Reply-To: <fd1f002c-e2a2-43e6-b646-6d6132dabf1e@www.fastmail.com>
References: <fd1f002c-e2a2-43e6-b646-6d6132dabf1e@www.fastmail.com>
Message-ID: <1549472458.28729.34.camel@aspl.es>

Hello Oscar,

How are you testing your solution to come to the conclusion valvula is
not filtering?

What about log files at /var/log/{syslog,messages}?

First impression is that your configuration is ok...


El mié, 06-02-2019 a las 11:51 -0500, Oscar Manuel Seoane Cereijo
escribió:

> Hello
> 
> I am testing a solution based on postfix, haproxy and valvula. I have a server with haproxy like a load balancer. Also I have three servers with galera (MariaDB Cluster) and valvula installed. 
> 
> The problem is valvula does not filter any mails.
> 
> The load balancer (haproxy) runs fine.
> Galera runs ok on the three servers.
> Valvula does not have any errors.
> Postfix have open relay to my network and runs ok.
> 
> [root en mfgalera1 ~]# valvulad -b
> INFO: Database connection working OK
> 
> [root en mfgalera1 ~]# netstat -ntpl
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
> tcp        0      0 127.0.0.1:3080          0.0.0.0:*               LISTEN      5291/valvulad       
> tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      5127/mysqld         
> tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      4765/sshd           
> tcp        0      0 0.0.0.0:4567            0.0.0.0:*               LISTEN      5127/mysqld         
> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      4911/master         
> tcp6       0      0 :::22                   :::*                    LISTEN      4765/sshd           
> tcp6       0      0 :::25                   :::*                    LISTEN      4911/master   
> 
> [root en mfgalera1 ~]# systemctl status postfix
> postfix.service - Postfix Mail Transport Agent
>    Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
>    Active: active (running) since mar 2019-02-05 12:29:57 CST; 22h ago
>   Process: 4798 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
>   Process: 4786 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
>   Process: 4763 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
>  Main PID: 4911 (master)
>    CGroup: /system.slice/postfix.service
>            ??3374 pickup -l -t unix -u
>            ??4911 /usr/libexec/postfix/master -w
>            ??4919 qmgr -l -t unix -u
>            ??6193 smtpd -n smtp -t inet -u -o stress= -s 2 -o smtpd_recipient_restrictions=check_policy_service,inet:127.0.0.1:3080,permit_mynetworks,permit_sasl_authenticated,reject
>            ??6194 proxymap -t unix -u
> 
> And this is my valvula.conf
> 
> <?xml version='1.0' ?>
> <valvula>
>     <!-- -*- nxml -*- -->
>     <!-- server configuration -->
>     <global-settings>
>         <!-- make valvula server to run with a low privileges user -->
>         <running user='valvulad' group='valvulad' enabled='no' />
>         <!-- uncomment the following instruction to make valvula to log
>          all SQL sentences run by the engine. It is not recommended to
>          have it enabled by default: it create lots of logs -->
>         <!-- <debug-queries debug="yes" /> -->
>         <log-reporting enabled='yes' use-syslog='yes' />
>         <!-- Default signal action to take when a wrong signal is recevied (SIGSEGV or SIGABRT).
> 	 reexec : do a fresh server restart
> 	 hold : holds the process until it is killed for debugging.
> 	 backtrace : prints a backtrace to the console
> 	 default : if nothing is configured, kills the process after receiving this signal
>     -->
>         <signal action='reexec' />
>         <!-- request line limit (leave it as is unless you know what you
>          are doing). This is the number of lines a request can have
>          before closing the connection. A request should be served in
>          80 lines as much. -->
>         <request-line limit='80' />
>     </global-settings>
>     <!-- GENERAL: configuration -->
>     <general>
>         <listen host='127.0.0.1' port='3080'>
>             <run module='mod-mquota' />
>         </listen>
>     </general>
>     <database>
>         <!-- default mysql configuration -->
>         <config driver='mysql' dbname='policyv' user='root' password='' host='localhost' port='' />
>     </database>
>     <enviroment>
>         <!-- the following declaration will make valvula server to detect
>          postfix configuration by opening its configuration, and
>          taking a look into virtual_mailbox_domains and other postfix
>          declarations. If everything works ok, the server will be able
>          to know what domains, accounts and aliases are considered
>          local so valvula can make better decisions. -->
>         <local-domains config='autodetect' />
>         <!-- if previous declaration does not work, try one these -->
>         <!-- <local-domains config="mysql:user:password:database:hosts:SELECT domain FROM domain_table WHERE domain='%s' AND is_active = 1" /> -->
>         <!-- <local-domains config="file:///etc/postfix/local_domains" /> -->
>         <!-- mod-slm configuration -->
>         <!-- Last paramter (allow-empty-mail-from) will allow sending empty mail from:<> as defined by RFC. This is 
>          something that should be left enabled if you want to get DSN and/or mail error notifications. 
>          Of course, there are people that do not agree. If any case, if you want a recommendation, leave it on (yes).
>          For more information see: https://lists.debian.org/debian-isp/2004/01/msg00259.html
> 
>          If nothing is configured, it is assumed allow-empty-mail-from="yes"
>     -->
>         <sender-login-mismatch mode='same-domain' allow-empty-mail-from='yes' />
>         <!-- sending and receiving quotas: used by mod-mquota  -->
>         <default-sending-quota status='full' if-no-match='first' debug='yes'>
>             <!-- account limit: 150/minute,  250/hour  and  750/global from 09:00 to 21:00 
>            domain limit:  300/minute, 500/hour  and 2500/global 
> 
>            note: use -1 to disable any of the limits.  
>            For example, to disable global limit, use globa-limit="-1" 
>       -->
>             <limit label='day quota' from='9:00' to='21:00' status='full' minute-limit='15' hour-limit='100' global-limit='300' domain-minute-limit='15' domain-hour-limit='100' domain-global-limit='300' />
>             <!-- limit 15/minute, 50/hour  and 150/global from 21:00 to 09:00 -->
>             <limit label='night quota' from='21:00' to='9:00' status='full' minute-limit='5' hour-limit='50' global-limit='150' domain-minute-limit='5' domain-hour-limit='50' domain-global-limit='150' />
>         </default-sending-quota>
>         <!-- <bwl debug="no" /> -->
>         <!-- <lmm debug="no" /> -->
>         <!-- mod-mw : mysql works -->
>         <!-- It allows to run user defined sql queries with the provided
>          credentials. Each SQL query is then personalized with support
>          substitutions. All substitutions takes the value indicated or
>          evals to emtpy string. -->
>         <!-- Allowed substitutions are: 
> 
> 	 - #queue-id# if defined, it is replaced by reported queue id
> 	 - #size# if defined, it is replaced by reported size (single size, you may have to consider having this value by #rpct-count# to have actual size to handle/send.
> 	 - #sasl_user# if defined, it is replaced by sasl user account used.
> 	 - #mail-from# if defined, it is replaced by mail from: reported account used.
> 	 - #rcpt-count# if defined, it is replaced by reported recipient count (recipient_count reported by postfix).This value is only reliable if valvula is connected to smtpd_data_restrictions.
> 	 - #rcpt-to# if defined, it is replaced by reported rcpt to: This value isn't reliable if connected to smtpd_data_restrictions (it may be empty for multi recipients operations). Connect valvula to smtpd_sender_restrictions if you want a reliable #rcpt-to# value.
> 	 - #client-address# if defined, it is replaced by reported connecting ip
>     -->
>         <!-- configuration example follows: -->
>         <!-- 
>       <mysql-works>
>       <with-db-def use="valvula" port="3579"> 
> 	<run-on-request sql="INSERT INTO example_table (sasl_user, mail_from, rcpt_count) VALUES ('#sasl_user#', '#mail-from#', '#rcpt-count#')" />
> 	<run-every-hour sql="DELETE FROM example_table" />
>       </with-db-def>
>     </mysql-works> -->
>     </enviroment>
>     <!-- MODULE: configuration -->
>     <modules>
>         <!-- directory where to find modules to load -->
>         <directory src='/etc/valvula/mods-enabled' />
>     </modules>
> </valvula>
> 
> Any idea?
> 
> Best regards.
> _______________________________________________
> Valvula mailing list
> Valvula en lists.aspl.es
> http://lists.aspl.es/cgi-bin/mailman/listinfo/valvula


------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://lists.aspl.es/pipermail/valvula/attachments/20190206/c9230b6a/attachment-0001.html>

From oscar.seoane en osux64.com  Wed Feb  6 18:55:14 2019
From: oscar.seoane en osux64.com (Oscar Manuel Seoane Cereijo)
Date: Wed, 06 Feb 2019 12:55:14 -0500
Subject: [Valvula] Valvula does not filter any emails
In-Reply-To: <1549472458.28729.34.camel@aspl.es>
References: <fd1f002c-e2a2-43e6-b646-6d6132dabf1e@www.fastmail.com>
	<1549472458.28729.34.camel@aspl.es>
Message-ID: <9bdf12ff-fd2f-435d-90ef-a27321d9d2d7@www.fastmail.com>

Hello Francis.

Thanks for your answer.

If I send a pack of 100 mails, all emails arrives on the destination.
Ten minutes after, If I send another pack of 500 emails, all arrives on the destination.

All emails are sending from the same account using a script.

tail -f /var/log/messages

Feb 6 11:21:01 mfgalera1 check-valvulad.py: check-valvula: info: Valvulad server is working right

Regards


El Mie, 6 de Feb de 19, a las 11:02 AM, Francis Brosnan Blázquez escribió:
> Hello Oscar,
>  
>  How are you testing your solution to come to the conclusion valvula is
>  not filtering?
>  
>  What about log files at /var/log/{syslog,messages}?
>  
>  First impression is that your configuration is ok...
>  
>  
>  El mié, 06-02-2019 a las 11:51 -0500, Oscar Manuel Seoane Cereijo 
> escribió:  Hello
> 
> I am testing a solution based on postfix, haproxy and valvula. I have a 
> server with haproxy like a load balancer. Also I have three servers 
> with galera (MariaDB Cluster) and valvula installed. 
> 
> The problem is valvula does not filter any mails.
> 
> The load balancer (haproxy) runs fine.
> Galera runs ok on the three servers.
> Valvula does not have any errors.
> Postfix have open relay to my network and runs ok.
> 
> [root en mfgalera1 ~]# valvulad -b
> INFO: Database connection working OK
> 
> [root en mfgalera1 ~]# netstat -ntpl
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address         
> State       PID/Program name    
> tcp        0      0 127.0.0.1:3080          0.0.0.0:*               
> LISTEN      5291/valvulad       
> tcp        0      0 0.0.0.0:3306            0.0.0.0:*               
> LISTEN      5127/mysqld         
> tcp        0      0 0.0.0.0:22              0.0.0.0:*               
> LISTEN      4765/sshd           
> tcp        0      0 0.0.0.0:4567            0.0.0.0:*               
> LISTEN      5127/mysqld         
> tcp        0      0 0.0.0.0:25              0.0.0.0:*               
> LISTEN      4911/master         
> tcp6       0      0 :::22                   :::*                    
> LISTEN      4765/sshd           
> tcp6       0      0 :::25                   :::*                    
> LISTEN      4911/master   
> 
> [root en mfgalera1 ~]# systemctl status postfix
> postfix.service - Postfix Mail Transport Agent
>    Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; 
> vendor preset: disabled)
>    Active: active (running) since mar 2019-02-05 12:29:57 CST; 22h ago
>   Process: 4798 ExecStart=/usr/sbin/postfix start (code=exited, 
> status=0/SUCCESS)
>   Process: 4786 ExecStartPre=/usr/libexec/postfix/chroot-update 
> (code=exited, status=0/SUCCESS)
>   Process: 4763 ExecStartPre=/usr/libexec/postfix/aliasesdb 
> (code=exited, status=0/SUCCESS)
>  Main PID: 4911 (master)
>    CGroup: /system.slice/postfix.service
>            ??3374 pickup -l -t unix -u
>            ??4911 /usr/libexec/postfix/master -w
>            ??4919 qmgr -l -t unix -u
>            ??6193 smtpd -n smtp -t inet -u -o stress= -s 2 -o 
> smtpd_recipient_restrictions=check_policy_service,inet:127.0.0.1:3080,permit_mynetworks,permit_sasl_authenticated,reject
>            ??6194 proxymap -t unix -u
> 
> And this is my valvula.conf
> 
> <?xml version='1.0' ?>
> <valvula>
>     <!-- -*- nxml -*- -->
>     <!-- server configuration -->
>     <global-settings>
>         <!-- make valvula server to run with a low privileges user -->
>         <running user='valvulad' group='valvulad' enabled='no' />
>         <!-- uncomment the following instruction to make valvula to log
>          all SQL sentences run by the engine. It is not recommended to
>          have it enabled by default: it create lots of logs -->
>         <!-- <debug-queries debug="yes" /> -->
>         <log-reporting enabled='yes' use-syslog='yes' />
>         <!-- Default signal action to take when a wrong signal is 
> recevied (SIGSEGV or SIGABRT).
> 	 reexec : do a fresh server restart
> 	 hold : holds the process until it is killed for debugging.
> 	 backtrace : prints a backtrace to the console
> 	 default : if nothing is configured, kills the process after receiving 
> this signal
>     -->
>         <signal action='reexec' />
>         <!-- request line limit (leave it as is unless you know what you
>          are doing). This is the number of lines a request can have
>          before closing the connection. A request should be served in
>          80 lines as much. -->
>         <request-line limit='80' />
>     </global-settings>
>     <!-- GENERAL: configuration -->
>     <general>
>         <listen host='127.0.0.1' port='3080'>
>             <run module='mod-mquota' />
>         </listen>
>     </general>
>     <database>
>         <!-- default mysql configuration -->
>         <config driver='mysql' dbname='policyv' user='root' password='' 
> host='localhost' port='' />
>     </database>
>     <enviroment>
>         <!-- the following declaration will make valvula server to 
> detect
>          postfix configuration by opening its configuration, and
>          taking a look into virtual_mailbox_domains and other postfix
>          declarations. If everything works ok, the server will be able
>          to know what domains, accounts and aliases are considered
>          local so valvula can make better decisions. -->
>         <local-domains config='autodetect' />
>         <!-- if previous declaration does not work, try one these -->
>         <!-- <local-domains 
> config="mysql:user:password:database:hosts:SELECT domain FROM 
> domain_table WHERE domain='%s' AND is_active = 1" /> -->
>         <!-- <local-domains config="file:///etc/postfix/local_domains" 
> <file:///etc/postfix/local_domains%3E> /> -->
>         <!-- mod-slm configuration -->
>         <!-- Last paramter (allow-empty-mail-from) will allow sending 
> empty mail from:<> as defined by RFC. This is 
>          something that should be left enabled if you want to get DSN 
> and/or mail error notifications. 
>          Of course, there are people that do not agree. If any case, if 
> you want a recommendation, leave it on (yes).
>          For more information see: 
> https://lists.debian.org/debian-isp/2004/01/msg00259.html
> 
>          If nothing is configured, it is assumed 
> allow-empty-mail-from="yes"
>     -->
>         <sender-login-mismatch mode='same-domain' 
> allow-empty-mail-from='yes' />
>         <!-- sending and receiving quotas: used by mod-mquota  -->
>         <default-sending-quota status='full' if-no-match='first' 
> debug='yes'>
>             <!-- account limit: 150/minute,  250/hour  and  750/global 
> from 09:00 to 21:00 
>            domain limit:  300/minute, 500/hour  and 2500/global 
> 
>            note: use -1 to disable any of the limits.  
>            For example, to disable global limit, use globa-limit="-1" 
>       -->
>             <limit label='day quota' from='9:00' to='21:00' 
> status='full' minute-limit='15' hour-limit='100' global-limit='300' 
> domain-minute-limit='15' domain-hour-limit='100' 
> domain-global-limit='300' />
>             <!-- limit 15/minute, 50/hour  and 150/global from 21:00 to 
> 09:00 -->
>             <limit label='night quota' from='21:00' to='9:00' 
> status='full' minute-limit='5' hour-limit='50' global-limit='150' 
> domain-minute-limit='5' domain-hour-limit='50' 
> domain-global-limit='150' />
>         </default-sending-quota>
>         <!-- <bwl debug="no" /> -->
>         <!-- <lmm debug="no" /> -->
>         <!-- mod-mw : mysql works -->
>         <!-- It allows to run user defined sql queries with the provided
>          credentials. Each SQL query is then personalized with support
>          substitutions. All substitutions takes the value indicated or
>          evals to emtpy string. -->
>         <!-- Allowed substitutions are: 
> 
> 	 - #queue-id# if defined, it is replaced by reported queue id
> 	 - #size# if defined, it is replaced by reported size (single size, 
> you may have to consider having this value by #rpct-count# to have 
> actual size to handle/send.
> 	 - #sasl_user# if defined, it is replaced by sasl user account used.
> 	 - #mail-from# if defined, it is replaced by mail from: reported 
> account used.
> 	 - #rcpt-count# if defined, it is replaced by reported recipient count 
> (recipient_count reported by postfix).This value is only reliable if 
> valvula is connected to smtpd_data_restrictions.
> 	 - #rcpt-to# if defined, it is replaced by reported rcpt to: This 
> value isn't reliable if connected to smtpd_data_restrictions (it may be 
> empty for multi recipients operations). Connect valvula to 
> smtpd_sender_restrictions if you want a reliable #rcpt-to# value.
> 	 - #client-address# if defined, it is replaced by reported connecting 
> ip
>     -->
>         <!-- configuration example follows: -->
>         <!-- 
>       <mysql-works>
>       <with-db-def use="valvula" port="3579"> 
> 	<run-on-request sql="INSERT INTO example_table (sasl_user, mail_from, 
> rcpt_count) VALUES ('#sasl_user#', '#mail-from#', '#rcpt-count#')" />
> 	<run-every-hour sql="DELETE FROM example_table" />
>       </with-db-def>
>     </mysql-works> -->
>     </enviroment>
>     <!-- MODULE: configuration -->
>     <modules>
>         <!-- directory where to find modules to load -->
>         <directory src='/etc/valvula/mods-enabled' />
>     </modules>
> </valvula>
> 
> Any idea?
> 
> Best regards.
> _______________________________________________
> Valvula mailing list
> > Valvula en lists.aspl.es
> > http://lists.aspl.es/cgi-bin/mailman/listinfo/valvula
> >   
>

From francis.brosnan en aspl.es  Wed Feb  6 19:23:33 2019
From: francis.brosnan en aspl.es (Francis Brosnan =?ISO-8859-1?Q?Bl=E1zquez?=)
Date: Wed, 06 Feb 2019 19:23:33 +0100
Subject: [Valvula] Valvula does not filter any emails
In-Reply-To: <9bdf12ff-fd2f-435d-90ef-a27321d9d2d7@www.fastmail.com>
References: <fd1f002c-e2a2-43e6-b646-6d6132dabf1e@www.fastmail.com>
	<1549472458.28729.34.camel@aspl.es>
	<9bdf12ff-fd2f-435d-90ef-a27321d9d2d7@www.fastmail.com>
Message-ID: <1549477413.28729.51.camel@aspl.es>

Hello Oscar,

Given your logs, valvula is not receiving any indication about emails
your are sending...which also means postfix is not receiving those
emails to be filtered or at least the smtpd postfix process connected
to valvula.

The pipeline you are describing (more or less) is:

Your client SMTP software ->
     contacts with your haproxy at some port ->
        Haproxy contacts postfix at 25 ->  
            postfix (due to smtpd_recipient_restrictions=) contacts
valvula at 3080 ->
                valvula generate a DUNNO, OK, REJECT or error log.

Because at some point this pipeline is not connected, valvula is not
receiving any request to reject, accept or whatever...

Once you manage to contact your postfix and have your postfix contact
valvula, you will see it working..

El mié, 06-02-2019 a las 12:55 -0500, Oscar Manuel Seoane Cereijo
escribió:

> Hello Francis.
> 
> Thanks for your answer.
> 
> If I send a pack of 100 mails, all emails arrives on the destination.
> Ten minutes after, If I send another pack of 500 emails, all arrives on the destination.
> 
> All emails are sending from the same account using a script.
> 
> tail -f /var/log/messages
> 
> Feb 6 11:21:01 mfgalera1 check-valvulad.py: check-valvula: info: Valvulad server is working right
> 
> Regards
> 
> 
> El Mie, 6 de Feb de 19, a las 11:02 AM, Francis Brosnan Blázquez escribió:
> > Hello Oscar,
> >  
> >  How are you testing your solution to come to the conclusion valvula is
> >  not filtering?
> >  
> >  What about log files at /var/log/{syslog,messages}?
> >  
> >  First impression is that your configuration is ok...
> >  
> >  
> >  El mié, 06-02-2019 a las 11:51 -0500, Oscar Manuel Seoane Cereijo 
> > escribió:  Hello
> > 
> > I am testing a solution based on postfix, haproxy and valvula. I have a 
> > server with haproxy like a load balancer. Also I have three servers 
> > with galera (MariaDB Cluster) and valvula installed. 
> > 
> > The problem is valvula does not filter any mails.
> > 
> > The load balancer (haproxy) runs fine.
> > Galera runs ok on the three servers.
> > Valvula does not have any errors.
> > Postfix have open relay to my network and runs ok.
> > 
> > [root en mfgalera1 ~]# valvulad -b
> > INFO: Database connection working OK
> > 
> > [root en mfgalera1 ~]# netstat -ntpl
> > Active Internet connections (only servers)
> > Proto Recv-Q Send-Q Local Address           Foreign Address         
> > State       PID/Program name    
> > tcp        0      0 127.0.0.1:3080          0.0.0.0:*               
> > LISTEN      5291/valvulad       
> > tcp        0      0 0.0.0.0:3306            0.0.0.0:*               
> > LISTEN      5127/mysqld         
> > tcp        0      0 0.0.0.0:22              0.0.0.0:*               
> > LISTEN      4765/sshd           
> > tcp        0      0 0.0.0.0:4567            0.0.0.0:*               
> > LISTEN      5127/mysqld         
> > tcp        0      0 0.0.0.0:25              0.0.0.0:*               
> > LISTEN      4911/master         
> > tcp6       0      0 :::22                   :::*                    
> > LISTEN      4765/sshd           
> > tcp6       0      0 :::25                   :::*                    
> > LISTEN      4911/master   
> > 
> > [root en mfgalera1 ~]# systemctl status postfix
> > postfix.service - Postfix Mail Transport Agent
> >    Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; 
> > vendor preset: disabled)
> >    Active: active (running) since mar 2019-02-05 12:29:57 CST; 22h ago
> >   Process: 4798 ExecStart=/usr/sbin/postfix start (code=exited, 
> > status=0/SUCCESS)
> >   Process: 4786 ExecStartPre=/usr/libexec/postfix/chroot-update 
> > (code=exited, status=0/SUCCESS)
> >   Process: 4763 ExecStartPre=/usr/libexec/postfix/aliasesdb 
> > (code=exited, status=0/SUCCESS)
> >  Main PID: 4911 (master)
> >    CGroup: /system.slice/postfix.service
> >            ??3374 pickup -l -t unix -u
> >            ??4911 /usr/libexec/postfix/master -w
> >            ??4919 qmgr -l -t unix -u
> >            ??6193 smtpd -n smtp -t inet -u -o stress= -s 2 -o 
> > smtpd_recipient_restrictions=check_policy_service,inet:127.0.0.1:3080,permit_mynetworks,permit_sasl_authenticated,reject
> >            ??6194 proxymap -t unix -u
> > 
> > And this is my valvula.conf
> > 
> > <?xml version='1.0' ?>
> > <valvula>
> >     <!-- -*- nxml -*- -->
> >     <!-- server configuration -->
> >     <global-settings>
> >         <!-- make valvula server to run with a low privileges user -->
> >         <running user='valvulad' group='valvulad' enabled='no' />
> >         <!-- uncomment the following instruction to make valvula to log
> >          all SQL sentences run by the engine. It is not recommended to
> >          have it enabled by default: it create lots of logs -->
> >         <!-- <debug-queries debug="yes" /> -->
> >         <log-reporting enabled='yes' use-syslog='yes' />
> >         <!-- Default signal action to take when a wrong signal is 
> > recevied (SIGSEGV or SIGABRT).
> > 	 reexec : do a fresh server restart
> > 	 hold : holds the process until it is killed for debugging.
> > 	 backtrace : prints a backtrace to the console
> > 	 default : if nothing is configured, kills the process after receiving 
> > this signal
> >     -->
> >         <signal action='reexec' />
> >         <!-- request line limit (leave it as is unless you know what you
> >          are doing). This is the number of lines a request can have
> >          before closing the connection. A request should be served in
> >          80 lines as much. -->
> >         <request-line limit='80' />
> >     </global-settings>
> >     <!-- GENERAL: configuration -->
> >     <general>
> >         <listen host='127.0.0.1' port='3080'>
> >             <run module='mod-mquota' />
> >         </listen>
> >     </general>
> >     <database>
> >         <!-- default mysql configuration -->
> >         <config driver='mysql' dbname='policyv' user='root' password='' 
> > host='localhost' port='' />
> >     </database>
> >     <enviroment>
> >         <!-- the following declaration will make valvula server to 
> > detect
> >          postfix configuration by opening its configuration, and
> >          taking a look into virtual_mailbox_domains and other postfix
> >          declarations. If everything works ok, the server will be able
> >          to know what domains, accounts and aliases are considered
> >          local so valvula can make better decisions. -->
> >         <local-domains config='autodetect' />
> >         <!-- if previous declaration does not work, try one these -->
> >         <!-- <local-domains 
> > config="mysql:user:password:database:hosts:SELECT domain FROM 
> > domain_table WHERE domain='%s' AND is_active = 1" /> -->
> >         <!-- <local-domains config="file:///etc/postfix/local_domains" 
> > <file:///etc/postfix/local_domains%3E> /> -->
> >         <!-- mod-slm configuration -->
> >         <!-- Last paramter (allow-empty-mail-from) will allow sending 
> > empty mail from:<> as defined by RFC. This is 
> >          something that should be left enabled if you want to get DSN 
> > and/or mail error notifications. 
> >          Of course, there are people that do not agree. If any case, if 
> > you want a recommendation, leave it on (yes).
> >          For more information see: 
> > https://lists.debian.org/debian-isp/2004/01/msg00259.html
> > 
> >          If nothing is configured, it is assumed 
> > allow-empty-mail-from="yes"
> >     -->
> >         <sender-login-mismatch mode='same-domain' 
> > allow-empty-mail-from='yes' />
> >         <!-- sending and receiving quotas: used by mod-mquota  -->
> >         <default-sending-quota status='full' if-no-match='first' 
> > debug='yes'>
> >             <!-- account limit: 150/minute,  250/hour  and  750/global 
> > from 09:00 to 21:00 
> >            domain limit:  300/minute, 500/hour  and 2500/global 
> > 
> >            note: use -1 to disable any of the limits.  
> >            For example, to disable global limit, use globa-limit="-1" 
> >       -->
> >             <limit label='day quota' from='9:00' to='21:00' 
> > status='full' minute-limit='15' hour-limit='100' global-limit='300' 
> > domain-minute-limit='15' domain-hour-limit='100' 
> > domain-global-limit='300' />
> >             <!-- limit 15/minute, 50/hour  and 150/global from 21:00 to 
> > 09:00 -->
> >             <limit label='night quota' from='21:00' to='9:00' 
> > status='full' minute-limit='5' hour-limit='50' global-limit='150' 
> > domain-minute-limit='5' domain-hour-limit='50' 
> > domain-global-limit='150' />
> >         </default-sending-quota>
> >         <!-- <bwl debug="no" /> -->
> >         <!-- <lmm debug="no" /> -->
> >         <!-- mod-mw : mysql works -->
> >         <!-- It allows to run user defined sql queries with the provided
> >          credentials. Each SQL query is then personalized with support
> >          substitutions. All substitutions takes the value indicated or
> >          evals to emtpy string. -->
> >         <!-- Allowed substitutions are: 
> > 
> > 	 - #queue-id# if defined, it is replaced by reported queue id
> > 	 - #size# if defined, it is replaced by reported size (single size, 
> > you may have to consider having this value by #rpct-count# to have 
> > actual size to handle/send.
> > 	 - #sasl_user# if defined, it is replaced by sasl user account used.
> > 	 - #mail-from# if defined, it is replaced by mail from: reported 
> > account used.
> > 	 - #rcpt-count# if defined, it is replaced by reported recipient count 
> > (recipient_count reported by postfix).This value is only reliable if 
> > valvula is connected to smtpd_data_restrictions.
> > 	 - #rcpt-to# if defined, it is replaced by reported rcpt to: This 
> > value isn't reliable if connected to smtpd_data_restrictions (it may be 
> > empty for multi recipients operations). Connect valvula to 
> > smtpd_sender_restrictions if you want a reliable #rcpt-to# value.
> > 	 - #client-address# if defined, it is replaced by reported connecting 
> > ip
> >     -->
> >         <!-- configuration example follows: -->
> >         <!-- 
> >       <mysql-works>
> >       <with-db-def use="valvula" port="3579"> 
> > 	<run-on-request sql="INSERT INTO example_table (sasl_user, mail_from, 
> > rcpt_count) VALUES ('#sasl_user#', '#mail-from#', '#rcpt-count#')" />
> > 	<run-every-hour sql="DELETE FROM example_table" />
> >       </with-db-def>
> >     </mysql-works> -->
> >     </enviroment>
> >     <!-- MODULE: configuration -->
> >     <modules>
> >         <!-- directory where to find modules to load -->
> >         <directory src='/etc/valvula/mods-enabled' />
> >     </modules>
> > </valvula>
> > 
> > Any idea?
> > 
> > Best regards.
> > _______________________________________________
> > Valvula mailing list
> > > Valvula en lists.aspl.es
> > > http://lists.aspl.es/cgi-bin/mailman/listinfo/valvula
> > >   
> >


-- 

Francis Brosnan Blázquez -- ASPL --ASPLhosting
Foro de soporte: https://support.asplhosting.com
Síguenos en Twitter: @aspl_es @asplhosting
91 134 14 22 - 91 134 14 45 

http://asplhosting.com 
http://aspl.es 
https://www.linkedin.com/in/francis-brosnan-bl%C3%A1zquez-1353a218/

AVISO LEGAL 

Este mensaje se dirige exclusivamente a su destinatario. Los datos
incluidos en el presente correo son confidenciales y sometidos a
secreto profesional, se prohíbe divulgarlos, en virtud de las leyes
vigentes. Si usted no lo es y lo ha recibido por error o tiene
conocimiento del mismo por cualquier motivo, le rogamos que nos lo
comunique por este medio y proceda a destruirlo o borrarlo. 

En virtud de lo dispuesto en la Ley Orgánica 15/1999, de 13 de
diciembre, de Protección de Datos de Carácter Personal, le informamos
de que sus datos de carácter personal, recogidos de fuentes accesibles
al público o datos que usted nos ha facilitado previamente, proceden de
bases de datos propiedad de Advanced Software Production Line, S.L.
(ASPL). No obstante, usted puede ejercitar sus derechos de acceso,
rectificación, cancelación y oposición dispuestos en la mencionada Ley
Orgánica, notificándolo por escrito a: ASPL - Protección Datos,
C/Antonio Suárez 10 A-102, 28802, Alcalá de Henares (Madrid).
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://lists.aspl.es/pipermail/valvula/attachments/20190206/448d023f/attachment-0001.html>

From oscar.seoane en osux64.com  Wed Feb  6 20:10:48 2019
From: oscar.seoane en osux64.com (Oscar Manuel Seoane Cereijo)
Date: Wed, 06 Feb 2019 14:10:48 -0500
Subject: [Valvula] Valvula does not filter any emails
In-Reply-To: <1549477413.28729.51.camel@aspl.es>
References: <fd1f002c-e2a2-43e6-b646-6d6132dabf1e@www.fastmail.com>
	<1549472458.28729.34.camel@aspl.es>
	<9bdf12ff-fd2f-435d-90ef-a27321d9d2d7@www.fastmail.com>
	<1549477413.28729.51.camel@aspl.es>
Message-ID: <e8fbd2e1-928e-495b-935e-a46fcf6aa13f@www.fastmail.com>

Thank you Francis

This is the ultimate test. I send 100 emails. I paste here the beginning of the logs (/var/log/maillog)
All emails (100) arrived on the gmail account.


Feb  6 13:10:01 mfgalera1 valvulad[5291]: info: mod-quota: updating accounting info
Feb  6 13:10:01 mfgalera1 valvulad[5291]: info: Checking now is 13:10 (start 09:00 - end 21:00)
Feb  6 13:10:01 mfgalera1 valvulad[5291]: info: Selecting sending mquota period with label [day quota] limits g: 300, h: 100, m: 15
Feb  6 13:11:01 mfgalera1 valvulad[5291]: info: mod-quota: updating accounting info
Feb  6 13:11:01 mfgalera1 valvulad[5291]: info: Checking now is 13:11 (start 09:00 - end 21:00)
Feb  6 13:11:01 mfgalera1 valvulad[5291]: info: Selecting sending mquota period with label [day quota] limits g: 300, h: 100, m: 15
Feb  6 13:11:51 mfgalera1 postfix/smtpd[16832]: connect from unknown[172.17.35.5]
Feb  6 13:11:51 mfgalera1 valvulad[5291]: info: DUNNO: roberto.gomez en hex2016.lab.triara.com -> esit.triara en gmail.com (sasl_user=), port 3080, rcpt count=0, queue-id , from 172.17.35.5, no-tls
Feb  6 13:11:51 mfgalera1 postfix/smtpd[16832]: E322E605960C: client=unknown[172.17.35.5]
Feb  6 13:11:51 mfgalera1 postfix/cleanup[16837]: E322E605960C: message-id=<>
Feb  6 13:11:51 mfgalera1 postfix/qmgr[4919]: E322E605960C: from=<roberto.gomez en hex2016.lab.triara.com>, size=476, nrcpt=1 (queue active)
Feb  6 13:11:53 mfgalera1 valvulad[5291]: info: DUNNO: roberto.gomez en hex2016.lab.triara.com -> esit.triara en gmail.com (sasl_user=), port 3080, rcpt count=0, queue-id , from 172.17.35.5, no-tls
Feb  6 13:11:53 mfgalera1 postfix/smtpd[16832]: 01B86605960D: client=unknown[172.17.35.5]
Feb  6 13:11:53 mfgalera1 postfix/cleanup[16837]: 01B86605960D: message-id=<>
Feb  6 13:11:53 mfgalera1 postfix/qmgr[4919]: 01B86605960D: from=<roberto.gomez en hex2016.lab.triara.com>, size=476, nrcpt=1 (queue active)
Feb  6 13:11:53 mfgalera1 postfix/smtp[16838]: E322E605960C: to=<esit.triara en gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.177.26]:25, delay=1.3, delays=0.06/0.01/0.92/0.31, dsn=2.0.0, status=sent (250 2.0.0 OK 1549479631 8si4301733ybq.59 - gsmtp)
Feb  6 13:11:53 mfgalera1 postfix/qmgr[4919]: E322E605960C: removed
Feb  6 13:11:54 mfgalera1 valvulad[5291]: info: DUNNO: roberto.gomez en hex2016.lab.triara.com -> esit.triara en gmail.com (sasl_user=), port 3080, rcpt count=0, queue-id , from 172.17.35.5, no-tls
Feb  6 13:11:54 mfgalera1 postfix/smtpd[16832]: 083CC605960B: client=unknown[172.17.35.5]
Feb  6 13:11:54 mfgalera1 postfix/cleanup[16837]: 083CC605960B: message-id=<>
Feb  6 13:11:54 mfgalera1 postfix/qmgr[4919]: 083CC605960B: from=<roberto.gomez en hex2016.lab.triara.com>, size=476, nrcpt=1 (queue active)
Feb  6 13:11:54 mfgalera1 postfix/smtp[16839]: 01B86605960D: to=<esit.triara en gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.177.26]:25, delay=2.3, delays=1/0.01/0.86/0.43, dsn=2.0.0, status=sent (250 2.0.0 OK 1549479632 v199si4238420ybv.44 - gsmtp)
Feb  6 13:11:54 mfgalera1 postfix/qmgr[4919]: 01B86605960D: removed
Feb  6 13:11:54 mfgalera1 postfix/smtp[16838]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4002:c08::1b]:25: Network is unreachable
Feb  6 13:11:55 mfgalera1 valvulad[5291]: info: DUNNO: roberto.gomez en hex2016.lab.triara.com -> esit.triara en gmail.com (sasl_user=), port 3080, rcpt count=0, queue-id , from 172.17.35.5, no-tls
Feb  6 13:11:55 mfgalera1 postfix/smtpd[16832]: 0E85E605960D: client=unknown[172.17.35.5]
Feb  6 13:11:55 mfgalera1 postfix/cleanup[16837]: 0E85E605960D: message-id=<>
Feb  6 13:11:55 mfgalera1 postfix/qmgr[4919]: 0E85E605960D: from=<roberto.gomez en hex2016.lab.triara.com>, size=476, nrcpt=1 (queue active)
Feb  6 13:11:55 mfgalera1 postfix/smtp[16838]: 083CC605960B: to=<esit.triara en gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.219.26]:25, delay=2.1, delays=1/0/0.89/0.24, dsn=2.0.0, status=sent (250 2.0.0 OK 1549479633 n72si4133419yba.225 - gsmtp)
Feb  6 13:11:55 mfgalera1 postfix/qmgr[4919]: 083CC605960B: removed
Feb  6 13:11:56 mfgalera1 postfix/smtp[16839]: 0E85E605960D: to=<esit.triara en gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.219.26]:25, conn_use=2, delay=2, delays=1/0/0.75/0.23, dsn=2.0.0, status=sent (250 2.0.0 OK 1549479634 n72si4133419yba.225 - gsmtp)
Feb  6 13:11:56 mfgalera1 postfix/qmgr[4919]: 0E85E605960D: removed
Feb  6 13:11:56 mfgalera1 valvulad[5291]: info: DUNNO: roberto.gomez en hex2016.lab.triara.com -> esit.triara en gmail.com (sasl_user=), port 3080, rcpt count=0, queue-id , from 172.17.35.5, no-tls
Feb  6 13:11:56 mfgalera1 postfix/smtpd[16832]: 12338605960B: client=unknown[172.17.35.5]
Feb  6 13:11:56 mfgalera1 postfix/cleanup[16837]: 12338605960B: message-id=<>
Feb  6 13:11:56 mfgalera1 postfix/qmgr[4919]: 12338605960B: from=<roberto.gomez en hex2016.lab.triara.com>, size=476, nrcpt=1 (queue active)
Feb  6 13:11:56 mfgalera1 postfix/smtp[16838]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4002:c08::1b]:25: Network is unreachable
Feb  6 13:11:57 mfgalera1 valvulad[5291]: info: DUNNO: roberto.gomez en hex2016.lab.triara.com -> esit.triara en gmail.com (sasl_user=), port 3080, rcpt count=0, queue-id , from 172.17.35.5, no-tls
Feb  6 13:11:57 mfgalera1 postfix/smtpd[16832]: 17BB9605960C: client=unknown[172.17.35.5]
Feb  6 13:11:57 mfgalera1 postfix/cleanup[16837]: 17BB9605960C: message-id=<>
Feb  6 13:11:57 mfgalera1 postfix/qmgr[4919]: 17BB9605960C: from=<roberto.gomez en hex2016.lab.triara.com>, size=476, nrcpt=1 (queue active)


El Mie, 6 de Feb de 19, a las 12:23 PM, Francis Brosnan Blázquez escribió:
> Hello Oscar,
>  
>  Given your logs, valvula is not receiving any indication about emails
>  your are sending...which also means postfix is not receiving those
>  emails to be filtered or at least the smtpd postfix process connected
>  to valvula.
>  
>  The pipeline you are describing (more or less) is:
>  
>  Your client SMTP software ->
>  contacts with your haproxy at some port ->
>  Haproxy contacts postfix at 25 -> 
>  postfix (due to smtpd_recipient_restrictions=) contacts valvula at 3080 ->
>  valvula generate a DUNNO, OK, REJECT or error log.
>  
>  Because at some point this pipeline is not connected, valvula is not
>  receiving any request to reject, accept or whatever...
>  
>  Once you manage to contact your postfix and have your postfix contact
>  valvula, you will see it working..
>  
>  El mié, 06-02-2019 a las 12:55 -0500, Oscar Manuel Seoane Cereijo 
> escribió:  Hello Francis.
> 
> Thanks for your answer.
> 
> If I send a pack of 100 mails, all emails arrives on the destination.
> Ten minutes after, If I send another pack of 500 emails, all arrives on 
> the destination.
> 
> All emails are sending from the same account using a script.
> 
> tail -f /var/log/messages
> 
> Feb 6 11:21:01 mfgalera1 check-valvulad.py: check-valvula: info: 
> Valvulad server is working right
> 
> Regards
> 
> 
> El Mie, 6 de Feb de 19, a las 11:02 AM, Francis Brosnan Blázquez escribió:
> > > Hello Oscar,
> > >  
> > >  How are you testing your solution to come to the conclusion valvula is
> > >  not filtering?
> > >  
> > >  What about log files at /var/log/{syslog,messages}?
> > >  
> > >  First impression is that your configuration is ok...
> > >  
> > >  
> > >  El mié, 06-02-2019 a las 11:51 -0500, Oscar Manuel Seoane Cereijo 
> > > escribió:  Hello
> > > 
> > > I am testing a solution based on postfix, haproxy and valvula. I have a 
> > > server with haproxy like a load balancer. Also I have three servers 
> > > with galera (MariaDB Cluster) and valvula installed. 
> > > 
> > > The problem is valvula does not filter any mails.
> > > 
> > > The load balancer (haproxy) runs fine.
> > > Galera runs ok on the three servers.
> > > Valvula does not have any errors.
> > > Postfix have open relay to my network and runs ok.
> > > 
> > > [root en mfgalera1 ~]# valvulad -b
> > > INFO: Database connection working OK
> > > 
> > > [root en mfgalera1 ~]# netstat -ntpl
> > > Active Internet connections (only servers)
> > > Proto Recv-Q Send-Q Local Address           Foreign Address         
> > > State       PID/Program name    
> > > tcp        0      0 127.0.0.1:3080          0.0.0.0:*               
> > > LISTEN      5291/valvulad       
> > > tcp        0      0 0.0.0.0:3306            0.0.0.0:*               
> > > LISTEN      5127/mysqld         
> > > tcp        0      0 0.0.0.0:22              0.0.0.0:*               
> > > LISTEN      4765/sshd           
> > > tcp        0      0 0.0.0.0:4567            0.0.0.0:*               
> > > LISTEN      5127/mysqld         
> > > tcp        0      0 0.0.0.0:25              0.0.0.0:*               
> > > LISTEN      4911/master         
> > > tcp6       0      0 :::22                   :::*                    
> > > LISTEN      4765/sshd           
> > > tcp6       0      0 :::25                   :::*                    
> > > LISTEN      4911/master   
> > > 
> > > [root en mfgalera1 ~]# systemctl status postfix
> > > postfix.service - Postfix Mail Transport Agent
> > >    Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; 
> > > vendor preset: disabled)
> > >    Active: active (running) since mar 2019-02-05 12:29:57 CST; 22h ago
> > >   Process: 4798 ExecStart=/usr/sbin/postfix start (code=exited, 
> > > status=0/SUCCESS)
> > >   Process: 4786 ExecStartPre=/usr/libexec/postfix/chroot-update 
> > > (code=exited, status=0/SUCCESS)
> > >   Process: 4763 ExecStartPre=/usr/libexec/postfix/aliasesdb 
> > > (code=exited, status=0/SUCCESS)
> > >  Main PID: 4911 (master)
> > >    CGroup: /system.slice/postfix.service
> > >            ??3374 pickup -l -t unix -u
> > >            ??4911 /usr/libexec/postfix/master -w
> > >            ??4919 qmgr -l -t unix -u
> > >            ??6193 smtpd -n smtp -t inet -u -o stress= -s 2 -o 
> > > smtpd_recipient_restrictions=check_policy_service,inet:127.0.0.1:3080,permit_mynetworks,permit_sasl_authenticated,reject
> > >            ??6194 proxymap -t unix -u
> > > 
> > > And this is my valvula.conf
> > > 
> > > <?xml version='1.0' ?>
> > > <valvula>
> > >     <!-- -*- nxml -*- -->
> > >     <!-- server configuration -->
> > >     <global-settings>
> > >         <!-- make valvula server to run with a low privileges user -->
> > >         <running user='valvulad' group='valvulad' enabled='no' />
> > >         <!-- uncomment the following instruction to make valvula to log
> > >          all SQL sentences run by the engine. It is not recommended to
> > >          have it enabled by default: it create lots of logs -->
> > >         <!-- <debug-queries debug="yes" /> -->
> > >         <log-reporting enabled='yes' use-syslog='yes' />
> > >         <!-- Default signal action to take when a wrong signal is 
> > > recevied (SIGSEGV or SIGABRT).
> > > 	 reexec : do a fresh server restart
> > > 	 hold : holds the process until it is killed for debugging.
> > > 	 backtrace : prints a backtrace to the console
> > > 	 default : if nothing is configured, kills the process after receiving 
> > > this signal
> > >     -->
> > >         <signal action='reexec' />
> > >         <!-- request line limit (leave it as is unless you know what you
> > >          are doing). This is the number of lines a request can have
> > >          before closing the connection. A request should be served in
> > >          80 lines as much. -->
> > >         <request-line limit='80' />
> > >     </global-settings>
> > >     <!-- GENERAL: configuration -->
> > >     <general>
> > >         <listen host='127.0.0.1' port='3080'>
> > >             <run module='mod-mquota' />
> > >         </listen>
> > >     </general>
> > >     <database>
> > >         <!-- default mysql configuration -->
> > >         <config driver='mysql' dbname='policyv' user='root' password='' 
> > > host='localhost' port='' />
> > >     </database>
> > >     <enviroment>
> > >         <!-- the following declaration will make valvula server to 
> > > detect
> > >          postfix configuration by opening its configuration, and
> > >          taking a look into virtual_mailbox_domains and other postfix
> > >          declarations. If everything works ok, the server will be able
> > >          to know what domains, accounts and aliases are considered
> > >          local so valvula can make better decisions. -->
> > >         <local-domains config='autodetect' />
> > >         <!-- if previous declaration does not work, try one these -->
> > >         <!-- <local-domains 
> > > config="mysql:user:password:database:hosts:SELECT domain FROM 
> > > domain_table WHERE domain='%s' AND is_active = 1" /> -->
> > >         <!-- <local-domains config="file:///etc/postfix/local_domains" <file:///etc/postfix/local_domains%3E> 
> > > <file:///etc/postfix/local_domains%3E> /> -->
> > >         <!-- mod-slm configuration -->
> > >         <!-- Last paramter (allow-empty-mail-from) will allow sending 
> > > empty mail from:<> as defined by RFC. This is 
> > >          something that should be left enabled if you want to get DSN 
> > > and/or mail error notifications. 
> > >          Of course, there are people that do not agree. If any case, if 
> > > you want a recommendation, leave it on (yes).
> > >          For more information see: 
> > > https://lists.debian.org/debian-isp/2004/01/msg00259.html
> > > 
> > >          If nothing is configured, it is assumed 
> > > allow-empty-mail-from="yes"
> > >     -->
> > >         <sender-login-mismatch mode='same-domain' 
> > > allow-empty-mail-from='yes' />
> > >         <!-- sending and receiving quotas: used by mod-mquota  -->
> > >         <default-sending-quota status='full' if-no-match='first' 
> > > debug='yes'>
> > >             <!-- account limit: 150/minute,  250/hour  and  750/global 
> > > from 09:00 to 21:00 
> > >            domain limit:  300/minute, 500/hour  and 2500/global 
> > > 
> > >            note: use -1 to disable any of the limits.  
> > >            For example, to disable global limit, use globa-limit="-1" 
> > >       -->
> > >             <limit label='day quota' from='9:00' to='21:00' 
> > > status='full' minute-limit='15' hour-limit='100' global-limit='300' 
> > > domain-minute-limit='15' domain-hour-limit='100' 
> > > domain-global-limit='300' />
> > >             <!-- limit 15/minute, 50/hour  and 150/global from 21:00 to 
> > > 09:00 -->
> > >             <limit label='night quota' from='21:00' to='9:00' 
> > > status='full' minute-limit='5' hour-limit='50' global-limit='150' 
> > > domain-minute-limit='5' domain-hour-limit='50' 
> > > domain-global-limit='150' />
> > >         </default-sending-quota>
> > >         <!-- <bwl debug="no" /> -->
> > >         <!-- <lmm debug="no" /> -->
> > >         <!-- mod-mw : mysql works -->
> > >         <!-- It allows to run user defined sql queries with the provided
> > >          credentials. Each SQL query is then personalized with support
> > >          substitutions. All substitutions takes the value indicated or
> > >          evals to emtpy string. -->
> > >         <!-- Allowed substitutions are: 
> > > 
> > > 	 - #queue-id# if defined, it is replaced by reported queue id
> > > 	 - #size# if defined, it is replaced by reported size (single size, 
> > > you may have to consider having this value by #rpct-count# to have 
> > > actual size to handle/send.
> > > 	 - #sasl_user# if defined, it is replaced by sasl user account used.
> > > 	 - #mail-from# if defined, it is replaced by mail from: reported 
> > > account used.
> > > 	 - #rcpt-count# if defined, it is replaced by reported recipient count 
> > > (recipient_count reported by postfix).This value is only reliable if 
> > > valvula is connected to smtpd_data_restrictions.
> > > 	 - #rcpt-to# if defined, it is replaced by reported rcpt to: This 
> > > value isn't reliable if connected to smtpd_data_restrictions (it may be 
> > > empty for multi recipients operations). Connect valvula to 
> > > smtpd_sender_restrictions if you want a reliable #rcpt-to# value.
> > > 	 - #client-address# if defined, it is replaced by reported connecting 
> > > ip
> > >     -->
> > >         <!-- configuration example follows: -->
> > >         <!-- 
> > >       <mysql-works>
> > >       <with-db-def use="valvula" port="3579"> 
> > > 	<run-on-request sql="INSERT INTO example_table (sasl_user, mail_from, 
> > > rcpt_count) VALUES ('#sasl_user#', '#mail-from#', '#rcpt-count#')" />
> > > 	<run-every-hour sql="DELETE FROM example_table" />
> > >       </with-db-def>
> > >     </mysql-works> -->
> > >     </enviroment>
> > >     <!-- MODULE: configuration -->
> > >     <modules>
> > >         <!-- directory where to find modules to load -->
> > >         <directory src='/etc/valvula/mods-enabled' />
> > >     </modules>
> > > </valvula>
> > > 
> > > Any idea?
> > > 
> > > Best regards.
> > > _______________________________________________
> > > Valvula mailing list
> > > > Valvula en lists.aspl.es
> > > > http://lists.aspl.es/cgi-bin/mailman/listinfo/valvula
> > > >   
> > >
> >   
>     -- 
>  
>  Francis Brosnan Blázquez -- ASPL --ASPLhosting
>  Foro de soporte: https://support.asplhosting.com
>  Síguenos en Twitter: @aspl_es @asplhosting
>  91 134 14 22 - 91 134 14 45 
>  
>  http://asplhosting.com 
>  http://aspl.es 
>  https://www.linkedin.com/in/francis-brosnan-bl%C3%A1zquez-1353a218/
>  
>  AVISO LEGAL 
>  
>  Este mensaje se dirige exclusivamente a su destinatario. Los datos
>  incluidos en el presente correo son confidenciales y sometidos a
>  secreto profesional, se prohíbe divulgarlos, en virtud de las leyes
>  vigentes. Si usted no lo es y lo ha recibido por error o tiene
>  conocimiento del mismo por cualquier motivo, le rogamos que nos lo
>  comunique por este medio y proceda a destruirlo o borrarlo. 
>  
>  En virtud de lo dispuesto en la Ley Orgánica 15/1999, de 13 de
>  diciembre, de Protección de Datos de Carácter Personal, le informamos
>  de que sus datos de carácter personal, recogidos de fuentes accesibles
>  al público o datos que usted nos ha facilitado previamente, proceden de
>  bases de datos propiedad de Advanced Software Production Line, S.L.
>  (ASPL). No obstante, usted puede ejercitar sus derechos de acceso,
>  rectificación, cancelación y oposición dispuestos en la mencionada Ley
>  Orgánica, notificándolo por escrito a: ASPL - Protección Datos,
>  C/Antonio Suárez 10 A-102, 28802, Alcalá de Henares (Madrid).