I’m having trouble getting Virtualmin’s Mail Rate Limiting to take effect and need your help diagnosing it.
Background
Virtualmin: Mail Rate Limiting enabled.
UI settings: Global message limit set to 5 emails every 1 hour (testing).
Per-domain override: kiborehost1.com configured.
What I did
Sent 20 messages from a web script (PHPMailer).
Observed behavior: All 20 messages were queued by Postfix and delivered immediately; the 5/hour limit was not enforced.
What I’ve already checked
Virtualmin UI settings are saved.
Postfix smtpd_recipient_restrictions shows: permit_mynetworks permit_sasl_authenticated reject_unauth_destination (no check_policy_service present).
PHPmailer is currently using the local send method (sendmail binary) in the test script.
I attempted to locate a policy daemon (pypolicyd/postfwd) but I’m not sure which one Virtualmin expects or whether it’s active.
Logs and evidence
20 messages from the web script were accepted and sent from the queue without any rate-limit entries in /var/log/mail.log.
I can provide full postconf -n output and relevant log snippets on request.
Questions
Does Virtualmin’s Mail Rate Limiting require a specific policy daemon (pypolicyd, postfwd, or another)? Which do you recommend for Virtualmin on Ubuntu/Debian?
Will rate limiting apply to messages submitted via the local sendmail binary by web scripts, or must web scripts use authenticated SMTP (submission/587) to trigger smtpd policy checks?
If a policy daemon is required, please provide exact steps: package name, config file locations, sample policy for a global 5/hour + per-domain override, and the precise postconf/master.cf changes to make Postfix call the policy service.
Are there Virtualmin settings or templates that could overwrite manual Postfix changes? If so, how do I make the configuration persistent through Virtualmin updates?
What exact log lines should I look for to confirm a rate-limit hit when I reproduce the test?
Additional info I can supply: OS version, full postconf -n output, PHPMailer config, and sample log excerpts.
Thanks for your help — I want to ensure outbound mail from scripts is rate-limited to avoid being flagged as spam.
(I am not really qualified to say whether that is a good idea or not, but I think that is what worked for me.)
Incidentally a spammer with a known password got right passed the milter (even though it was set to “noauth” as described). I think that this is because the milter must count your “from address”, not the actual authenticated account sending the mail, and once the spammer authenticated he sent mail as not@the-account-he-logged-in-as.com, so the milter was working as its supposed to, just not in the way that I’d hoped.
To combat this, I have changed:
racl whitelist default
to:
racl blacklist default
At the bottom of my:
/etc/milter-greylist/greylist.conf
On the assumption that that means “If this is not something I know about, don’t accept it”.
Mail is still working this way and the milter works, only time will tell if this helps with the next known-password spammer though.
(If adding noauth to greylist.conf and restarting the milter doesn’t work for you I left myself some more detailed instructions and changed a few other things along the way. I’m don’t specifically remember what I was fixing when I did so, so they’re probably irrelevant to your system but if noauth still fails, maybe they will help.)