3.4. Policy configuration

This file holds all static policies that should be enforced when the system starts. By default, smtpd loads it from /etc/halon/smtpd-policy.yaml. It is described by, and can be validated with, the smtpd-policy.schema.json. A policy is a rule that restricts how fast messages can be picked up from the active queue. When a policy has been exceeded it will create a dynamic active queue suspension. This file can be reloaded using the halonctl queue policy reload command. The overall concepts of policies are documented in queue pickup policies.

3.4.1. Policy directives

You can configure multiple policies. Each item in the array represents one counter.

policies[].fields[]: The policy fields to use for the counter.

Note

policies[].fields[] can be omitted to enforce global limits for the entire system.

policies:
  - default:
      rate: 1000/60

policies[].conditions[]: Conditions can be used to enforce limits for specific sub-queues. You can only add conditions based on the policy fields that are included in policies[].fields[]. From a performance perspective it’s beneficial to use string and *.domain over regex patterns.

policies[].conditions[].if.tenantid: Supported types are string, /regex/ or a @list of those.

policies[].conditions[].if.jobid: Supported types are string, /regex/ or a @list of those.

policies[].conditions[].if.transportid: Supported types are string, /regex/ or a @list of those.

policies[].conditions[].if.localip: Supported types are ipv4, ipv4network, ipv6, ipv6network or @list of those.

policies[].conditions[].if.grouping: Supported types are string, /regex/ or a @list of those.

policies[].conditions[].if.remoteip: Supported types are ipv4, ipv4network, ipv6, ipv6network or @list of those.

policies[].conditions[].if.remotemx: Supported types are domain, *.domain, /regex/ or a @list of those.

policies[].conditions[].if.recipientdomain: Supported types are domain, *.example.com, /regex/ or a @list of those.

policies[].conditions[].then.rate: The rate that should be enforced, specified as x/y where x is count and y is interval.

policies[].conditions[].then.concurrency: The concurrency that should be enforced.

policies[].conditions[].then.connectinterval: The connect interval that should be enforced, specified in seconds. It can only be configured for a policy that has the localip and grouping policies[].fields[].

policies[].conditions[].then.tag: The custom tag that should be applied.

policies[].conditions[].then.properties{}: The custom properties that should be applied.

policies[].conditions[].then.cluster: If clustering should be enabled. The default is true if cluster.address is configured in the startup configuration, otherwise false.

policies[].default: The default limits that will be enforced for each sub-queue that did not match any policies[].conditions.

policies[].default.rate: The rate that should be enforced, specified as x/y where x is count and y is interval.

policies[].default.concurrency: The concurrency that should be enforced.

policies[].default.connectinterval: The connect interval that should be enforced, specified in seconds. It can only be configured for a policy that has the localip and grouping policies[].fields[].

policies[].default.tag: The custom tag that should be applied.

policies[].default.properties{}: The custom properties that should be applied.

policies[].default.cluster: If clustering should be enabled. The default is true if cluster.address is configured in the startup configuration, otherwise false.

3.4.2. Rate directives

rate.algorithm: The rate algorithm to use. Can be either fixedwindow or tokenbucket. The key distinction between fixedwindow and tokenbucket is that fixedwindow permits bursting within the specified time interval. The default is fixedwindow.