Centos 7 turn on pypolicyd-spf

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Centos 7 turn on pypolicyd-spf

Emanuel
Hi,

I install via yum pypolicyd-spf in Centos 7.

Paquetes instalados
Nombre        : pypolicyd-spf
Arquitectura        : noarch
Versión     : 1.3.2
Lanzamiento     : 5.el7
Tamaño        : 105 k
Repositorio        : installed
Desde el repositorio   : epel
Resumen     : SPF Policy Server for Postfix (Python implementation)
URL         : https://launchpad.net/pypolicyd-spf
Licencia     : ASL 2.0
Descripción :pypolicyd-spf is a Postfix policy engine for Sender Policy
Framework (SPF)
            : checking. It is implemented in pure Python and uses the
python-spf (pyspf)
            : module.
            :
            : This SPF policy server implementation provides flexible
options for different
            : receiver policies and sender whitelisting to enable it to
support a very wide
            : range of requirements.

in master.cf add

policy unix - n n - 0 spawn

     user=nobody argv=/bin/python /usr/libexec/postfix/policyd-spf

main.cf

permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
check_policy_service unix:private/policy
... other restrictions as necessary

but i see this error

Oct 14 12:21:20 antartida postfix/smtpd[11266]: warning: connect to
private/policy-spf: Connection refused
Oct 14 12:21:20 antartida postfix/smtpd[11266]: warning: problem talking
to server private/policy-spf: Connection refused
Oct 14 12:21:21 antartida postfix/smtpd[11262]: warning: connect to
private/policy-spf: Connection refused
Oct 14 12:21:21 antartida postfix/smtpd[11262]: warning: problem talking
to server private/policy-spf: Connection refused

Any ideas?

Regards.!!
-

Reply | Threaded
Open this post in threaded view
|

Re: Centos 7 turn on pypolicyd-spf

Wietse Venema
Emanuel:
> check_policy_service unix:private/policy
> --------------------------^^^^^^^^^^^^^^
> but i see this error
>
> Oct 14 12:21:20 antartida postfix/smtpd[11266]: warning: connect to
> private/policy-spf: Connection refused
--^^^^^^^^^^^^^^^^^^

Is the policy service running, and what port does it use?

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Centos 7 turn on pypolicyd-spf

Viktor Dukhovni
In reply to this post by Emanuel
On Mon, Oct 14, 2019 at 12:26:46PM -0300, Emanuel wrote:

> in master.cf add
>
> policy unix - n n - 0 spawn
>   user=nobody argv=/bin/python /usr/libexec/postfix/policyd-spf
>
> main.cf
>
> check_policy_service unix:private/policy
> ... other restrictions as necessary
>
> but i see this error
>
> Oct 14 12:21:20 antartida postfix/smtpd[11266]: warning: connect to
> private/policy-spf: Connection refused
> Oct 14 12:21:20 antartida postfix/smtpd[11266]: warning: problem talking
> to server private/policy-spf: Connection refused
> Oct 14 12:21:21 antartida postfix/smtpd[11262]: warning: connect to
> private/policy-spf: Connection refused
> Oct 14 12:21:21 antartida postfix/smtpd[11262]: warning: problem talking
> to server private/policy-spf: Connection refused
>
> Any ideas?

    1. http://www.postfix.org/DEBUG_README.html#mail
       Output of:
       
        $ postconf -nf
        $ postconf -Mf

    2.  Don't forget to "postfix reload" after making master.cf changes.

        - (Linux, as root)

            # netstat -anp --protocol unix | grep private/

        - (BSD)

            # netstat -an -f unix -W | grep private/

I am not a fan of starting service daemons via spawn(8).  There are
better options (xinetd, systemd, just directly bind the socket,
...).  This would be something for the package maitainer to consider.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Centos 7 turn on pypolicyd-spf

Scott Kitterman-4
In reply to this post by Emanuel
On Monday, October 14, 2019 11:26:46 AM EDT Emanuel wrote:
> Hi,
>
> I install via yum pypolicyd-spf in Centos 7.
...
> in master.cf add
>
> policy unix - n n - 0 spawn
>      user=nobody argv=/bin/python /usr/libexec/postfix/policyd-spf

Is the python interpreter in /bin?  On most systems I'm aware of, it's in /
uxr/bin or /usr/local/bin?

Scott K




Reply | Threaded
Open this post in threaded view
|

Re: Centos 7 turn on pypolicyd-spf

Scott Kitterman-4
In reply to this post by Viktor Dukhovni
On Monday, October 14, 2019 4:37:01 PM EDT Viktor Dukhovni wrote:
...
> I am not a fan of starting service daemons via spawn(8).  There are
> better options (xinetd, systemd, just directly bind the socket,
> ...).  This would be something for the package maitainer to consider.

It's not really a daemon.  I'd intended to make it one, thus the name, but
have never gotten around to it.  By the time it became clear that wasn't going
to happen, the current name had already caught on and I have been reluctant to
change it.

It does expect to be spawned by postfix.  Whatever his error is, that's not it.  
Sorry for the confusion.

Scott K




Reply | Threaded
Open this post in threaded view
|

Re: Centos 7 turn on pypolicyd-spf

Viktor Dukhovni
> On Oct 14, 2019, at 5:21 PM, Scott Kitterman <[hidden email]> wrote:
>
> It's not really a daemon.  I'd intended to make it one, thus the name, but
> have never gotten around to it.  By the time it became clear that wasn't going
> to happen, the current name had already caught on and I have been reluctant to
> change it.
>
> It does expect to be spawned by postfix.  Whatever his error is, that's not it.  
> Sorry for the confusion.

Spawn has efficiency issues, and sets a hard limit on elapsed
time, it expects to run short-lived processes.  Now it is true
that smtpd(8) connections to policy services live roughly as
long as smtpd(8) itself, which is rarely as long as the default
spawn command timeout, but there is here room for impedance
mismatches.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Centos 7 turn on pypolicyd-spf

lists@lazygranch.com

FWIW, this is what I have in my master.cf. I am on centos 7.

policy    unix  -       n       n       -       0       spawn
     user=nobody
     argv=/usr/libexec/postfix/policyd-spf /etc/python-policyd-spf/policyd-spf.conf
Reply | Threaded
Open this post in threaded view
|

Re: Centos 7 turn on pypolicyd-spf

Emanuel

Hi.!!

Following this user's recommendation, he will solve the problem thanks

Thanks!!!

REgards-!

El 14/10/19 a las 20:45, [hidden email] escribió:
FWIW, this is what I have in my master.cf. I am on centos 7.

policy    unix  -       n       n       -       0       spawn
     user=nobody
     argv=/usr/libexec/postfix/policyd-spf /etc/python-policyd-spf/policyd-spf.conf
--
envialosimple.com
Emanuel Gonzalez
IT / Departamento Emails
[hidden email]
www.envialosimple.com
by donweb
 
Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son confidenciales, de uso exclusivo para el destinatario del mismo. La divulgación y/o uso del mismo sin autorización por parte de DonWeb.com queda prohibida.
DonWeb.com no se hace responsable del mensaje por la falsificación y/o alteración del mismo.
De no ser Ud el destinatario del mismo y lo ha recibido por error, por favor, notifique al remitente y elimínelo de su sistema.
Confidentiality Note: This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited by DonWeb.com.
DonWeb.com shall not be liable  for the message if altered or falsified.
If you are not the intended addressee of this message, please cancel it immediately and inform the sender
Nota de Confidencialidade: Esta mensagem e seus eventuais anexos podem conter dados confidenciais ou privilegiados.
Se você os recebeu por engano ou não é um dos destinatários aos quais ela foi endereçada, por favor destrua-a e a todos os seus eventuais anexos ou copias realizadas, imediatamente.
É proibida a retenção, distribuição, divulgação ou utilização de quaisquer informações aqui contidas.
Por favor, informenos sobre o recebimento indevido desta mensagem, retornando-a para o autor.