Diagnosing policyd spawn error

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Diagnosing policyd spawn error

David Rees
I recently upgraded from Postfix 2.4 to 2.5 - the upgrade went fine
except that I use a perl policyd script to check SPF records which no
longer works. Running from the command line works fine.

How can I debug this further to diagnose the issue?

Jun  2 12:06:23 forty postfix/spawn[17188]: warning: command
/usr/bin/perl exit status 255
Jun  2 12:06:23 forty postfix/smtpd[17182]: warning: premature
end-of-input on private/policy while reading input attribute name
Jun  2 12:06:23 forty postfix/smtpd[17182]: warning: problem talking
to server private/policy: Success

In master.cf I added this:

policy    unix  -       n       n       -       0       spawn
        user=nobody argv=/usr/bin/perl /usr/local/lib/policyd-spf-perl

In main.cf I added check_policy_service unix:private/policy to
smtpd_recipient_restrictions, the whole thing looks like this:

smtpd_recipient_restrictions =
        check_recipient_access hash:/etc/postfix/disabled_accounts
        reject_non_fqdn_sender
        reject_unknown_recipient_domain
        reject_unauth_pipelining
        reject_non_fqdn_recipient
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination
        check_policy_service unix:private/policy

Any ideas?

-Dave
Reply | Threaded
Open this post in threaded view
|

Re: Diagnosing policyd spawn error

Wietse Venema
David Rees:

> I recently upgraded from Postfix 2.4 to 2.5 - the upgrade went fine
> except that I use a perl policyd script to check SPF records which no
> longer works. Running from the command line works fine.
>
> How can I debug this further to diagnose the issue?
>
> Jun  2 12:06:23 forty postfix/spawn[17188]: warning: command
> /usr/bin/perl exit status 255
> Jun  2 12:06:23 forty postfix/smtpd[17182]: warning: premature
> end-of-input on private/policy while reading input attribute name
> Jun  2 12:06:23 forty postfix/smtpd[17182]: warning: problem talking
> to server private/policy: Success
>
> In master.cf I added this:
>
> policy    unix  -       n       n       -       0       spawn
>         user=nobody argv=/usr/bin/perl /usr/local/lib/policyd-spf-perl
>
> In main.cf I added check_policy_service unix:private/policy to
> smtpd_recipient_restrictions, the whole thing looks like this:

And so you forget to extend the command's time limit as documented
in the SMTPD_POLICY_REQADME examples.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Diagnosing policyd spawn error

David Rees
On Mon, Jun 2, 2008 at 12:55 PM, Wietse Venema <[hidden email]> wrote:
>> In main.cf I added check_policy_service unix:private/policy to
>> smtpd_recipient_restrictions, the whole thing looks like this:
>
> And so you forget to extend the command's time limit as documented
> in the SMTPD_POLICY_REQADME examples.

I also have "policy_time_limit = 3600" in main.cf, but postconf reports:

$ /usr/sbin/postconf policy_time_limit
/usr/sbin/postconf: warning: policy_time_limit: unknown parameter

I have read the SMTPD_POLICY_README examples. I also added -v to the
spawn master.cf entry, but I did not notice anything abnormal.

The exact same configuration works on a Postfix 2.4 setup but not on
this Postfix 2.5 setup.

-Dave
Reply | Threaded
Open this post in threaded view
|

Re: Diagnosing policyd spawn error

Wietse Venema
David Rees:

> On Mon, Jun 2, 2008 at 12:55 PM, Wietse Venema <[hidden email]> wrote:
> >> In main.cf I added check_policy_service unix:private/policy to
> >> smtpd_recipient_restrictions, the whole thing looks like this:
> >
> > And so you forget to extend the command's time limit as documented
> > in the SMTPD_POLICY_REQADME examples.
>
> I also have "policy_time_limit = 3600" in main.cf, but postconf reports:
>
> $ /usr/sbin/postconf policy_time_limit
> /usr/sbin/postconf: warning: policy_time_limit: unknown parameter
>
> I have read the SMTPD_POLICY_README examples. I also added -v to the
> spawn master.cf entry, but I did not notice anything abnormal.
>
> The exact same configuration works on a Postfix 2.4 setup but not on
> this Postfix 2.5 setup.

Postfix 2.4 spawn is identical to Postfix 2.5 and 2.6 spawn.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Diagnosing policyd spawn error

David Rees
In reply to this post by David Rees
On Mon, Jun 2, 2008 at 12:43 PM, David Rees <[hidden email]> wrote:
> I recently upgraded from Postfix 2.4 to 2.5 - the upgrade went fine
> except that I use a perl policyd script to check SPF records which no
> longer works. Running from the command line works fine.
>
> How can I debug this further to diagnose the issue?
>
> Jun  2 12:06:23 forty postfix/spawn[17188]: warning: command
> /usr/bin/perl exit status 255

I wrote a wrapper around the script so I could see anything it spit
out to stderr. I found this:

Assertion rx->sublen >= (s - rx->subbeg) + i failed: file "regcomp.c",
line 5098 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SPF/Result.pm line
370, <STDIN> line 25.

So something with the policy script itself is broken. I switched to
python-postfix-policyd-spf and that appears to run OK.

-Dave
Reply | Threaded
Open this post in threaded view
|

Re: Diagnosing policyd spawn error

Scott Kitterman-4
On Monday 02 June 2008 17:58, David Rees wrote:

> On Mon, Jun 2, 2008 at 12:43 PM, David Rees <[hidden email]> wrote:
> > I recently upgraded from Postfix 2.4 to 2.5 - the upgrade went fine
> > except that I use a perl policyd script to check SPF records which no
> > longer works. Running from the command line works fine.
> >
> > How can I debug this further to diagnose the issue?
> >
> > Jun  2 12:06:23 forty postfix/spawn[17188]: warning: command
> > /usr/bin/perl exit status 255
>
> I wrote a wrapper around the script so I could see anything it spit
> out to stderr. I found this:
>
> Assertion rx->sublen >= (s - rx->subbeg) + i failed: file "regcomp.c",
> line 5098 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SPF/Result.pm line
> 370, <STDIN> line 25.
>
> So something with the policy script itself is broken. I switched to
> python-postfix-policyd-spf and that appears to run OK.
>

Just to clarify, that's in the Mail:SPF library the Perl policy server uses.  
I've passed this on to the author of the library and asked him to
investigate.  What OS/distribution and version is this on?

Glad the Python version of the policy server is working out for you.

Scott K
Reply | Threaded
Open this post in threaded view
|

Re: Diagnosing policyd spawn error

David Rees
On Mon, Jun 2, 2008 at 7:29 PM, Scott Kitterman <[hidden email]> wrote:

>> I wrote a wrapper around the script so I could see anything it spit
>> out to stderr. I found this:
>>
>> Assertion rx->sublen >= (s - rx->subbeg) + i failed: file "regcomp.c",
>> line 5098 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SPF/Result.pm line
>> 370, <STDIN> line 25.
>>
>> So something with the policy script itself is broken. I switched to
>> python-postfix-policyd-spf and that appears to run OK.
>
> Just to clarify, that's in the Mail:SPF library the Perl policy server uses.
> I've passed this on to the author of the library and asked him to
> investigate.  What OS/distribution and version is this on?

Fedora 9, which is using this combination of perl, perl-Mail-SPF and
postfix (all installed from RPM):

perl-5.10.0-22.fc9.i386
perl-Mail-SPF-2.005-2.fc9.noarch
postfix-2.5.1-2.fc9.i386

-Dave