Formatting problems for smptd_recipient_restrictions

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
56 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Formatting problems for smptd_recipient_restrictions

David Southwell-3

Hi I am just trying to run policyd-spf and postgrey. However whatever I do I
seem to get errors of the form:

[root@dns1 /usr/ports/mail/postfix-policyd-spf-perl]# postfix reload
postfix: fatal: /usr/local/etc/postfix/main.cf, line 227: missing '=' after
attribute name: "check_policy_service unix:private/policyd-spf,"

whenever I uncheck one or more of the '#' from any of the lines below:

smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination

# check_policy_service unix:private/policyd-spf
# policyd-spf_time_limit = 3600
# check_policy_service inet:127.0.0.1:10023

smptd_sender_restrictions = reject_unknown_sender_domain
smptd_sender_restrictions = reject_non_fqdn_sender
smtpd_helo_required = yes
smptd_helo_restrictions = reject_invalid_hostname
smptd_helo_restrictions = reject_unknown_hostname
smptd_helo_restrictions = reject_non_fqdn_hostname

Clearly I am slipping up somewhere but have finished up getting nowhere!

Thanks in advance for pointers in the right direction

David
Reply | Threaded
Open this post in threaded view
|

Re: Formatting problems for smptd_recipient_restrictions

Brian Evans - Postfix List
On 11/3/2011 9:32 AM, David Southwell wrote:

> Hi I am just trying to run policyd-spf and postgrey. However whatever I do I
> seem to get errors of the form:
>
> [root@dns1 /usr/ports/mail/postfix-policyd-spf-perl]# postfix reload
> postfix: fatal: /usr/local/etc/postfix/main.cf, line 227: missing '=' after
> attribute name: "check_policy_service unix:private/policyd-spf,"
>
> whenever I uncheck one or more of the '#' from any of the lines below:
>
> smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
>
> # check_policy_service unix:private/policyd-spf
> # policyd-spf_time_limit = 3600
> # check_policy_service inet:127.0.0.1:10023
This is most likely caused by trying to use multi-line parameters in
main.cf without leaving white space before the first character.

You can check what Postfix sees by using 'postconf -n'.
This is one reason why we ask you to send that output instead of
cut/paste what is in main.cf.


> smptd_sender_restrictions = reject_unknown_sender_domain
> smptd_sender_restrictions = reject_non_fqdn_sender
> smtpd_helo_required = yes
> smptd_helo_restrictions = reject_invalid_hostname
> smptd_helo_restrictions = reject_unknown_hostname
> smptd_helo_restrictions = reject_non_fqdn_hostname

Note: parameters are NOT cumulative.  The last one wins in this case.
In your example, reject_unknown_sender_domain, reject_invalid_hostname
and reject_unknown_hostname are ignored once the config is fully read.

I highly suggest running 'postconf -n' and reviewing the results.

Brian
Reply | Threaded
Open this post in threaded view
|

Re: Formatting problems for smptd_recipient_restrictions

/dev/rob0
On Thursday 03 November 2011 08:43:31 Brian Evans - Postfix List
wrote:

> On 11/3/2011 9:32 AM, David Southwell wrote:
> > Hi I am just trying to run policyd-spf and postgrey. However
> > whatever I do I seem to get errors of the form:
> >
> > [root@dns1 /usr/ports/mail/postfix-policyd-spf-perl]# postfix
> > reload postfix: fatal: /usr/local/etc/postfix/main.cf, line 227:
> > missing '=' after attribute name: "check_policy_service
> > unix:private/policyd-spf,"
> >
> > whenever I uncheck one or more of the '#' from any of the lines
> > below:
> >
> > smtpd_recipient_restrictions =
> > permit_mynetworks,reject_unauth_destination
> >
> > # check_policy_service unix:private/policyd-spf
> > # policyd-spf_time_limit = 3600
> > # check_policy_service inet:127.0.0.1:10023
>
> This is most likely caused by trying to use multi-line parameters
> in main.cf without leaving white space before the first character.
>
> You can check what Postfix sees by using 'postconf -n'.
> This is one reason why we ask you to send that output instead of
> cut/paste what is in main.cf.
>
> > smptd_sender_restrictions = reject_unknown_sender_domain
> > smptd_sender_restrictions = reject_non_fqdn_sender
> > smtpd_helo_required = yes
> > smptd_helo_restrictions = reject_invalid_hostname
> > smptd_helo_restrictions = reject_unknown_hostname
> > smptd_helo_restrictions = reject_non_fqdn_hostname
>
> Note: parameters are NOT cumulative.  The last one wins in this
> case. In your example, reject_unknown_sender_domain,
> reject_invalid_hostname and reject_unknown_hostname are ignored
> once the config is fully read.

Furthermore, there are no postconf(5) settings that include the
string, "smptd". Even if formatted correctly, we do count off for
spelling errors!

> I highly suggest running 'postconf -n' and reviewing the results.

And see that the misspelled parameters are not listed.
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header
Reply | Threaded
Open this post in threaded view
|

Re: Formatting problems for smptd_recipient_restrictions

David Southwell
In reply to this post by David Southwell-3

Thank you Brian  

The grey listing is now working but I am still getting problems with spf

When the following lines are active
 check_policy_service unix:private/policyd-spf
 policyd-spf_time_limit = 3600


Here is an example of maillog error reports:


Nov  3 10:57:51 dns1 postfix/smtpd[20636]: connect from mail-vw0-
f52.google.com[209.85.212.52]
Nov  3 10:57:52 dns1 postfix/smtpd[20636]: warning: connect to
private/policyd-spf: Connection refused
Nov  3 10:57:52 dns1 postfix/smtpd[20636]: warning: problem talking to server
private/policyd-spf: Connection refused
Nov  3 10:57:53 dns1 postfix/smtpd[20636]: warning: connect to
private/policyd-spf: Connection refused
Nov  3 10:57:53 dns1 postfix/smtpd[20636]: warning: problem talking to server
private/policyd-spf: Connection refused
Nov  3 10:57:53 dns1 postfix/smtpd[20636]: NOQUEUE: reject: RCPT from mail-
vw0-f52.google.com[209.85.212.52]: 451 4.3.5 Server configuration problem;
from=<[hidden email]> to=<[hidden email]> proto=ESMTP
helo=<mail-vw0-f52.google.com>
Nov  3 10:57:53 dns1 postfix/smtpd[20636]: disconnect from mail-vw0-
f52.google.com[209.85.212.52]

postconf -n does not seem to help as the only difference is that it reports
the additional presence of the relevant lines.



Working without spf lines enabled:
postconf -n:
alias_maps = hash:/etc/aliases
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 512000000
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1
mydomain = vizion2000.net
myhostname = dns1.vizion2000.net
mynetworks = 62.49.197.48/28, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
proxy_interfaces = dns1.vizion2000.net
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = $mydestination
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
check_policy_service inet:127.0.0.1:10023
smtpd_sender_restrictions = reject_non_fqdn_sender
soft_bounce = yes
unknown_local_recipient_reject_code = 550
virtual_alias_domains = workplacemassage.co.uk, atf4.com,
methuselaproject.org, methuselaproject.com, tiptogo.com,
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual,



With spf and dreporting Server Configuration Problem

alias_maps = hash:/etc/aliases
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 512000000
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1
mydomain = vizion2000.net
myhostname = dns1.vizion2000.net
mynetworks = 62.49.197.48/28, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
proxy_interfaces = dns1.vizion2000.net
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = $mydestination
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination  
check_policy_service unix:private/policyd-spf  policyd-spf_time_limit = 3600
check_policy_service inet:127.0.0.1:10023
smtpd_sender_restrictions = reject_non_fqdn_sender
soft_bounce = yes
unknown_local_recipient_reject_code = 550
virtual_alias_domains = workplacemassage.co.uk, atf4.com,
methuselaproject.org, methuselaproject.com, tiptogo.com,
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual,
Reply | Threaded
Open this post in threaded view
|

spf configuration woes

David Southwell
System freebsd 8

Cannot get spf working with the server.
Thanks in advance for any assistance.

Here is the information:

The following lines appear in master.cf:
# Applied #1 postfix refereshed ok
 spf-policy unix -       n       n       -       0       spawn
          user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl

user nobody is in /etc/passwd
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin

in /usr/local/sbin we have:
[root@dns1 /usr/local/sbin]# ls -l |grep postfix
-rwxr-xr-x  1 root  wheel      117601 Nov  3 08:22 postfix
-r-xr-xr-x  1 root  wheel       11526 Nov  3 08:16 postfix-policyd-spf-perl


 If the following lines appear in main.cf
  check_policy_service unix:private/policyd-spf
  policyd-spf_time_limit = 3600
 In the following context
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination

  check_policy_service unix:private/policyd-spf
 policyd-spf_time_limit = 3600

 check_policy_service inet:127.0.0.1:10023

 
 Here is an example of maillog error reports:
 
 
 Nov  3 10:57:51 dns1 postfix/smtpd[20636]: connect from mail-vw0-
 f52.google.com[209.85.212.52]
 Nov  3 10:57:52 dns1 postfix/smtpd[20636]: warning: connect to
 private/policyd-spf: Connection refused
 Nov  3 10:57:52 dns1 postfix/smtpd[20636]: warning: problem talking to
 server  private/policyd-spf: Connection refused
 Nov  3 10:57:53 dns1 postfix/smtpd[20636]: warning: connect to
 private/policyd-spf: Connection refused
 Nov  3 10:57:53 dns1 postfix/smtpd[20636]: warning: problem talking to
 server  private/policyd-spf: Connection refused
 Nov  3 10:57:53 dns1 postfix/smtpd[20636]: NOQUEUE: reject: RCPT from mail-
 vw0-f52.google.com[209.85.212.52]: 451 4.3.5 Server configuration problem;
 from=<[hidden email] to=<[hidden email] proto=ESMTP
 helo=<mail-vw0-f52.google.com
 Nov  3 10:57:53 dns1 postfix/smtpd[20636]: disconnect from mail-vw0-
 f52.google.com[209.85.212.52]
 
 postconf -n does not seem to help as the only difference is that it
 reports  the additional presence of the relevant lines.
 
 
 
 Working without spf lines enabled:
 postconf -n:
 alias_maps = hash:/etc/aliases
 command_directory = /usr/local/sbin
 config_directory = /usr/local/etc/postfix
 daemon_directory = /usr/local/libexec/postfix
 data_directory = /var/db/postfix
 debug_peer_level = 2
 html_directory = /usr/local/share/doc/postfix
 inet_interfaces = all
 mail_owner = postfix
 mail_spool_directory = /var/mail
 mailbox_size_limit = 512000000
 mailq_path = /usr/local/bin/mailq
 manpage_directory = /usr/local/man
 mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1
 mydomain = vizion2000.net
 myhostname = dns1.vizion2000.net
 mynetworks = 62.49.197.48/28, 127.0.0.0/8
 mynetworks_style = subnet
 myorigin = $mydomain
 newaliases_path = /usr/local/bin/newaliases
 proxy_interfaces = dns1.vizion2000.net
 queue_directory = /var/spool/postfix
 readme_directory = /usr/local/share/doc/postfix
 relay_domains = $mydestination
 sample_directory = /usr/local/etc/postfix
 sendmail_path = /usr/local/sbin/sendmail
 setgid_group = maildrop
 smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
 smtpd_helo_restrictions = reject_invalid_hostname
 smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
 check_policy_service inet:127.0.0.1:10023
 smtpd_sender_restrictions = reject_non_fqdn_sender
 soft_bounce = yes
 unknown_local_recipient_reject_code = 550
 virtual_alias_domains = workplacemassage.co.uk, atf4.com,
 methuselaproject.org, methuselaproject.com, tiptogo.com,
 virtual_alias_maps = hash:/usr/local/etc/postfix/virtual,
 
 
 
With spf and dreporting Server Configuration Problem

alias_maps = hash:/etc/aliases
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 512000000
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1
mydomain = vizion2000.net
myhostname = dns1.vizion2000.net
mynetworks = 62.49.197.48/28, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
proxy_interfaces = dns1.vizion2000.net
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = $mydestination
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination  
check_policy_service unix:private/policyd-spf  policyd-spf_time_limit = 3600
check_policy_service inet:127.0.0.1:10023
smtpd_sender_restrictions = reject_non_fqdn_sender
soft_bounce = yes
unknown_local_recipient_reject_code = 550
virtual_alias_domains = workplacemassage.co.uk, atf4.com,
methuselaproject.org, methuselaproject.com, tiptogo.com,
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual,

Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

Wietse Venema
David Southwell:
> The following lines appear in master.cf:
>  spf-policy unix -       n       n       -       0       spawn

This says: spf-policy

>  If the following lines appear in main.cf
>   check_policy_service unix:private/policyd-spf
> policyd-spf_time_limit = 3600

This says: policyd-spf

The names must be the same.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

David Southwell-3
On Friday 04 November 2011 07:23:33 Wietse Venema wrote:

> David Southwell:
> > The following lines appear in master.cf:
> >  spf-policy unix -       n       n       -       0       spawn
>
> This says: spf-policy
>
> >  If the following lines appear in main.cf
> >  
> >   check_policy_service unix:private/policyd-spf
> >
> > policyd-spf_time_limit = 3600
>
> This says: policyd-spf
>
> The names must be the same.
>
> Wietse
Hi Wietse

You spotted that quickly.

Unfortunately there must be more than that wrong (assuming I made the right
corrections):

Changed master.cf lines to read:
 policyd-spf unix -       n       n       -       0       spawn
          user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl

Everything else remains the same HOWEVER:

But still got the following errors when the lines in main.cf were unchecked:

postfix/postfix-script[26646]: refreshing the Postfix mail system
Nov  4 07:32:48 dns1 postfix/master[1328]: reload -- version 2.8.5,
configuration /usr/local/etc/postfix
Nov  4 07:37:21 dns1 postfix/smtpd[26676]: connect from
bmdeda7.com[72.51.37.19]
Nov  4 07:37:21 dns1 postfix/smtpd[26676]: NOQUEUE: reject: RCPT from
bmdeda7.com[72.51.37.19]: 454 4.7.1 <[hidden email]>: Relay access denied;
from=<[hidden email]> to=<[hidden email]> proto=ESMTP
helo=<bmdeda7.com>
Nov  4 07:37:22 dns1 postfix/smtpd[26676]: disconnect from
bmdeda7.com[72.51.37.19]
Nov  4 07:37:50 dns1 postfix/smtpd[26676]: connect from
postbox.kde.org[46.4.96.248]
Nov  4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to
private/policyd-spf: Connection refused
Nov  4 07:37:50 dns1 postfix/smtpd[26676]: warning: problem talking to server
private/policyd-spf: Connection refused
Nov  4 07:37:51 dns1 postfix/smtpd[26676]: warning: connect to
private/policyd-spf: Connection refused
Nov  4 07:37:51 dns1 postfix/smtpd[26676]: warning: problem talking to server
private/policyd-spf: Connection refused
Nov  4 07:37:51 dns1 postfix/smtpd[26676]: NOQUEUE: reject: RCPT from
postbox.kde.org[46.4.96.248]: 451 4.3.5 Server configuration problem;
from=<[hidden email]> to=<[hidden email]> proto=ESMTP
helo=<postbox.kde.org>
Nov  4 07:37:51 dns1 postfix/smtpd[26676]: disconnect from
postbox.kde.org[46.4.96.248]
Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

David Southwell
In reply to this post by David Southwell
On Friday 04 November 2011 07:23:33 Wietse Venema wrote:

> David Southwell:
> > The following lines appear in master.cf:
> >  spf-policy unix -       n       n       -       0       spawn
>
> This says: spf-policy
>
> >  If the following lines appear in main.cf
> >  
> >   check_policy_service unix:private/policyd-spf
> >
> > policyd-spf_time_limit = 3600
>
> This says: policyd-spf
>
> The names must be the same.
>
> Wietse
Hi Wietse

You spotted that quickly.

Unfortunately there must be more than that wrong (assuming I made the right
corrections):

Changed master.cf lines to read:
 policyd-spf unix -       n       n       -       0       spawn
          user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl

Everything else remains the same HOWEVER:

But still got the following errors when the lines in main.cf were unchecked:

postfix/postfix-script[26646]: refreshing the Postfix mail system
Nov  4 07:32:48 dns1 postfix/master[1328]: reload -- version 2.8.5,
configuration /usr/local/etc/postfix
Nov  4 07:37:21 dns1 postfix/smtpd[26676]: connect from
bmdeda7.com[72.51.37.19]
Nov  4 07:37:21 dns1 postfix/smtpd[26676]: NOQUEUE: reject: RCPT from
bmdeda7.com[72.51.37.19]: 454 4.7.1 <[hidden email]>: Relay access denied;
from=<[hidden email]> to=<[hidden email]> proto=ESMTP
helo=<bmdeda7.com>
Nov  4 07:37:22 dns1 postfix/smtpd[26676]: disconnect from
bmdeda7.com[72.51.37.19]
Nov  4 07:37:50 dns1 postfix/smtpd[26676]: connect from
postbox.kde.org[46.4.96.248]
Nov  4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to
private/policyd-spf: Connection refused
Nov  4 07:37:50 dns1 postfix/smtpd[26676]: warning: problem talking to server
private/policyd-spf: Connection refused
Nov  4 07:37:51 dns1 postfix/smtpd[26676]: warning: connect to
private/policyd-spf: Connection refused
Nov  4 07:37:51 dns1 postfix/smtpd[26676]: warning: problem talking to server
private/policyd-spf: Connection refused
Nov  4 07:37:51 dns1 postfix/smtpd[26676]: NOQUEUE: reject: RCPT from
postbox.kde.org[46.4.96.248]: 451 4.3.5 Server configuration problem;
from=<[hidden email]> to=<[hidden email]> proto=ESMTP
helo=<postbox.kde.org>
Nov  4 07:37:51 dns1 postfix/smtpd[26676]: disconnect from
postbox.kde.org[46.4.96.248]
Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

Wietse Venema
In reply to this post by David Southwell-3
David Southwell:
[ Charset ISO-8859-1 unsupported, converting... ]

> On Friday 04 November 2011 07:23:33 Wietse Venema wrote:
> > David Southwell:
> > > The following lines appear in master.cf:
> > >  spf-policy unix -       n       n       -       0       spawn
> >
> > This says: spf-policy
> >
> > >  If the following lines appear in main.cf
> > >  
> > >   check_policy_service unix:private/policyd-spf
> > >
> > > policyd-spf_time_limit = 3600
> >
> > This says: policyd-spf
> >
> > The names must be the same.
> >
> > Wietse
> Hi Wietse
>
> You spotted that quickly.
>
> Unfortunately there must be more than that wrong (assuming I made the right
> corrections):
>
> Changed master.cf lines to read:
>  policyd-spf unix -       n       n       -       0       spawn
>           user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl

You need to save the file before doing "postfix reload".

> Everything else remains the same HOWEVER:
>
> But still got the following errors when the lines in main.cf were unchecked:
>
> postfix/postfix-script[26646]: refreshing the Postfix mail system
> Nov  4 07:32:48 dns1 postfix/master[1328]: reload -- version 2.8.5,
> configuration /usr/local/etc/postfix

You need to edit master.cf in /usr/local/etc/postfix.

You need to think about such details, because computers are stupid.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

David Southwell
On Friday 04 November 2011 08:01:19 Wietse Venema wrote:

> David Southwell:
> [ Charset ISO-8859-1 unsupported, converting... ]
>
> > On Friday 04 November 2011 07:23:33 Wietse Venema wrote:
> > > David Southwell:
> > > > The following lines appear in master.cf:
> > > >  spf-policy unix -       n       n       -       0       spawn
> > >
> > > This says: spf-policy
> > >
> > > >  If the following lines appear in main.cf
> > > >  
> > > >   check_policy_service unix:private/policyd-spf
> > > >
> > > > policyd-spf_time_limit = 3600
> > >
> > > This says: policyd-spf
> > >
> > > The names must be the same.
> > >
> > > Wietse
> >
> > Hi Wietse
> >
> > You spotted that quickly.
> >
> > Unfortunately there must be more than that wrong (assuming I made the
> > right corrections):
> >
> > Changed master.cf lines to read:
> >  policyd-spf unix -       n       n       -       0       spawn
> >  
> >           user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl
>
> You need to save the file before doing "postfix reload".
>
> > Everything else remains the same HOWEVER:
> >
> > But still got the following errors when the lines in main.cf were
> > unchecked:
> >
> > postfix/postfix-script[26646]: refreshing the Postfix mail system
> > Nov  4 07:32:48 dns1 postfix/master[1328]: reload -- version 2.8.5,
> > configuration /usr/local/etc/postfix
>
> You need to edit master.cf in /usr/local/etc/postfix.
>
> You need to think about such details, because computers are stupid.
>
> Wietse

Umph I am not that stupid! The results were from /usr/local/etc/postfix as
shown! - I didnt realise you would assume the error came from such an
ommission <chuckles> otherwise I would have assured you to the contrary!

david



David

Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

David Southwell
In reply to this post by David Southwell
On Friday 04 November 2011 08:01:19 Wietse Venema wrote:

> David Southwell:
> [ Charset ISO-8859-1 unsupported, converting... ]
>
> > On Friday 04 November 2011 07:23:33 Wietse Venema wrote:
> > > David Southwell:
> > > > The following lines appear in master.cf:
> > > >  spf-policy unix -       n       n       -       0       spawn
> > >
> > > This says: spf-policy
> > >
> > > >  If the following lines appear in main.cf
> > > >  
> > > >   check_policy_service unix:private/policyd-spf
> > > >
> > > > policyd-spf_time_limit = 3600
> > >
> > > This says: policyd-spf
> > >
> > > The names must be the same.
> > >
> > > Wietse
> >
> > Hi Wietse
> >
> > You spotted that quickly.
> >
> > Unfortunately there must be more than that wrong (assuming I made the
> > right corrections):
> >
> > Changed master.cf lines to read:
> >  policyd-spf unix -       n       n       -       0       spawn
> >  
> >           user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl
>
> You need to save the file before doing "postfix reload".
>
> > Everything else remains the same HOWEVER:
> >
> > But still got the following errors when the lines in main.cf were
> > unchecked:
> >
> > postfix/postfix-script[26646]: refreshing the Postfix mail system
> > Nov  4 07:32:48 dns1 postfix/master[1328]: reload -- version 2.8.5,
> > configuration /usr/local/etc/postfix
>
> You need to edit master.cf in /usr/local/etc/postfix.
>
> You need to think about such details, because computers are stupid.
>
> Wietse

Umph I am not that stupid! The results were from /usr/local/etc/postfix as
shown! - I didnt realise you would assume the error came from such an
ommission <chuckles> otherwise I would have assured you to the contrary!

david



David

Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

Kris Deugau
In reply to this post by David Southwell-3
David Southwell wrote:
> But still got the following errors when the lines in main.cf were unchecked:

[snip]
> Nov  4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to
> private/policyd-spf: Connection refused

You need to find out why your policy server isn't responding to Postfix.

Since it's set up for a Unix socket, you likely either have a
permissions issue (eg, running as the wrong user) or the policy server
isn't running.

-kgd
Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

David Southwell
In reply to this post by Wietse Venema
On Friday 04 November 2011 08:01:19 Wietse Venema wrote:

> David Southwell:
> [ Charset ISO-8859-1 unsupported, converting... ]
>
> > On Friday 04 November 2011 07:23:33 Wietse Venema wrote:
> > > David Southwell:
> > > > The following lines appear in master.cf:
> > > >  spf-policy unix -       n       n       -       0       spawn
> > >
> > > This says: spf-policy
> > >
> > > >  If the following lines appear in main.cf
> > > >  
> > > >   check_policy_service unix:private/policyd-spf
> > > >
> > > > policyd-spf_time_limit = 3600
> > >
> > > This says: policyd-spf
> > >
> > > The names must be the same.
> > >
> > > Wietse
> >
> > Hi Wietse
> >
> > You spotted that quickly.
> >
> > Unfortunately there must be more than that wrong (assuming I made the
> > right corrections):
> >
> > Changed master.cf lines to read:
> >  policyd-spf unix -       n       n       -       0       spawn
> >  
> >           user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl
>
> You need to save the file before doing "postfix reload".
>
> > Everything else remains the same HOWEVER:
> >
> > But still got the following errors when the lines in main.cf were
> > unchecked:
> >
> > postfix/postfix-script[26646]: refreshing the Postfix mail system
> > Nov  4 07:32:48 dns1 postfix/master[1328]: reload -- version 2.8.5,
> > configuration /usr/local/etc/postfix
>
> You need to edit master.cf in /usr/local/etc/postfix.
>
> You need to think about such details, because computers are stupid.
>
> Wietse
Any other suggestions ? Could there be anything wrong with the time-limit
statement? I have tried a few variations on that but to no avail. As soon as
the spf lines are turned on I get the server configuration failure.

David
Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

David Southwell-3
In reply to this post by Kris Deugau
On Friday 04 November 2011 09:24:40 Kris Deugau wrote:
> David Southwell wrote:
> > But still got the following errors when the lines in main.cf were
unchecked:

> [snip]
>
> > Nov  4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to
> > private/policyd-spf: Connection refused
>
> You need to find out why your policy server isn't responding to Postfix.
>
> Since it's set up for a Unix socket, you likely either have a
> permissions issue (eg, running as the wrong user) or the policy server
> isn't running.
>
> -kgd
Sounds sensible. Any advice on how I can check that out?

David
Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

Wietse Venema
David Southwell:

> On Friday 04 November 2011 09:24:40 Kris Deugau wrote:
> > David Southwell wrote:
> > > But still got the following errors when the lines in main.cf were
> unchecked:
> > [snip]
> >
> > > Nov  4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to
> > > private/policyd-spf: Connection refused
> >
> > You need to find out why your policy server isn't responding to Postfix.
> >
> > Since it's set up for a Unix socket, you likely either have a
> > permissions issue (eg, running as the wrong user) or the policy server
> > isn't running.
> >
> > -kgd
> Sounds sensible. Any advice on how I can check that out?

You can use lsof or netstat to find out what is listening.

On FreeBSD (which I recall is the platform) the error "Connection
refused" means that no process is listening on the port.

Hence, my suspicion about editing the wrong file or saving the file
at the wrong time.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

David Southwell-3
On Friday 04 November 2011 10:24:54 Wietse Venema wrote:

> David Southwell:
> > On Friday 04 November 2011 09:24:40 Kris Deugau wrote:
> > > David Southwell wrote:
> > > > But still got the following errors when the lines in main.cf were
> >
> > unchecked:
> > > [snip]
> > >
> > > > Nov  4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to
> > > > private/policyd-spf: Connection refused
> > >
> > > You need to find out why your policy server isn't responding to
> > > Postfix.
> > >
> > > Since it's set up for a Unix socket, you likely either have a
> > > permissions issue (eg, running as the wrong user) or the policy server
> > > isn't running.
> > >
> > > -kgd
> >
> > Sounds sensible. Any advice on how I can check that out?
>
> You can use lsof or netstat to find out what is listening.
>
> On FreeBSD (which I recall is the platform) the error "Connection
> refused" means that no process is listening on the port.
>
> Hence, my suspicion about editing the wrong file or saving the file
> at the wrong time.
>
> Wietse

Make sense but I do not thinbk that is problem. I have been most careful about
that bit.
Pardon my ignorance but where is port configured and how is the process
started?
Thanks for your help
David


Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

David Southwell-3
In reply to this post by Wietse Venema
On Friday 04 November 2011 10:24:54 Wietse Venema wrote:

> David Southwell:
> > On Friday 04 November 2011 09:24:40 Kris Deugau wrote:
> > > David Southwell wrote:
> > > > But still got the following errors when the lines in main.cf were
> >
> > unchecked:
> > > [snip]
> > >
> > > > Nov  4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to
> > > > private/policyd-spf: Connection refused
> > >
> > > You need to find out why your policy server isn't responding to
> > > Postfix.
> > >
> > > Since it's set up for a Unix socket, you likely either have a
> > > permissions issue (eg, running as the wrong user) or the policy server
> > > isn't running.
> > >
> > > -kgd
> >
> > Sounds sensible. Any advice on how I can check that out?
>
> You can use lsof or netstat to find out what is listening.
>
> On FreeBSD (which I recall is the platform) the error "Connection
> refused" means that no process is listening on the port.
>
> Hence, my suspicion about editing the wrong file or saving the file
> at the wrong time.
>
> Wietse


I tried to test policyd-spf-perl manually with results as can be seen below.
This does seem to confirm the notion that for some as yet unbeknown reason the
process is not being launched.

Any ideas where I should be looking?

[root@dns1 /usr/local/sbin]# postfix-policyd-spf-perl
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=h****forge.com
queue_id=8045F2AB23
sender=info@h****forge.com
recipient=[hidden email]
client_address=81.169.1.52
client_name=h****.server*******.net

action=PREPEND Received-SPF: none (h****forge.com: No applicable sender policy
available) receiver=dns1.vizion2000.net; identity=mailfrom; envelope-
from="info@h****forge.com"; helo=h****forge.com; client-ip=81.169.1.52


Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

David Southwell
In reply to this post by David Southwell
On Friday 04 November 2011 10:24:54 Wietse Venema wrote:

> David Southwell:
> > On Friday 04 November 2011 09:24:40 Kris Deugau wrote:
> > > David Southwell wrote:
> > > > But still got the following errors when the lines in main.cf were
> >
> > unchecked:
> > > [snip]
> > >
> > > > Nov  4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to
> > > > private/policyd-spf: Connection refused
> > >
> > > You need to find out why your policy server isn't responding to
> > > Postfix.
> > >
> > > Since it's set up for a Unix socket, you likely either have a
> > > permissions issue (eg, running as the wrong user) or the policy server
> > > isn't running.
> > >
> > > -kgd
> >
> > Sounds sensible. Any advice on how I can check that out?
>
> You can use lsof or netstat to find out what is listening.
>
> On FreeBSD (which I recall is the platform) the error "Connection
> refused" means that no process is listening on the port.
>
> Hence, my suspicion about editing the wrong file or saving the file
> at the wrong time.
>
> Wietse


I tried to test policyd-spf-perl manually with results as can be seen below.
This does seem to confirm the notion that for some as yet unbeknown reason the
process is not being launched.

Any ideas where I should be looking?

[root@dns1 /usr/local/sbin]# postfix-policyd-spf-perl
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=h****forge.com
queue_id=8045F2AB23
sender=info@h****forge.com
recipient=[hidden email]
client_address=81.169.1.52
client_name=h****.server*******.net

action=PREPEND Received-SPF: none (h****forge.com: No applicable sender policy
available) receiver=dns1.vizion2000.net; identity=mailfrom; envelope-
from="info@h****forge.com"; helo=h****forge.com; client-ip=81.169.1.52


Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

Fernando Maior
In reply to this post by David Southwell-3
On Fri, Nov 4, 2011 at 3:57 PM, David Southwell <[hidden email]> wrote:
On Friday 04 November 2011 10:24:54 Wietse Venema wrote:
> David Southwell:
> > On Friday 04 November 2011 09:24:40 Kris Deugau wrote:
> > > David Southwell wrote:
> > > > But still got the following errors when the lines in main.cf were
> >
> > unchecked:
> > > [snip]
> > >
> > > > Nov  4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to
> > > > private/policyd-spf: Connection refused
> > >
> > > You need to find out why your policy server isn't responding to
> > > Postfix.
> > >
> > > Since it's set up for a Unix socket, you likely either have a
> > > permissions issue (eg, running as the wrong user) or the policy server
> > > isn't running.
> > >
> > > -kgd
> >
> > Sounds sensible. Any advice on how I can check that out?
>
> You can use lsof or netstat to find out what is listening.
>
> On FreeBSD (which I recall is the platform) the error "Connection
> refused" means that no process is listening on the port.
>
> Hence, my suspicion about editing the wrong file or saving the file
> at the wrong time.
>
>       Wietse


I tried to test policyd-spf-perl manually with results as can be seen below.
This does seem to confirm the notion that for some as yet unbeknown reason the
process is not being launched.

Any ideas where I should be looking?

[root@dns1 /usr/local/sbin]# postfix-policyd-spf-perl
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=h****forge.com
queue_id=8045F2AB23
sender=info@h****forge.com
recipient=[hidden email]
client_address=81.169.1.52
client_name=h****.server*******.net

action=PREPEND Received-SPF: none (h****forge.com: No applicable sender policy
available) receiver=dns1.vizion2000.net; identity=mailfrom; envelope-
from="info@h****forge.com"; helo=h****forge.com; client-ip=81.169.1.52


Usually, when you can run a process as root and cannot start it
as a background service, the problem is that the user that is the
owner of the service does not have enough permissions to open
or access some resource (usually pid file, run file, socket file or
config file).

Try looking for: 

1) which user/group is the owner of the service when you started
it in background as a daemon.

2) see if that user/group has enough permissions to access the
files it should access with read AND write permissions. Look for
pid files, socket files and at last for config file.

Fernando Maior
Reply | Threaded
Open this post in threaded view
|

Re: spf configuration woes

Wietse Venema
In reply to this post by David Southwell-3
David Southwell:
> > > > > Nov  4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to
> > > > > private/policyd-spf: Connection refused
> >
> > You can use lsof or netstat to find out what is listening.

Have you tried that already?

> > On FreeBSD (which I recall is the platform) the error "Connection
> > refused" means that no process is listening on the port.
> >
> > Hence, my suspicion about editing the wrong file or saving the file
> > at the wrong time.

> Pardon my ignorance but where is port configured and how is the process
> started?

The port (/some/where/private/policyd-spf) is configured in master.cf.

You use lsof or netstat to verify that something is listening on
that port.

If nothing is listening, then you made an error configuring master.cf.

        Wietse
123