Postgrey and Postfix

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Postgrey and Postfix

jason hirsh

I raise this question here because  it appears the basic postgrey  
daemon is running

I have a FReebsd 7.0 server with Postfix, amavisd-new, Dovecot to  
which i added Postgrey

I have postgrey runnng as a ps aux grep | postfix shows

postgrey   653  0.0  2.4 14384 12052  ??  Is    1:53PM   0:00.04 /usr/
local/sbin/postgrey --pidfile=/var/run/postgrey.pid --inet=10023 -d --
user=postgrey --group=postgrey --dbdir=/var/db/postgrey (perl5.8.9)

There is no indication in the syslog maillog of any postgrey activity  
so I am presuming that i have messed up the install or  
configuration.. postconf -n shows

command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = regexp:/usr/local/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
mail_owner = postfix
mail_spool_directory = /var/mail/vmail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_domains = bl.spamcop.net
mydestination = localhost.$mydomain, localhost
myhostname = compnay.com
mynetworks = 127.0.0.0/8,  xxx.xxxx.xxxx
myorigin = $myhostname
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
receive_override_options = no_address_mappings
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtpd_banner = Hi This is No One
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated,  
permit_mynetworks,check_helo_access hash:/usr/local/etc/postfix/
helo_access,reject_invalid_hostname,reject_unknown_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated,  
check_relay_domains,reject_rbl_client zen.spamhaus.org  
bl,reject_rbl_client bl.spamcop.net,reject_rbl_client  
cbl.abuseat.org,reject_rbl_client  
safe.dnsbl.sorbs.net,check_policy_service inet:127.0.0.1
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostnamebroken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated,  
reject_rhsbl_sender dsn.rfc-ignorant.org,   reject_rbl_client  
bl.spamcop.net
smtpd_tls_CAfile = /etc/mail/certs/root.crt
smtpd_tls_cert_file = /etc/mail/certs/server.pem
smtpd_tls_key_file = /etc/mail/certs/server.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
virtual_gid_maps = static:1000
virtual_mailbox_base = /var/mail/vmail
virtual_mailbox_domains = /usr/local/etc/postfix/virtual_domains
virtual_mailbox_maps = hash:/usr/local/etc/postfix/virtual_mailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:1003

Can anyone provide me any ideas ??  I have also rasied the question  
on the postgrey mailing list


Jason

Reply | Threaded
Open this post in threaded view
|

Re: Postgrey and Postfix

d.hill
Quoting Jason Hirsh <[hidden email]>:

>
> I raise this question here because  it appears the basic postgrey  
> daemon is running
>
> I have a FReebsd 7.0 server with Postfix, amavisd-new, Dovecot to  
> which i added Postgrey
>
> I have postgrey runnng as a ps aux grep | postfix shows
>
> postgrey   653  0.0  2.4 14384 12052  ??  Is    1:53PM   0:00.04  
> /usr/local/sbin/postgrey --pidfile=/var/run/postgrey.pid  
> --inet=10023 -d --user=postgrey --group=postgrey  
> --dbdir=/var/db/postgrey (perl5.8.9)

Your running postgrey on port 10023. Is it assumed to run on the IP  
127.0.0.1 if not specified? Also, note below:

> There is no indication in the syslog maillog of any postgrey  
> activity so I am presuming that i have messed up the install or  
> configuration.. postconf -n shows
>
> command_directory = /usr/local/sbin
> config_directory = /usr/local/etc/postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> daemon_directory = /usr/local/libexec/postfix
> data_directory = /var/db/postfix
> delay_warning_time = 4h
> disable_vrfy_command = yes
> header_checks = regexp:/usr/local/etc/postfix/header_checks
> home_mailbox = Maildir/
> html_directory = no
> mail_owner = postfix
> mail_spool_directory = /var/mail/vmail
> mailq_path = /usr/local/bin/mailq
> manpage_directory = /usr/local/man
> maps_rbl_domains = bl.spamcop.net
> mydestination = localhost.$mydomain, localhost
> myhostname = compnay.com
> mynetworks = 127.0.0.0/8,  xxx.xxxx.xxxx
> myorigin = $myhostname
> newaliases_path = /usr/local/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = no
> receive_override_options = no_address_mappings
> relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
> sample_directory = /usr/local/etc/postfix
> sendmail_path = /usr/local/sbin/sendmail
> setgid_group = maildrop
> smtp_tls_note_starttls_offer = yes
> smtpd_banner = Hi This is No One
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_sasl_authenticated,  
> permit_mynetworks,check_helo_access  
> hash:/usr/local/etc/postfix/helo_access,reject_invalid_hostname,reject_unknown_hostname
> smtpd_recipient_restrictions = permit_sasl_authenticated,  
> check_relay_domains,reject_rbl_client zen.spamhaus.org  
> bl,reject_rbl_client bl.spamcop.net,reject_rbl_client  
> cbl.abuseat.org,reject_rbl_client  
> safe.dnsbl.sorbs.net,check_policy_service inet:127.0.0.1

Above, you are running postgrey on port 10023 yet you haven't told  
check_policy_service. I.e. check_policy_service inet:127.0.0.1:10023

> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostnamebroken_sasl_auth_clients = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_type = dovecot
> smtpd_sender_restrictions = permit_sasl_authenticated,  
> reject_rhsbl_sender dsn.rfc-ignorant.org,   reject_rbl_client  
> bl.spamcop.net
> smtpd_tls_CAfile = /etc/mail/certs/root.crt
> smtpd_tls_cert_file = /etc/mail/certs/server.pem
> smtpd_tls_key_file = /etc/mail/certs/server.key
> smtpd_tls_loglevel = 3
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
> virtual_gid_maps = static:1000
> virtual_mailbox_base = /var/mail/vmail
> virtual_mailbox_domains = /usr/local/etc/postfix/virtual_domains
> virtual_mailbox_maps = hash:/usr/local/etc/postfix/virtual_mailbox
> virtual_minimum_uid = 100
> virtual_uid_maps = static:1003
>
> Can anyone provide me any ideas ??  I have also rasied the question  
> on the postgrey mailing list
>
>
> Jason
>
>



Reply | Threaded
Open this post in threaded view
|

Re: Postgrey and Postfix

Noel Jones-2
In reply to this post by jason hirsh
Jason Hirsh wrote:

>
> I raise this question here because  it appears the basic postgrey daemon
> is running
>
> I have a FReebsd 7.0 server with Postfix, amavisd-new, Dovecot to which
> i added Postgrey
>
> I have postgrey runnng as a ps aux grep | postfix shows
>
> postgrey   653  0.0  2.4 14384 12052  ??  Is    1:53PM   0:00.04
> /usr/local/sbin/postgrey --pidfile=/var/run/postgrey.pid --inet=10023 -d
> --user=postgrey --group=postgrey --dbdir=/var/db/postgrey (perl5.8.9)
>
> There is no indication in the syslog maillog of any postgrey activity so
> I am presuming that i have messed up the install or configuration..
> postconf -n shows
>
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> check_relay_domains,

check_relay_domains is deprecated.
Note that check_relay_domains always resolves to either
"permit" or "reject".  As a consequence, no restrictions after
this are evaluated.  Use reject_unauth_destination instead,
that should fix your problem.


> reject_rbl_client zen.spamhaus.org
> bl,reject_rbl_client bl.spamcop.net,reject_rbl_client
> cbl.abuseat.org,reject_rbl_client
> safe.dnsbl.sorbs.net,check_policy_service inet:127.0.0.1

cbl.abuseat.org is included in zen.spamhaus.org - no need to
query both.

sorbs is currently negotiating a change of ownership.  Monitor
their web site and/or announcement mail list to decide if they
still meet your needs after the change is completed.

Should be check_policy_service inet:127.0.0.1:10023
Make sure the port matches where postgrey is listening.

> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostnamebroken_sasl_auth_clients = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_type = dovecot
> smtpd_sender_restrictions = permit_sasl_authenticated,
> reject_rhsbl_sender dsn.rfc-ignorant.org,   reject_rbl_client
> bl.spamcop.net

rfc-ignorant.org is generally better used in a scoring system
rather than for outright rejects.

Why do you have some RBLs in smtpd_sender_restrictions and
some in smtpd_recipient_restrictions?  pick one or the other.

   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Postgrey and Postfix

jason hirsh

On Aug 4, 2009, at 3:01 PM, Noel Jones wrote:

> Jason Hirsh wrote:
>> I raise this question here because  it appears the basic postgrey  
>> daemon is running
>> I have a FReebsd 7.0 server with Postfix, amavisd-new, Dovecot to  
>> which i added Postgrey
>> I have postgrey runnng as a ps aux grep | postfix shows
>> postgrey   653  0.0  2.4 14384 12052  ??  Is    1:53PM   0:00.04 /
>> usr/local/sbin/postgrey --pidfile=/var/run/postgrey.pid --
>> inet=10023 -d --user=postgrey --group=postgrey --dbdir=/var/db/
>> postgrey (perl5.8.9)
>> There is no indication in the syslog maillog of any postgrey  
>> activity so I am presuming that i have messed up the install or  
>> configuration.. postconf -n shows
>> smtpd_recipient_restrictions = permit_sasl_authenticated,  
>> check_relay_domains,
>
> check_relay_domains is deprecated.
> Note that check_relay_domains always resolves to either "permit" or  
> "reject".  As a consequence, no restrictions after this are  
> evaluated.  Use reject_unauth_destination instead, that should fix  
> your problem.
>
>
>> reject_rbl_client zen.spamhaus.org bl,reject_rbl_client  
>> bl.spamcop.net,reject_rbl_client cbl.abuseat.org,reject_rbl_client  
>> safe.dnsbl.sorbs.net,check_policy_service inet:127.0.0.1
>
> cbl.abuseat.org is included in zen.spamhaus.org - no need to query  
> both.
>
> sorbs is currently negotiating a change of ownership.  Monitor  
> their web site and/or announcement mail list to decide if they  
> still meet your needs after the change is completed.
>
removed

> Should be check_policy_service inet:127.0.0.1:10023
> Make sure the port matches where postgrey is listening.
>

corrected

>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_local_domain = $myhostnamebroken_sasl_auth_clients = yes
>> smtpd_sasl_path = private/auth
>> smtpd_sasl_type = dovecot
>> smtpd_sender_restrictions = permit_sasl_authenticated,  
>> reject_rhsbl_sender dsn.rfc-ignorant.org,   reject_rbl_client  
>> bl.spamcop.net
>
> rfc-ignorant.org is generally better used in a scoring system  
> rather than for outright rejects.
>
> Why do you have some RBLs in smtpd_sender_restrictions and some in  
> smtpd_recipient_restrictions?  pick one or the other.

Partial clean up  I had seen similar discussion about douplicaton  
between smtp_client_restriction and smtp_recipients_restriction.  
thanks for making the point
>
>   -- Noel Jones


Based on above changes i have ths now

postgrey   651  0.0  2.4 14384 12028  ??  Is    3:24PM   0:00.04 /usr/
local/sbin/postgrey --pidfile=/var/run/postgrey.pid --
inet=127.0.0.1:10023 -d --user=postgrey --group=postgrey --dbdir=/var/
db/postgrey -verbose (perl5.8.9)

postconf -n

command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = regexp:/usr/local/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
mail_owner = postfix
mail_spool_directory = /var/mail/vmail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_domains = bl.spamcop.net
mydestination = localhost.$mydomain, localhost
myhostname = batfish.theoceanwindow-bv.com
mynetworks = 127.0.0.0/8,  66.235.184.124,  66.148.83.94
myorigin = $myhostname
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
receive_override_options = no_address_mappings
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtpd_banner = Hi This is the Ocean Window - BV
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated,  
permit_mynetworks,check_helo_access hash:/usr/local/etc/postfix/
helo_access,reject_invalid_hostname,reject_unknown_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated,  
check_relay_domains,reject_rbl_client  
zen.spamhaus.org,reject_rbl_client bl.spamcop.net,reject_rbl_client,  
check_policy_service inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostnamebroken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated
smtpd_tls_CAfile = /etc/mail/certs/root.crt
smtpd_tls_cert_file = /etc/mail/certs/server.pem
smtpd_tls_key_file = /etc/mail/certs/server.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
virtual_gid_maps = static:1000
virtual_mailbox_base = /var/mail/vmail
virtual_mailbox_domains = /usr/local/etc/postfix/virtual_domains
virtual_mailbox_maps = hash:/usr/local/etc/postfix/virtual_mailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:1003


and I got a
check_access: [hidden email]
Aug  4 15:40:54 batfish postfix/smtpd[1326]: panic: check_access:  
dictionary not found: inet:127.0.0.1:10023
Aug  4 15:40:55 batfish postfix/master[1057]: warning: process /usr/
local/libexec/postfix/smtpd pid 1326 killed by signal 6
Aug  4 15:40:55 batfish postfix/master[1057]: warning: /usr/local/
libexec/postfix/smtpd: bad command startup -- throttling

erro message which I assume is related to postgrey??




Reply | Threaded
Open this post in threaded view
|

Re: Postgrey and Postfix

Brian Evans - Postfix List
Jason Hirsh wrote:

> Based on above changes i have ths now
>
> postgrey   651  0.0  2.4 14384 12028  ??  Is    3:24PM   0:00.04
> /usr/local/sbin/postgrey --pidfile=/var/run/postgrey.pid
> --inet=127.0.0.1:10023 -d --user=postgrey --group=postgrey
> --dbdir=/var/db/postgrey -verbose (perl5.8.9)
>
> postconf -n
>
>
> smtpd_banner = Hi This is the Ocean Window - BV

SASL is disabled with this banner.  Use the default as no one will read it.

> smtpd_recipient_restrictions = permit_sasl_authenticated,
> check_relay_domains,reject_rbl_client
> zen.spamhaus.org,reject_rbl_client bl.spamcop.net,reject_rbl_client,
> check_policy_service inet:127.0.0.1:10023
Let's reformat the recipient restrictions for reading:
smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    check_relay_domains,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client, check_policy_service
    inet:127.0.0.1:10023

See the error? To Postfix, a comma is whitespace when placed in
restriction lists.
Reply | Threaded
Open this post in threaded view
|

Re: Postgrey and Postfix

jason hirsh
In reply to this post by jason hirsh

On Aug 4, 2009, at 3:59 PM, Noel Jones wrote:

Jason Hirsh wrote:
On Aug 4, 2009, at 3:01 PM, Noel Jones wrote:
Jason Hirsh wrote:
I raise this question here because  it appears the basic postgrey daemon is running
I have a FReebsd 7.0 server with Postfix, amavisd-new, Dovecot to which i added Postgrey
I have postgrey runnng as a ps aux grep | postfix shows
postgrey   653  0.0  2.4 14384 12052  ??  Is    1:53PM   0:00.04 /usr/local/sbin/postgrey --pidfile=/var/run/postgrey.pid --inet=10023 -d --user=postgrey --group=postgrey --dbdir=/var/db/postgrey (perl5.8.9)
There is no indication in the syslog maillog of any postgrey activity so I am presuming that i have messed up the install or configuration.. postconf -n shows
smtpd_recipient_restrictions = permit_sasl_authenticated, check_relay_domains,

check_relay_domains is deprecated.
Note that check_relay_domains always resolves to either "permit" or "reject".  As a consequence, no restrictions after this are evaluated.  Use reject_unauth_destination instead, that should fix your problem.

... Based on above changes i have ths now
smtpd_recipient_restrictions = permit_sasl_authenticated, check_relay_domains,

Did you miss the very important comment about check_relay_domains in my original reply?

reject_rbl_client zen.spamhaus.org,reject_rbl_client
bl.spamcop.net,reject_rbl_client, check_policy_service inet:127.0.0.1:10023

reject_rbl_client with no RBL to check will likely give a configuration error.

and I got a
check_access: [hidden email]
Aug  4 15:40:54 batfish postfix/smtpd[1326]: panic: check_access: dictionary not found: inet:127.0.0.1:10023
Aug  4 15:40:55 batfish postfix/master[1057]: warning: process /usr/local/libexec/postfix/smtpd pid 1326 killed by signal 6
Aug  4 15:40:55 batfish postfix/master[1057]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
erro message which I assume is related to postgrey??

I expect this is from the extra 'reject_rbl_client' under smtpd_recipient_restrictions I mentioned above.


I guess you didn't se my configs

postgrey

postgrey   655  0.0  2.2 14384 11440  ??  Is    4:04PM   0:00.03 /usr/local/sbin/postgrey --pidfile=/var/run/postgrey.pid --inet=10023 -d --user=postgrey --group=postgrey --dbdir=/var/db/postgrey (perl5.8.9)


postconf -n  which reflected your input

command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = regexp:/usr/local/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
mail_owner = postfix
mail_spool_directory = /var/mail/vmail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_domains = bl.spamcop.net
mydestination = localhost.$mydomain, localhost
myhostname = xxxx
mynetworks = 127.0.0.0/8,  xxxxxx
myorigin = $myhostname
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
receive_override_options = no_address_mappings
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtpd_banner = xxxx
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks,check_helo_access hash:/usr/local/etc/postfix/helo_access,reject_invalid_hostname,reject_unknown_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated,reject_unauth_destination,reject_rbl_client zen.spamhaus.org,reject_rbl_client bl.spamcop.net,reject_rbl_client,check_policy_service inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostnamebroken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated
smtpd_tls_CAfile = /etc/mail/certs/root.crt
smtpd_tls_cert_file = /etc/mail/certs/server.pem
smtpd_tls_key_file = /etc/mail/certs/server.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
virtual_gid_maps = static:1000
virtual_mailbox_base = /var/mail/vmail
virtual_mailbox_domains = /usr/local/etc/postfix/virtual_domains
virtual_mailbox_maps = hash:/usr/local/etc/postfix/virtual_mailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:1003


this gets me the error messages

Aug  4 16:40:32 batfish postfix/smtpd[1896]: panic: check_access: dictionary not found: inet:127.0.0.1:10023
Aug  4 16:40:33 batfish postfix/master[1046]: warning: process /usr/local/libexec/postfix/smtpd pid 1896 killed by signal 6
Aug  4 16:40:33 batfish postfix/master[1046]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling


if i removed the check  check_policy_service inet:127.0.0.1:10023
the error goes away and no postgrey

Jason

Reply | Threaded
Open this post in threaded view
|

Re: Postgrey and Postfix

jason hirsh
In reply to this post by Brian Evans - Postfix List

On Aug 4, 2009, at 4:23 PM, Brian Evans - Postfix List wrote:

Jason Hirsh wrote:
Based on above changes i have ths now

postgrey   651  0.0  2.4 14384 12028  ??  Is    3:24PM   0:00.04
/usr/local/sbin/postgrey --pidfile=/var/run/postgrey.pid
--inet=127.0.0.1:10023 -d --user=postgrey --group=postgrey
--dbdir=/var/db/postgrey -verbose (perl5.8.9)

postconf -n


smtpd_banner = Hi This is the Ocean Window - BV

SASL is disabled with this banner.  Use the default as no one will read it.

smtpd_recipient_restrictions = permit_sasl_authenticated,
check_relay_domains,reject_rbl_client
zen.spamhaus.org,reject_rbl_client bl.spamcop.net,reject_rbl_client,
check_policy_service inet:127.0.0.1:10023
Let's reformat the recipient restrictions for reading:
smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    check_relay_domains,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client, check_policy_service
    inet:127.0.0.1:10023

See the error? To Postfix, a comma is whitespace when placed in
restriction lists.


i see youyr  reference but how do I correct?  the only error I see is the reject_rbl_client with out a cite
the code for the check_policy_service is per all the instructions i hvave seen which state 

(Add check_policy_service inet:127.0.0.1:10023 to end of smtpd_recipient_restrictions in main.cf)

So I guess you lost me




Reply | Threaded
Open this post in threaded view
|

Re: Postgrey and Postfix

Noel Jones-2
In reply to this post by jason hirsh
Jason Hirsh wrote:

>
> On Aug 4, 2009, at 3:59 PM, Noel Jones wrote:
>
>> Jason Hirsh wrote:
>>> On Aug 4, 2009, at 3:01 PM, Noel Jones wrote:
>>>> Jason Hirsh wrote:
>>>>> I raise this question here because  it appears the basic postgrey
>>>>> daemon is running
>>>>> I have a FReebsd 7.0 server with Postfix, amavisd-new, Dovecot to
>>>>> which i added Postgrey
>>>>> I have postgrey runnng as a ps aux grep | postfix shows
>>>>> postgrey   653  0.0  2.4 14384 12052  ??  Is    1:53PM   0:00.04
>>>>> /usr/local/sbin/postgrey --pidfile=/var/run/postgrey.pid
>>>>> --inet=10023 -d --user=postgrey --group=postgrey
>>>>> --dbdir=/var/db/postgrey (perl5.8.9)
>>>>> There is no indication in the syslog maillog of any postgrey
>>>>> activity so I am presuming that i have messed up the install or
>>>>> configuration.. postconf -n shows
>>>>> smtpd_recipient_restrictions = permit_sasl_authenticated,
>>>>> check_relay_domains,
>>>>
>>>> check_relay_domains is deprecated.
>>>> Note that check_relay_domains always resolves to either "permit" or
>>>> "reject".  As a consequence, no restrictions after this are
>>>> evaluated.  Use reject_unauth_destination instead, that should fix
>>>> your problem.
>>>>
>>> ... Based on above changes i have ths now
>>> smtpd_recipient_restrictions = permit_sasl_authenticated,
>>> check_relay_domains,
>>
>> Did you miss the very important comment about check_relay_domains in
>> my original reply?
>>
>> reject_rbl_client zen.spamhaus.org,reject_rbl_client
>>> bl.spamcop.net,reject_rbl_client, check_policy_service
>>> inet:127.0.0.1:10023
>>
>> reject_rbl_client with no RBL to check will likely give a
>> configuration error.
>>
>>> and I got a
>>> check_access: [hidden email] <mailto:[hidden email]>
>>> Aug  4 15:40:54 batfish postfix/smtpd[1326]: panic: check_access:
>>> dictionary not found: inet:127.0.0.1:10023
>>> Aug  4 15:40:55 batfish postfix/master[1057]: warning: process
>>> /usr/local/libexec/postfix/smtpd pid 1326 killed by signal 6
>>> Aug  4 15:40:55 batfish postfix/master[1057]: warning:
>>> /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
>>> erro message which I assume is related to postgrey??
>>
>> I expect this is from the extra 'reject_rbl_client' under
>> smtpd_recipient_restrictions I mentioned above.
>
>
> I guess you didn't se my configs

I guess you posted the wrong config.

> smtpd_recipient_restrictions =
> permit_sasl_authenticated,reject_unauth_destination,reject_rbl_client
> zen.spamhaus.org,reject_rbl_client
> bl.spamcop.net,reject_rbl_client,check_policy_service inet:127.0.0.1:10023

See the extra "reject_rbl_client" just before
check_policy_service?  that's what's causing your current error.

    -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

SOLVED Re: Postgrey and Postfix

jason hirsh

On Aug 4, 2009, at 4:56 PM, Noel Jones wrote:

> Jason Hirsh wrote:
>> On Aug 4, 2009, at 3:59 PM, Noel Jones wrote:
>>> Jason Hirsh wrote:
>>>> On Aug 4, 2009, at 3:01 PM, Noel Jones wrote:
>>>>> Jason Hirsh wrote:
>>>>>> I raise this question here because  it appears the basic  
>>>>>> postgrey daemon is running
>>>>>> I have a FReebsd 7.0 server with Postfix, amavisd-new, Dovecot  
>>>>>> to which i added Postgrey
>>>>>> I have postgrey runnng as a ps aux grep | postfix shows
>>>>>> postgrey   653  0.0  2.4 14384 12052  ??  Is    1:53PM    
>>>>>> 0:00.04 /usr/local/sbin/postgrey --pidfile=/var/run/
>>>>>> postgrey.pid --inet=10023 -d --user=postgrey --group=postgrey  
>>>>>> --dbdir=/var/db/postgrey (perl5.8.9)
>>>>>> There is no indication in the syslog maillog of any postgrey  
>>>>>> activity so I am presuming that i have messed up the install  
>>>>>> or configuration.. postconf -n shows
>>>>>> smtpd_recipient_restrictions = permit_sasl_authenticated,  
>>>>>> check_relay_domains,
>>>>>
>>>>> check_relay_domains is deprecated.
>>>>> Note that check_relay_domains always resolves to either  
>>>>> "permit" or "reject".  As a consequence, no restrictions after  
>>>>> this are evaluated.  Use reject_unauth_destination instead,  
>>>>> that should fix your problem.
>>>>>
>>>> ... Based on above changes i have ths now
>>>> smtpd_recipient_restrictions = permit_sasl_authenticated,  
>>>> check_relay_domains,
>>>
>>> Did you miss the very important comment about check_relay_domains  
>>> in my original reply?
>>>
>>> reject_rbl_client zen.spamhaus.org,reject_rbl_client
>>>> bl.spamcop.net,reject_rbl_client, check_policy_service inet:
>>>> 127.0.0.1:10023
>>>
>>> reject_rbl_client with no RBL to check will likely give a  
>>> configuration error.
>>>
>>>> and I got a
>>>> check_access: [hidden email] <mailto:[hidden email]>
>>>> Aug  4 15:40:54 batfish postfix/smtpd[1326]: panic:  
>>>> check_access: dictionary not found: inet:127.0.0.1:10023
>>>> Aug  4 15:40:55 batfish postfix/master[1057]: warning: process /
>>>> usr/local/libexec/postfix/smtpd pid 1326 killed by signal 6
>>>> Aug  4 15:40:55 batfish postfix/master[1057]: warning: /usr/
>>>> local/libexec/postfix/smtpd: bad command startup -- throttling
>>>> erro message which I assume is related to postgrey??
>>>
>>> I expect this is from the extra 'reject_rbl_client' under  
>>> smtpd_recipient_restrictions I mentioned above.
>> I guess you didn't se my configs
>
> I guess you posted the wrong config.

who ME?????? :)
>
>> smtpd_recipient_restrictions =  
>> permit_sasl_authenticated,reject_unauth_destination,reject_rbl_client
>>  zen.spamhaus.org,reject_rbl_client  
>> bl.spamcop.net,reject_rbl_client,check_policy_service inet:
>> 127.0.0.1:10023
>
> See the extra "reject_rbl_client" just before  
> check_policy_service?  that's what's causing your current error.


that did it

final working postconf -n

command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = regexp:/usr/local/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
mail_owner = postfix
mail_spool_directory = /var/mail/vmail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_domains = bl.spamcop.net
mydestination = localhost.$mydomain, localhost
myhostname = xxxxx
mynetworks = 127.0.0.0/8,  xxxxxxx
myorigin = $myhostname
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
receive_override_options = no_address_mappings
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtpd_banner =
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated,  
permit_mynetworks,check_helo_access hash:/usr/local/etc/postfix/
helo_access,reject_invalid_hostname,reject_unknown_hostname
smtpd_recipient_restrictions =  
permit_sasl_authenticated,reject_unauth_destination,reject_rbl_client  
zen.spamhaus.org,reject_rbl_client  
bl.spamcop.net,check_policy_service inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostnamebroken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated
smtpd_tls_CAfile = /etc/mail/certs/root.crt
smtpd_tls_cert_file = /etc/mail/certs/server.pem
smtpd_tls_key_file = /etc/mail/certs/server.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
virtual_gid_maps = static:1000
virtual_mailbox_base = /var/mail/vmail
virtual_mailbox_domains = /usr/local/etc/postfix/virtual_domains
virtual_mailbox_maps = hash:/usr/local/etc/postfix/virtual_mailbox
virtual_minimum_uid = 100

>
>    -- Noel Jones