Postfix-Fowarder - enabling remote policyd server breaks config
-
Hello,
I set up a policyd v2 server today, after updating the postfix-forwarder to use it (AntiSpam tab, bottom section "Third part Antispam settings", in 'Policydv2Location' field "inet:10.101.1.29:10031").
After doing so parts of postfix faill to load properly, and the policyd service is unused. From the logs:
Jan 5 14:49:41 mx1 postfix/postfix-script[45212]: refreshing the Postfix mail system
Jan 5 14:49:41 mx1 postfix/master[4332]: reload – version 2.8.7, configuration /usr/local/etc/postfix
Jan 5 14:49:42 mx1 postfix/smtpd[56317]: fatal: restriction class `has_our_domain_as_sender' needs a definition
Jan 5 14:49:43 mx1 postfix/master[4332]: warning: process /usr/local/libexec/postfix/smtpd pid 56317 exit status 1
Jan 5 14:49:43 mx1 postfix/master[4332]: warning: /usr/local/libexec/postfix/smtpd: bad command startup – throttling
Jan 5 14:50:21 mx1 postfix/postscreen[8697]: warning: timeout sending connection to service private/smtpdthe service is reachable from this box:
[2.0.1-RELEASE][root@pfw1.studio.local]/usr/local/etc/postfix(91): telnet 10.101.1.29 10031
Trying 10.101.1.29…
Connected to mail.srv.studio.local
Escape character is '^]'.from main.cf:
#using policyd v2
client_throttle = check_policy_service inet:10.101.1.29:10031
smtpd_client_restrictions = check_policy_service inet:10.101.1.29:10031
smtpd_restriction_classes =
has_our_domain_as_sender
client_throttle
smtpd_end_of_data_restrictions = check_policy_service inet:10.101.1.29:10031From my understanding, has_our_domain_as_sender is in a vaild place but there should be a map variable assigned to it else where. eg:
has_our_domain_as_sender = check_sender_access hash:/etc/postfix/mydomains, reject
but it doesn't appear to be in the file.
take care,
greg -
try to include this on custom main.cf options
has_our_domain_as_sender = pcre:/usr/local/etc/postfix/cal_pcre
-
try to include this on custom main.cf options
has_our_domain_as_sender = pcre:/usr/local/etc/postfix/cal_pcreThanks Marcello,
I fixed it myself by creating a file and postmap'n it. I then added something similar but not quite the same as your example.. seems to be working:
mydomain file contents:
domain.com OK
<> OKi then converted it:
postmap mydomain
and finally added the below to custom main.cf under smtpd_restrictiosn_classes:
has_our_domain_as_sender = check_sender_access hash:/usr/local/etc/postfix/mydomains, reject
which seems to have made things happier.
the file you suggested has a list of regx's of domain strings from which I don't want to accept mail from, is what i did wrong and I should follow your suggested method instead?
thanks again,
greg -
You did right. :)
I'll include this fix on next release.
-
You did right. :)
I'll include this fix on next release.
thanks, have a good weekend.
-g