Postfix-Fowarder - enabling remote policyd server breaks config

gwhynott

Hello,

I set up a policyd v2 server today,  after updating the postfix-forwarder to use it (AntiSpam tab,  bottom section "Third part Antispam settings",  in 'Policydv2Location' field "inet:10.101.1.29:10031").

After doing so parts of postfix faill to load properly,  and the policyd service is unused.  From the logs:

Jan  5 14:49:41 mx1 postfix/postfix-script[45212]: refreshing the Postfix mail system
Jan  5 14:49:41 mx1 postfix/master[4332]: reload – version 2.8.7, configuration /usr/local/etc/postfix
Jan  5 14:49:42 mx1 postfix/smtpd[56317]: fatal: restriction class `has_our_domain_as_sender' needs a definition
Jan  5 14:49:43 mx1 postfix/master[4332]: warning: process /usr/local/libexec/postfix/smtpd pid 56317 exit status 1
Jan  5 14:49:43 mx1 postfix/master[4332]: warning: /usr/local/libexec/postfix/smtpd: bad command startup – throttling
Jan  5 14:50:21 mx1 postfix/postscreen[8697]: warning: timeout sending connection to service private/smtpd

the service is reachable from this box:

[2.0.1-RELEASE][root@pfw1.studio.local]/usr/local/etc/postfix(91): telnet 10.101.1.29 10031
Trying 10.101.1.29…
Connected to mail.srv.studio.local
Escape character is '^]'.

from main.cf:

#using policyd v2
client_throttle = check_policy_service inet:10.101.1.29:10031
smtpd_client_restrictions = check_policy_service inet:10.101.1.29:10031
smtpd_restriction_classes =
has_our_domain_as_sender
client_throttle
smtpd_end_of_data_restrictions = check_policy_service inet:10.101.1.29:10031

From my understanding,  has_our_domain_as_sender is in a vaild place but there should be a map variable assigned to it else where.  eg:

has_our_domain_as_sender = check_sender_access hash:/etc/postfix/mydomains, reject

but it doesn't appear to be in the file.

take care,
greg

marcelloc

try to include this on custom main.cf options

has_our_domain_as_sender = pcre:/usr/local/etc/postfix/cal_pcre

gwhynott

@marcelloc:

try to include this on custom main.cf options
has_our_domain_as_sender = pcre:/usr/local/etc/postfix/cal_pcre

Thanks Marcello,

I fixed it myself by creating a file and postmap'n it.  I then added something similar but not quite the same as your example..  seems to be working:

mydomain file contents:

domain.com  OK
<>              OK

i then converted it:

postmap mydomain

and finally added the below to custom main.cf under smtpd_restrictiosn_classes:

has_our_domain_as_sender = check_sender_access hash:/usr/local/etc/postfix/mydomains, reject

which seems to have made things happier.

the file you suggested has a list of regx's of domain strings from which I don't want to accept mail from,  is what i did wrong and I should follow your suggested method instead?

thanks again,
greg

marcelloc

You did right.  :)

I'll include this fix on next release.

gwhynott

@marcelloc:

You did right.  :)

I'll include this fix on next release.

thanks,  have a good weekend.

-g