Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Postfix-Fowarder - enabling remote policyd server breaks config

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gwhynottG
      gwhynott
      last edited by

      Hello,

      I set up a policyd v2 server today,  after updating the postfix-forwarder to use it (AntiSpam tab,  bottom section "Third part Antispam settings",  in 'Policydv2Location' field "inet:10.101.1.29:10031").

      After doing so parts of postfix faill to load properly,  and the policyd service is unused.  From the logs:

      Jan  5 14:49:41 mx1 postfix/postfix-script[45212]: refreshing the Postfix mail system
      Jan  5 14:49:41 mx1 postfix/master[4332]: reload – version 2.8.7, configuration /usr/local/etc/postfix
      Jan  5 14:49:42 mx1 postfix/smtpd[56317]: fatal: restriction class `has_our_domain_as_sender' needs a definition
      Jan  5 14:49:43 mx1 postfix/master[4332]: warning: process /usr/local/libexec/postfix/smtpd pid 56317 exit status 1
      Jan  5 14:49:43 mx1 postfix/master[4332]: warning: /usr/local/libexec/postfix/smtpd: bad command startup – throttling
      Jan  5 14:50:21 mx1 postfix/postscreen[8697]: warning: timeout sending connection to service private/smtpd

      the service is reachable from this box:

      [2.0.1-RELEASE][root@pfw1.studio.local]/usr/local/etc/postfix(91): telnet 10.101.1.29 10031
      Trying 10.101.1.29…
      Connected to mail.srv.studio.local
      Escape character is '^]'.

      from main.cf:

      #using policyd v2
      client_throttle = check_policy_service inet:10.101.1.29:10031
      smtpd_client_restrictions = check_policy_service inet:10.101.1.29:10031
      smtpd_restriction_classes =
      has_our_domain_as_sender
      client_throttle
      smtpd_end_of_data_restrictions = check_policy_service inet:10.101.1.29:10031

      From my understanding,  has_our_domain_as_sender is in a vaild place but there should be a map variable assigned to it else where.  eg:

      has_our_domain_as_sender = check_sender_access hash:/etc/postfix/mydomains, reject

      but it doesn't appear to be in the file.

      take care,
      greg

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        try to include this on custom main.cf options

        has_our_domain_as_sender = pcre:/usr/local/etc/postfix/cal_pcre

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • gwhynottG
          gwhynott
          last edited by

          @marcelloc:

          try to include this on custom main.cf options
          has_our_domain_as_sender = pcre:/usr/local/etc/postfix/cal_pcre

          Thanks Marcello,

          I fixed it myself by creating a file and postmap'n it.  I then added something similar but not quite the same as your example..  seems to be working:

          mydomain file contents:

          domain.com  OK
          <>              OK

          i then converted it:

          postmap mydomain

          and finally added the below to custom main.cf under smtpd_restrictiosn_classes:

          has_our_domain_as_sender = check_sender_access hash:/usr/local/etc/postfix/mydomains, reject

          which seems to have made things happier.

          the file you suggested has a list of regx's of domain strings from which I don't want to accept mail from,  is what i did wrong and I should follow your suggested method instead?

          thanks again,
          greg

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            You did right.  :)

            I'll include this fix on next release.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • gwhynottG
              gwhynott
              last edited by

              @marcelloc:

              You did right.  :)

              I'll include this fix on next release.

              thanks,  have a good weekend.

              -g

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.