Postfix-Fowarder - enabling remote policyd server breaks config



  • Hello,

    I set up a policyd v2 server today,  after updating the postfix-forwarder to use it (AntiSpam tab,  bottom section "Third part Antispam settings",  in 'Policydv2Location' field "inet:10.101.1.29:10031").

    After doing so parts of postfix faill to load properly,  and the policyd service is unused.  From the logs:

    Jan  5 14:49:41 mx1 postfix/postfix-script[45212]: refreshing the Postfix mail system
    Jan  5 14:49:41 mx1 postfix/master[4332]: reload – version 2.8.7, configuration /usr/local/etc/postfix
    Jan  5 14:49:42 mx1 postfix/smtpd[56317]: fatal: restriction class `has_our_domain_as_sender' needs a definition
    Jan  5 14:49:43 mx1 postfix/master[4332]: warning: process /usr/local/libexec/postfix/smtpd pid 56317 exit status 1
    Jan  5 14:49:43 mx1 postfix/master[4332]: warning: /usr/local/libexec/postfix/smtpd: bad command startup – throttling
    Jan  5 14:50:21 mx1 postfix/postscreen[8697]: warning: timeout sending connection to service private/smtpd

    the service is reachable from this box:

    [2.0.1-RELEASE][root@pfw1.studio.local]/usr/local/etc/postfix(91): telnet 10.101.1.29 10031
    Trying 10.101.1.29…
    Connected to mail.srv.studio.local
    Escape character is '^]'.

    from main.cf:

    #using policyd v2
    client_throttle = check_policy_service inet:10.101.1.29:10031
    smtpd_client_restrictions = check_policy_service inet:10.101.1.29:10031
    smtpd_restriction_classes =
    has_our_domain_as_sender
    client_throttle
    smtpd_end_of_data_restrictions = check_policy_service inet:10.101.1.29:10031

    From my understanding,  has_our_domain_as_sender is in a vaild place but there should be a map variable assigned to it else where.  eg:

    has_our_domain_as_sender = check_sender_access hash:/etc/postfix/mydomains, reject

    but it doesn't appear to be in the file.

    take care,
    greg



  • try to include this on custom main.cf options

    has_our_domain_as_sender = pcre:/usr/local/etc/postfix/cal_pcre



  • @marcelloc:

    try to include this on custom main.cf options
    has_our_domain_as_sender = pcre:/usr/local/etc/postfix/cal_pcre

    Thanks Marcello,

    I fixed it myself by creating a file and postmap'n it.  I then added something similar but not quite the same as your example..  seems to be working:

    mydomain file contents:

    domain.com  OK
    <>              OK

    i then converted it:

    postmap mydomain

    and finally added the below to custom main.cf under smtpd_restrictiosn_classes:

    has_our_domain_as_sender = check_sender_access hash:/usr/local/etc/postfix/mydomains, reject

    which seems to have made things happier.

    the file you suggested has a list of regx's of domain strings from which I don't want to accept mail from,  is what i did wrong and I should follow your suggested method instead?

    thanks again,
    greg



  • You did right.  :)

    I'll include this fix on next release.



  • @marcelloc:

    You did right.  :)

    I'll include this fix on next release.

    thanks,  have a good weekend.

    -g


Locked