3. Postfix-Fowarder - enabling remote policyd server breaks config

Postfix-Fowarder - enabling remote policyd server breaks config


  • Hello,

    I set up a policyd v2 server today,  after updating the postfix-forwarder to use it (AntiSpam tab,  bottom section "Third part Antispam settings",  in 'Policydv2Location' field "inet:10.101.1.29:10031").

    After doing so parts of postfix faill to load properly,  and the policyd service is unused.  From the logs:

    Jan  5 14:49:41 mx1 postfix/postfix-script[45212]: refreshing the Postfix mail system
    Jan  5 14:49:41 mx1 postfix/master[4332]: reload – version 2.8.7, configuration /usr/local/etc/postfix
    Jan  5 14:49:42 mx1 postfix/smtpd[56317]: fatal: restriction class `has_our_domain_as_sender' needs a definition
    Jan  5 14:49:43 mx1 postfix/master[4332]: warning: process /usr/local/libexec/postfix/smtpd pid 56317 exit status 1
    Jan  5 14:49:43 mx1 postfix/master[4332]: warning: /usr/local/libexec/postfix/smtpd: bad command startup – throttling
    Jan  5 14:50:21 mx1 postfix/postscreen[8697]: warning: timeout sending connection to service private/smtpd

    the service is reachable from this box:

    [2.0.1-RELEASE][root@pfw1.studio.local]/usr/local/etc/postfix(91): telnet 10.101.1.29 10031
    Trying 10.101.1.29…
    Connected to mail.srv.studio.local
    Escape character is '^]'.

    from main.cf:

    #using policyd v2
    client_throttle = check_policy_service inet:10.101.1.29:10031
    smtpd_client_restrictions = check_policy_service inet:10.101.1.29:10031
    smtpd_restriction_classes =
    has_our_domain_as_sender
    client_throttle
    smtpd_end_of_data_restrictions = check_policy_service inet:10.101.1.29:10031

    From my understanding,  has_our_domain_as_sender is in a vaild place but there should be a map variable assigned to it else where.  eg:

    has_our_domain_as_sender = check_sender_access hash:/etc/postfix/mydomains, reject

    but it doesn't appear to be in the file.

    take care,
    greg

    0

  • try to include this on custom main.cf options

    has_our_domain_as_sender = pcre:/usr/local/etc/postfix/cal_pcre

    0

  • @marcelloc:

    try to include this on custom main.cf options
    has_our_domain_as_sender = pcre:/usr/local/etc/postfix/cal_pcre

    Thanks Marcello,

    I fixed it myself by creating a file and postmap'n it.  I then added something similar but not quite the same as your example..  seems to be working:

    mydomain file contents:

    domain.com  OK
    <>              OK

    i then converted it:

    postmap mydomain

    and finally added the below to custom main.cf under smtpd_restrictiosn_classes:

    has_our_domain_as_sender = check_sender_access hash:/usr/local/etc/postfix/mydomains, reject

    which seems to have made things happier.

    the file you suggested has a list of regx's of domain strings from which I don't want to accept mail from,  is what i did wrong and I should follow your suggested method instead?

    thanks again,
    greg

    0

  • You did right.  :)

    I'll include this fix on next release.

    0

  • @marcelloc:

    You did right.  :)

    I'll include this fix on next release.

    thanks,  have a good weekend.

    -g

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy