PDA

View Full Version : postfix/policyd-spf-perl on debian etch

Lazuli
5th June 2008, 00:46
Hi all,

I have postfix running on a debian etch system. I've installed policyd-spf-perl per the howto on this site, postmap'd master.cf and main.cf, restarted postfix, but alas, when I attempt to send mail through postfix, no spf messages appear in /var/log/mail.log

I have tried running /usr/bin/perl /usr/lib/postfix/policyd-spf-perl
manually along with relying on the spawn; neither seems to work.

Following is my postconf -n:

postconf -n
canonical_classes = header_recipient
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/man
message_size_limit = 25600000
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = /etc/postfix/networks
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
recipient_canonical_maps = hash:/etc/postfix/recipient_maps
relay_domains = /etc/postfix/domains
remote_header_rewrite_domain = secureworks.net
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_authorized_xforward_hosts = /etc/postfix/networks
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access, reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/recipient_access, check_client_access hash:/etc/postfix/client_access, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:10023, check_policy_service unix:private/policy, policy_time_limit = 3600 permit
smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/recipient_access, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
unknown_local_recipient_reject_code = 550


If there is any other information I can add please let me know. Thank you for your help.

thanks,
Lynette
Lazuli
5th June 2008, 17:54
One further note: Running policyd-spf-perl from the command line and pasting commands directly to it appears to work as expected:

/usr/lib/postfix/policyd-spf-perl
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=wkstn-1.domain.net
queue_id=8045F2AB23
sender=info@wkstn-1.domain.net
recipient=user@domain.net
client_address=10.0.0.2
client_name=wkstn-1.domain.net

action=PREPEND Received-SPF: none (wkstn-1.domain.net: No applicable sender policy available) receiver=mail1.domain.net; identity=mfrom; envelope-from="info@wkstn-1.domain.net"; helo=wkstn-1.domain.net; client-ip=10.0.0.2

My initial email said "running by hand doesn't work" -- what I meant was starting policyd-spf-perl from the command line and sending through postfix doesn't work.

Lynette
falko
5th June 2008, 18:45
What's in /etc/postfix/master.cf?
Lazuli
5th June 2008, 19:07
Please find attached my main.cf and master.cf
I've tried with and without commas, a variety of names for "policy"
and various locations within the files.

thanks,
Lynette
falko
6th June 2008, 12:27
Can you remove the white lines and comments from the smtpd_recipient_restrictions statement in main.cf?
Also, what's the output of ls -la /usr/lib/postfix/policyd-spf-perl and uname -a?
Lazuli
6th June 2008, 17:16
smtpd_recipient_restrictions =
permit_mynetworks,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
check_policy_service unix:private/policy,
check_sender_access hash:/etc/postfix/sender_access,
check_recipient_access hash:/etc/postfix/recipient_access,
check_client_access hash:/etc/postfix/client_access,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
check_policy_service inet:127.0.0.1:10023,
permit

ls -la /usr/lib/postfix/policyd-spf-perl
-rwxr-xr-x 1 nobody nogroup 8791 2008-06-04 04:48 /usr/lib/postfix/policyd-spf-perl

uname -a
Linux mail1i 2.6.18-6-686 #1 SMP Thu May 8 07:34:27 UTC 2008 i686 GNU/Linux
Lazuli
6th June 2008, 17:17
lsof |grep policy

master 2572 root 101u unix 0xf7f31580 7995 private/policy
falko
7th June 2008, 12:51
What's in /etc/postfix/networks?
Lazuli
9th June 2008, 17:15
I'll post the pieces that don't identify our site:

127.0.0.0/8
[::1]
10.0.0.0/8
192.168.0.0/16
falko
10th June 2008, 15:09
I'll post the pieces that don't identify our site:

127.0.0.0/8
[::1]
10.0.0.0/8
192.168.0.0/16
Are you sending from one of these networks? permit_mynetworks is listed before
check_policy_service unix:Private/policy in smtpd_recipient_restrictions, so in this case check_policy_service isn't called anymore.