Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th June 2008, 23:46
Lazuli Lazuli is offline
Junior Member
 
Join Date: Jun 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default postfix/policyd-spf-perl on debian etch

Hi all,

I have postfix running on a debian etch system. I've installed policyd-spf-perl per the howto on this site, postmap'd master.cf and main.cf, restarted postfix, but alas, when I attempt to send mail through postfix, no spf messages appear in /var/log/mail.log

I have tried running /usr/bin/perl /usr/lib/postfix/policyd-spf-perl
manually along with relying on the spawn; neither seems to work.

Following is my postconf -n:

postconf -n
canonical_classes = header_recipient
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/man
message_size_limit = 25600000
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = /etc/postfix/networks
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
recipient_canonical_maps = hash:/etc/postfix/recipient_maps
relay_domains = /etc/postfix/domains
remote_header_rewrite_domain = secureworks.net
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_authorized_xforward_hosts = /etc/postfix/networks
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access, reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/recipient_access, check_client_access hash:/etc/postfix/client_access, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:10023, check_policy_service unixrivate/policy, policy_time_limit = 3600 permit
smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/recipient_access, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
unknown_local_recipient_reject_code = 550


If there is any other information I can add please let me know. Thank you for your help.

thanks,
Lynette
Reply With Quote
Sponsored Links
  #2  
Old 5th June 2008, 16:54
Lazuli Lazuli is offline
Junior Member
 
Join Date: Jun 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

One further note: Running policyd-spf-perl from the command line and pasting commands directly to it appears to work as expected:

/usr/lib/postfix/policyd-spf-perl
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=wkstn-1.domain.net
queue_id=8045F2AB23
sender=info@wkstn-1.domain.net
recipient=user@domain.net
client_address=10.0.0.2
client_name=wkstn-1.domain.net

action=PREPEND Received-SPF: none (wkstn-1.domain.net: No applicable sender policy available) receiver=mail1.domain.net; identity=mfrom; envelope-from="info@wkstn-1.domain.net"; helo=wkstn-1.domain.net; client-ip=10.0.0.2

My initial email said "running by hand doesn't work" -- what I meant was starting policyd-spf-perl from the command line and sending through postfix doesn't work.

Lynette
Reply With Quote
  #3  
Old 5th June 2008, 17:45
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

What's in /etc/postfix/master.cf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 5th June 2008, 18:07
Lazuli Lazuli is offline
Junior Member
 
Join Date: Jun 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default master and main files

Please find attached my main.cf and master.cf
I've tried with and without commas, a variety of names for "policy"
and various locations within the files.

thanks,
Lynette
Attached Files
File Type: txt main.txt (2.7 KB, 212 views)
File Type: txt master.txt (5.2 KB, 186 views)
Reply With Quote
  #5  
Old 6th June 2008, 11:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Can you remove the white lines and comments from the smtpd_recipient_restrictions statement in main.cf?
Also, what's the output of
Code:
ls -la /usr/lib/postfix/policyd-spf-perl
and
Code:
uname -a
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 6th June 2008, 16:16
Lazuli Lazuli is offline
Junior Member
 
Join Date: Jun 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

smtpd_recipient_restrictions =
permit_mynetworks,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
check_policy_service unixrivate/policy,
check_sender_access hash:/etc/postfix/sender_access,
check_recipient_access hash:/etc/postfix/recipient_access,
check_client_access hash:/etc/postfix/client_access,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
check_policy_service inet:127.0.0.1:10023,
permit

ls -la /usr/lib/postfix/policyd-spf-perl
-rwxr-xr-x 1 nobody nogroup 8791 2008-06-04 04:48 /usr/lib/postfix/policyd-spf-perl

uname -a
Linux mail1i 2.6.18-6-686 #1 SMP Thu May 8 07:34:27 UTC 2008 i686 GNU/Linux
Reply With Quote
  #7  
Old 6th June 2008, 16:17
Lazuli Lazuli is offline
Junior Member
 
Join Date: Jun 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

lsof |grep policy

master 2572 root 101u unix 0xf7f31580 7995 private/policy
Reply With Quote
  #8  
Old 7th June 2008, 11:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

What's in /etc/postfix/networks?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 9th June 2008, 16:15
Lazuli Lazuli is offline
Junior Member
 
Join Date: Jun 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'll post the pieces that don't identify our site:

127.0.0.0/8
[::1]
10.0.0.0/8
192.168.0.0/16
Reply With Quote
  #10  
Old 10th June 2008, 14:09
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
 
Default

Quote:
Originally Posted by Lazuli View Post
I'll post the pieces that don't identify our site:

127.0.0.0/8
[::1]
10.0.0.0/8
192.168.0.0/16
Are you sending from one of these networks? permit_mynetworks is listed before
check_policy_service unix:Private/policy in smtpd_recipient_restrictions, so in this case check_policy_service isn't called anymore.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Booting On PXE And On A Customized Debian System sebastienp HOWTO-Related Questions 7 30th July 2009 21:13
Ispconfig + awstats on debian etch Dennis Installation/Configuration 1 19th April 2008 22:57
Perfect setup Debian Etch ISPConfig - DNS Server kdclaver Installation/Configuration 16 28th December 2007 01:39
Bind Failed christoph2k HOWTO-Related Questions 4 28th April 2007 00:57
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 14:42


All times are GMT +2. The time now is 14:26.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.