Installing SPF-postfix in SpamSnake Howto

Discussion in 'HOWTO-Related Questions' started by Goose, May 12, 2008.

  1. Goose

    Goose New Member

    I have been running through the installation of SpamSnake and have hit on a problem.

    http://howtoforge.com/the-perfect-spamsnake-ubuntu-8.04-p6

    After installing the SPF for postfix I get the following error:

    postfix/smtpd[6743]: fatal: dict_unix_open: unknown map name: private/policy

    I have checked and double checked everything on the above page and can't find the solution. I have searched Google and the only thing I can find is about postfix being the wrong version. I have only downloaded postfix using get-apt a few days ago so I am assuming it is a current version (not sure where to check).

    I have installed

    Mail::SPF
    NetAddr::IP

    added to /etc/postfix/master.cf

    policy unix - n n - - spawn
    user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl

    added to main.cf (after reject_unauth_destination)

    check_policy_service unix:private/policy

    and I've rebooted
     
  2. Rocky

    Rocky New Member

    You have to append the following exactly as you see it in the master.cf file:

    Code:
    policy unix - n n - - spawn
       user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl
    
    It requires the leading spaces.

    Can you post your main.cf and master.cf file?
     
    Last edited: May 12, 2008
  3. Goose

    Goose New Member

    Oops, should have posted in code tags. I do have a space.

    main.cf
    (changed domain names and ip)
    Code:
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = no
    
    # TLS parameters
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls=yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    myhostname = myspamsnake.company.local
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = company.com
    mydestination = 
    relayhost = myisprelay.com
    mynetworks = 127.0.0.0/8, 192.168.1.21/32
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    message_size_limit = 10485760
    local_transport = error:No local mail delivery
    local_recipient_maps = 
    virtual_alias_maps = hash:/etc/postfix/virtual
    relay_recipient_maps = hash:/etc/postfix/relay_recipients
    transport_maps = hash:/etc/postfix/transport
    relay_domains = hash:/etc/postfix/relay_domains
    smtpd_helo_required = yes
    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain
    smtpd_recipient_restrictions =
       reject_non_fqdn_sender
       reject_unknown_sender_domain
       reject_non_fqdn_recipient
       reject_unknown_recipient_domain
       permit_mynetworks
       reject_unauth_destination
       check_policy_sevice unix:private/policy
       reject_unauth_pipelining
       reject_invalid_helo_hostname
       reject_non_fqdn_helo_hostname
       reject_rbl_client zen.spamhaus.org
       check_policy_service inet:127.0.0.1:2525
    smtpd_data_restrictions = reject_unauth_pipelining
    header_checks = regexp:/etc/postfix/header_checks
    
    master.cf
    (removed some hashed out stuff)
    Code:
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       -       -       -       smtpd
    pickup    fifo  n       -       -       60      1       pickup
    	-o content_filter=
    	-o receive_override_options=no_header_body_checks
    cleanup   unix  n       -       -       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    #qmgr     fifo  n       -       -       300     1       oqmgr
    tlsmgr    unix  -       -       -       1000?   1       tlsmgr
    rewrite   unix  -       -       -       -       -       trivial-rewrite
    bounce    unix  -       -       -       -       0       bounce
    defer     unix  -       -       -       -       0       bounce
    trace     unix  -       -       -       -       0       bounce
    verify    unix  -       -       -       -       1       verify
    flush     unix  n       -       -       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       -       -       -       smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay     unix  -       -       -       -       -       smtp
    	-o smtp_fallback_relay=
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       -       -       -       showq
    error     unix  -       -       -       -       -       error
    retry     unix  -       -       -       -       -       error
    discard   unix  -       -       -       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       -       -       -       lmtp
    anvil     unix  -       -       -       -       1       anvil
    scache    unix  -       -       -       -       1       scache
    
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix	-	n	n	-	2	pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    policy    unix  -       n       n       -       -       spawn
      user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl
    
    
    
    I should add that running the stand alone spf test works. No 4 on http://www.howtoforge.com/postfix_spf
     
    Last edited: May 12, 2008
  4. Rocky

    Rocky New Member

    Ok everything looks good on your end and I'm sure you've install postfix-policyd-spf-perl correctly. I noticed one difference between my main.cf and yours. Please add commas to your recipient_restrictions as follows:

    Code:
     
    smtpd_recipient_restrictions =
                reject_non_fqdn_sender[B],[/B]
                reject_unknown_sender_domain[B],[/B]
                reject_non_fqdn_recipient[B],
    [/B]            reject_unknown_recipient_domain[B],[/B]
                permit_mynetworks[B],[/B]
                reject_unauth_destination[B],
    [/B]            check_policy_sevice unix:private/policy[B],
    [/B]            reject_unauth_pipelining[B],
    [/B]            reject_invalid_helo_hostname[B],
    [/B]            reject_non_fqdn_helo_hostname[B],
    [/B]            reject_rbl_client zen.spamhaus.org[B],[/B]
                [B]check_policy_service unix:private/policy,[/B]
                check_policy_service inet:127.0.0.1:2525
    
    Try that and let me know if it works.

    Thanks,
     
  5. Goose

    Goose New Member

    Well I'll take the reward for idiot techie of the year. I had tried it with and with out commas, in line and separate. I spent the whole day going through it and checking everything. Only after moving it further down the list to match yours did I notice the missing r in service. DOH.

    Thanks for taking the time to help me out (and time taken to write the guide).

    :D
     
  6. Rocky

    Rocky New Member

    LOL..

    Hey man, it happens, I missed it too.

    Good luck with the rest and it's no problem at all.

    Rocky
     

Share This Page