Postfix seems to ignore check_policy_service

Discussion in 'Server Operation' started by stuperman4, Oct 4, 2010.

  1. stuperman4

    stuperman4 New Member


    We have a Postfix instance that we're attempting to use a milter (mail filter) on. We've used the instructions in the mail filter and added this in our

    smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_policy_service inet:

    We have verified that Postfix is reading this line as expected but it doesn't seem like it is calling the service on port 10031. We have verified that the service is running as expected, but all mail doesn't seem to be going through this filter. In fact, if we run Netcat and have it listen on port 10031, we never get a connection to this port. Ever.

    We've tried various troubleshooting options but we can't seem to get Postfix to call the service on this port. Looking through Google we have verified on the setup pages for other services that we have set this up correctly.

    Troubleshooting tips? Anyone else run into this problem before?

    Thank you.
  2. Turbanator

    Turbanator Member HowtoForge Supporter

    I THINK you need to have ",permit" at the end of that line.
  3. stuperman4

    stuperman4 New Member


    Adding ",permit" didn't make a difference. Still no connection attempted on port 10031.

    We have verified the other arguments do make a difference. The check_policy_service inet: just doesn't seem to do anything. Incoming mail just sails right through without trying what is on port 10031. Anything else I can try to fix this issue?

  4. Turbanator

    Turbanator Member HowtoForge Supporter

    eem to me it's a problem with whatever service you're running on 10031 (policyd??). I use the check_policy tag with postgrey and it's working on debian lenny so it's not a syntax or postfix issue that I can see.

    What distro? Not sure if an iptables or selinux issue could arise from localhost but those may be worth looking into.
  5. stuperman4

    stuperman4 New Member


    As per my first message, I said I tried using Netcat to see if I was even getting a connection on that port. I didn't. Therefore, it can't be an issue with the service, it has to be with Postfix.

    This is with CentOS and iptables/SELinux disabled.

  6. Turbanator

    Turbanator Member HowtoForge Supporter

    It's all beyond me, but having the port accessible doesn't necessarily mean the service is running. Can I ask what you're milter is? Also, what version CentOs?
  7. snowbliss

    snowbliss New Member

    Did anyone ever come up with an answer to this?

    It's been a while, but I've setup policy servers for use by postfix before, and I'm running into this exact same problem.

    The only time I seem to connect to the policy server (policyd/cluebringer) is when I telnet directly to port 10031. The connection is then logged in cbpolicyd.log, but postfix never seems to connect or time out.
  8. hardihood07

    hardihood07 New Member

    Was there even a solution to this problem? I am having the same issue where postfix cannot seem to talk to check_policy_server running on port 10031 (policyd).
  9. hardihood07

    hardihood07 New Member

    I found a solution to this issue. I was making a mistake. I was generating mail locally on the server using sendmail/mailx etc which results in that mail getting picked up by the pickup daemon rather than by the smtpd i.e sendmail on the server locally is direct writing a queue file into the "maildrop" directory which is getting picked up by postfix 'pickup' rather than smtpd . So in order to check mail against check_policy_service, the mail must be submitted via SMTP (using any smtp client like mini_sendmail). Once i did that, connection to policy server was made and checked against throttling and got expected result.

Share This Page