From owner-freebsd-ports@FreeBSD.ORG  Fri Nov  4 18:03:19 2011
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 77ADA1065672
	for <freebsd-ports@freebsd.org>; Fri,  4 Nov 2011 18:03:19 +0000 (UTC)
	(envelope-from david@vizion2000.net)
Received: from dns1.vizion2000.net (dns1.vizion2000.net [62.49.197.50])
	by mx1.freebsd.org (Postfix) with ESMTP id 0FCB88FC16
	for <freebsd-ports@freebsd.org>; Fri,  4 Nov 2011 18:03:18 +0000 (UTC)
Received: by dns1.vizion2000.net (Postfix, from userid 1004)
	id 31ACC119C25; Fri,  4 Nov 2011 10:42:53 -0700 (PDT)
To: freebsd-ports@freebsd.org
From: David Southwell <david@vizion2000.net>
Organization: Vision Communications
Date: Fri, 4 Nov 2011 10:42:52 -0700
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201111041042.53079.david@vizion2000.net>
Subject: mail/postfix-policy-spf-perl  Server configuration problem
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2011 18:03:19 -0000


Hi all

I am going nuts - I have used spf before but I just cannot get it working on 
this FreeBSD 8.2 system.

I suspect I have done something so obviously stupid that I cannot see it.
 Postgrey is working. 
How can I trace the cause of the problem?
Is spf-policyd_time_limit correctly specified?
All the docs I have seen suggest postfix-policyd-spf-perl be set up to run as 
user nobody. Is that correct?


I have raised the problem on the postfix users list but so far the pearls of 
wisdom have not solved the problem!

Cannot get spf working with the server. 
Thanks in advance for any assistance.

David

Here is the information:

The following lines appear in master.cf:
# Applied #1 postfix refereshed ok
  policyd-spf unix -       n       n       -       0       spawn
           user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl

user nobody is in /etc/passwd
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin

[admin@dns1 /usr/local/sbin]$ ls -l |grep postfix
-rwxr-xr-x  1 root  wheel      117601 Nov  3 08:22 postfix
-r-xr-xr-x  1 root  wheel       11526 Nov  3 08:16 postfix-policyd-spf-perl



 If the following lines appear in main.cf 
  check_policy_service unix:private/policyd-spf
  spf-policyd_time_limit = 3600s
 In the following context
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination

  check_policy_service unix:private/policyd-spf
 spf-policyd_time_limit = 3600s

 check_policy_service inet:127.0.0.1:10023

 
 Here is an example of maillog error reports: 
 
 
 Nov  3 10:57:51 dns1 postfix/smtpd[20636]: connect from mail-vw0-
 f52.google.com[209.85.212.52]
 Nov  3 10:57:52 dns1 postfix/smtpd[20636]: warning: connect to 
 private/policyd-spf: Connection refused
 Nov  3 10:57:52 dns1 postfix/smtpd[20636]: warning: problem talking to
 server  private/policyd-spf: Connection refused
 Nov  3 10:57:53 dns1 postfix/smtpd[20636]: warning: connect to 
 private/policyd-spf: Connection refused
 Nov  3 10:57:53 dns1 postfix/smtpd[20636]: warning: problem talking to
 server  private/policyd-spf: Connection refused
 Nov  3 10:57:53 dns1 postfix/smtpd[20636]: NOQUEUE: reject: RCPT from mail-
 vw0-f52.google.com[209.85.212.52]: 451 4.3.5 Server configuration problem; 
 from=<photovizion@googlemail.com to=<david@vizion2000.net proto=ESMTP 
 helo=<mail-vw0-f52.google.com
 Nov  3 10:57:53 dns1 postfix/smtpd[20636]: disconnect from mail-vw0-
 f52.google.com[209.85.212.52]
 
 postconf -n does not seem to help as the only difference is that it
 reports  the additional presence of the relevant lines.
 
 
 
 Working without spf lines enabled:
 postconf -n:
 alias_maps = hash:/etc/aliases
 command_directory = /usr/local/sbin
 config_directory = /usr/local/etc/postfix
 daemon_directory = /usr/local/libexec/postfix
 data_directory = /var/db/postfix
 debug_peer_level = 2
 html_directory = /usr/local/share/doc/postfix
 inet_interfaces = all
 mail_owner = postfix
 mail_spool_directory = /var/mail
 mailbox_size_limit = 512000000
 mailq_path = /usr/local/bin/mailq
 manpage_directory = /usr/local/man
 mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1
 mydomain = vizion2000.net
 myhostname = dns1.vizion2000.net
 mynetworks = 62.49.197.48/28, 127.0.0.0/8
 mynetworks_style = subnet
 myorigin = $mydomain
 newaliases_path = /usr/local/bin/newaliases
 proxy_interfaces = dns1.vizion2000.net
 queue_directory = /var/spool/postfix
 readme_directory = /usr/local/share/doc/postfix
 relay_domains = $mydestination
 sample_directory = /usr/local/etc/postfix
 sendmail_path = /usr/local/sbin/sendmail
 setgid_group = maildrop
 smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
 smtpd_helo_restrictions = reject_invalid_hostname
 smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination 
 check_policy_service inet:127.0.0.1:10023
 smtpd_sender_restrictions = reject_non_fqdn_sender
 soft_bounce = yes
 unknown_local_recipient_reject_code = 550
 virtual_alias_domains = workplacemassage.co.uk, atf4.com, 
 methuselaproject.org, methuselaproject.com, tiptogo.com,
 virtual_alias_maps = hash:/usr/local/etc/postfix/virtual,
 
 
 
With spf and dreporting Server Configuration Problem

alias_maps = hash:/etc/aliases
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 512000000
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1
mydomain = vizion2000.net
myhostname = dns1.vizion2000.net
mynetworks = 62.49.197.48/28, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
proxy_interfaces = dns1.vizion2000.net
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = $mydestination
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination  
check_policy_service unix:private/policyd-spf  policyd-spf_time_limit = 3600 
check_policy_service inet:127.0.0.1:10023
smtpd_sender_restrictions = reject_non_fqdn_sender
soft_bounce = yes
unknown_local_recipient_reject_code = 550
virtual_alias_domains = workplacemassage.co.uk, atf4.com, 
methuselaproject.org, methuselaproject.com, tiptogo.com,
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual,