Date: Fri, 4 Nov 2011 10:32:50 -0700 From: David Southwell <admin@vizion2000.net> To: freebsd-ports@freebsd.org Subject: mail/postfix-policy-spf-perl Server configuration problem Message-ID: <201111041032.50283.admin@vizion2000.net>
next in thread | raw e-mail | index | archive | help
Hi all
I am going nuts - I have used spf before but I just cannot get it working on
this FreeBSD 8.2 system.
I suspect I have done something so obviously stupid that I cannot see it.
Postgrey is working.
How can I trace the cause of the problem?
Is spf-policyd_time_limit correctly specified?
All the docs I have seen suggest postfix-policyd-spf-perl be set up to run as
user nobody. Is that correct?
I have raised the problem on the postfix users list but so far the pearls of
wisdom have not solved the problem!
Cannot get spf working with the server.
Thanks in advance for any assistance.
David
Here is the information:
The following lines appear in master.cf:
# Applied #1 postfix refereshed ok
policyd-spf unix - n n - 0 spawn
user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl
user nobody is in /etc/passwd
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
[admin@dns1 /usr/local/sbin]$ ls -l |grep postfix
-rwxr-xr-x 1 root wheel 117601 Nov 3 08:22 postfix
-r-xr-xr-x 1 root wheel 11526 Nov 3 08:16 postfix-policyd-spf-perl
If the following lines appear in main.cf
check_policy_service unix:private/policyd-spf
spf-policyd_time_limit = 3600s
In the following context
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
check_policy_service unix:private/policyd-spf
spf-policyd_time_limit = 3600s
check_policy_service inet:127.0.0.1:10023
Here is an example of maillog error reports:
Nov 3 10:57:51 dns1 postfix/smtpd[20636]: connect from mail-vw0-
f52.google.com[209.85.212.52]
Nov 3 10:57:52 dns1 postfix/smtpd[20636]: warning: connect to
private/policyd-spf: Connection refused
Nov 3 10:57:52 dns1 postfix/smtpd[20636]: warning: problem talking to
server private/policyd-spf: Connection refused
Nov 3 10:57:53 dns1 postfix/smtpd[20636]: warning: connect to
private/policyd-spf: Connection refused
Nov 3 10:57:53 dns1 postfix/smtpd[20636]: warning: problem talking to
server private/policyd-spf: Connection refused
Nov 3 10:57:53 dns1 postfix/smtpd[20636]: NOQUEUE: reject: RCPT from mail-
vw0-f52.google.com[209.85.212.52]: 451 4.3.5 Server configuration problem;
from=<photovizion@googlemail.com to=<david@vizion2000.net proto=ESMTP
helo=<mail-vw0-f52.google.com
Nov 3 10:57:53 dns1 postfix/smtpd[20636]: disconnect from mail-vw0-
f52.google.com[209.85.212.52]
postconf -n does not seem to help as the only difference is that it
reports the additional presence of the relevant lines.
Working without spf lines enabled:
postconf -n:
alias_maps = hash:/etc/aliases
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 512000000
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1
mydomain = vizion2000.net
myhostname = dns1.vizion2000.net
mynetworks = 62.49.197.48/28, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
proxy_interfaces = dns1.vizion2000.net
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = $mydestination
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
check_policy_service inet:127.0.0.1:10023
smtpd_sender_restrictions = reject_non_fqdn_sender
soft_bounce = yes
unknown_local_recipient_reject_code = 550
virtual_alias_domains = workplacemassage.co.uk, atf4.com,
methuselaproject.org, methuselaproject.com, tiptogo.com,
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual,
With spf and dreporting Server Configuration Problem
alias_maps = hash:/etc/aliases
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 512000000
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1
mydomain = vizion2000.net
myhostname = dns1.vizion2000.net
mynetworks = 62.49.197.48/28, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
proxy_interfaces = dns1.vizion2000.net
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = $mydestination
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
check_policy_service unix:private/policyd-spf policyd-spf_time_limit = 3600
check_policy_service inet:127.0.0.1:10023
smtpd_sender_restrictions = reject_non_fqdn_sender
soft_bounce = yes
unknown_local_recipient_reject_code = 550
virtual_alias_domains = workplacemassage.co.uk, atf4.com,
methuselaproject.org, methuselaproject.com, tiptogo.com,
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201111041032.50283.admin>