Hi all, I have postfix running on a debian etch system. I've installed policyd-spf-perl per the howto on this site, postmap'd master.cf and main.cf, restarted postfix, but alas, when I attempt to send mail through postfix, no spf messages appear in /var/log/mail.log I have tried running /usr/bin/perl /usr/lib/postfix/policyd-spf-perl manually along with relying on the spawn; neither seems to work. Following is my postconf -n: postconf -n canonical_classes = header_recipient canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/lib/postfix html_directory = no mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/man message_size_limit = 25600000 mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = /etc/postfix/networks newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no recipient_canonical_maps = hash:/etc/postfix/recipient_maps relay_domains = /etc/postfix/domains remote_header_rewrite_domain = secureworks.net sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_authorized_xforward_hosts = /etc/postfix/networks smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access, reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/recipient_access, check_client_access hash:/etc/postfix/client_access, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:10023, check_policy_service unixrivate/policy, policy_time_limit = 3600 permit smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/recipient_access, reject_non_fqdn_sender, reject_unknown_sender_domain, permit unknown_local_recipient_reject_code = 550 If there is any other information I can add please let me know. Thank you for your help. thanks, Lynette
One further note: Running policyd-spf-perl from the command line and pasting commands directly to it appears to work as expected: /usr/lib/postfix/policyd-spf-perl request=smtpd_access_policy protocol_state=RCPT protocol_name=SMTP helo_name=wkstn-1.domain.net queue_id=8045F2AB23 [email protected] [email protected] client_address=10.0.0.2 client_name=wkstn-1.domain.net action=PREPEND Received-SPF: none (wkstn-1.domain.net: No applicable sender policy available) receiver=mail1.domain.net; identity=mfrom; envelope-from="[email protected]"; helo=wkstn-1.domain.net; client-ip=10.0.0.2 My initial email said "running by hand doesn't work" -- what I meant was starting policyd-spf-perl from the command line and sending through postfix doesn't work. Lynette
master and main files Please find attached my main.cf and master.cf I've tried with and without commas, a variety of names for "policy" and various locations within the files. thanks, Lynette
Can you remove the white lines and comments from the smtpd_recipient_restrictions statement in main.cf? Also, what's the output of Code: ls -la /usr/lib/postfix/policyd-spf-perl and Code: uname -a ?
smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unixrivate/policy, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/recipient_access, check_client_access hash:/etc/postfix/client_access, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:10023, permit ls -la /usr/lib/postfix/policyd-spf-perl -rwxr-xr-x 1 nobody nogroup 8791 2008-06-04 04:48 /usr/lib/postfix/policyd-spf-perl uname -a Linux mail1i 2.6.18-6-686 #1 SMP Thu May 8 07:34:27 UTC 2008 i686 GNU/Linux
Are you sending from one of these networks? permit_mynetworks is listed before check_policy_service unixrivate/policy in smtpd_recipient_restrictions, so in this case check_policy_service isn't called anymore.
