Hi, Stuck again.
Using smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:8822 smtpd_policy_service_default_action = DUNNO I get: Mar 26 15:49:03 test106 postfix/smtpd[163532]: warning: access table inet:127.0.0.1:8822 has entry with lookup table: smtp:[test105.southwold.net] Mar 26 15:49:03 test106 postfix/smtpd[163532]: warning: do not specify lookup tables inside SMTPD access maps Mar 26 15:49:03 test106 postfix/smtpd[163532]: warning: define a restriction class and specify its name instead. and message is rejected. So I tried this: smtpd_restriction_classes = load_balancer load_balancer = check_policy_service inet:127.0.0.1:8822 smtpd_end_of_data_restrictions = load_balancer But I get the same warnings & message is rejected again. How can I get Postfix to apply the check_policy_service? Colin On Tue, 26 Mar 2024 at 15:37, Colin McKinnon <colin.mckin...@gmail.com> wrote: > > Hi all, > > I found that check_policy_service works (maybe*) in > `smtpd_end_of_data_restrictions =`. So I'm guessing it might work in > any *_restrictions configuration. > > (*still having some issues getting this to work as expected, but I'll > come back here if I get stuck) > > Colin > > On Tue, 26 Mar 2024 at 13:52, Colin McKinnon <colin.mckin...@gmail.com> wrote: > > > > Hi, > > > > I want to provision load balancing for my relays. The catch is that > > there is already some customized routing in place based on recipient > > domain and large block lists. These are currently handled by a > > transport map. > > > > I would prefer not to implement 2 layers of relays. If this were > > implemented as a plugin which is told the recipient address it could > > determine how the mail should be routed. But I need to ensure that I > > don't create any loops - i.e. the routing decision is based on the > > recipient AND where the email came from/via. > > > > The policy server (https://www.postfix.org/SMTPD_POLICY_README.html) > > seems to be ideal for my requirements since I get both recipient_name > > and helo_name, however the documentation only covers its use in the > > context of 'smtpd_recipient_restrictions'. I tried provisioning using: > > > > transport_maps = check_policy_service inet:127.0.0.1:8822 > > hash:/etc/postfix/transport > > smtpd_policy_service_default_action = DUNNO > > smtpd_policy_service_timeout = 10s > > > > However it appears that check_policy_service is not valid here. > > Although `postfix check` and a restart report no errors, when I try to > > relay a message, it is not accepted at the relay (hostname test106) > > which logs this: > > > > Mar 26 13:44:35 test106 postfix/smtpd[150541]: connect from > > test107.southwold.net[10.0.0.107] > > Mar 26 13:44:47 test106 postfix/trivial-rewrite[150545]: fatal: open > > dictionary: expecting "type:name" form instead of > > "check_policy_service" > > Mar 26 13:44:48 test106 postfix/master[148536]: warning: process > > /usr/lib/postfix/sbin/trivial-rewrite pid 150545 exit status 1 > > Mar 26 13:44:48 test106 postfix/master[148536]: warning: > > /usr/lib/postfix/sbin/trivial-rewrite: bad command startup -- > > throttling > > > > Questions: > > > > 1) Can I use check_policy_service in other contexts than > > smtpd_recipient_restrictions? (I don't want to interfere with > > `smtpd_relay_restrictions = permit_mynetworks > > permit_sasl_authenticated defer_unauth_destination` ) > > > > 2) If so, where would be the best place to put this? > > > > TIA > > > > Colin > > > > -- > > -----BEGIN GEEK CODE BLOCK----- > > Version: 3.1 > > GCM d s+:+ a+ C+++(---)$ UL+++ P+(--) L+++ E--- W+++ N++ w-- PS++(+++()) > > t+ 5+ X R- tv-- b++ DI++ D e+++ h---- > > ------END GEEK CODE BLOCK------ > > > > -- > -----BEGIN GEEK CODE BLOCK----- > Version: 3.1 > GCM d s+:+ a+ C+++(---)$ UL+++ P+(--) L+++ E--- W+++ N++ w-- PS++(+++()) > t+ 5+ X R- tv-- b++ DI++ D e+++ h---- > ------END GEEK CODE BLOCK------ -- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCM d s+:+ a+ C+++(---)$ UL+++ P+(--) L+++ E--- W+++ N++ w-- PS++(+++()) t+ 5+ X R- tv-- b++ DI++ D e+++ h---- ------END GEEK CODE BLOCK------ _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
