Jordi Espasa Clofent wrote: >> You have something in your config that is permitting the message BEFORE >> policyd is called. > > Mmmm... maybe Amavisd-new ¿?¿?¿? > >> Send your current postconf -n again. >> Just run postconf -n from the command line, not from a specific folder. >> Your either editing an incorrect main.cf file or just missing something. > > [EMAIL PROTECTED] ~]# postconf -n > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > broken_sasl_auth_clients = yes > command_directory = /usr/sbin > config_directory = /etc/postfix > content_filter = smtp-amavis:127.0.0.1:10024 > daemon_directory = /usr/libexec/postfix > debug_peer_level = 4 > default_process_limit = 500 > disable_vrfy_command = yes > home_mailbox = Maildir/ > in_flow_delay = 0 > inet_interfaces = all > mail_name = Intergrid MailServer > mail_owner = postfix > mailbox_size_limit = 0 > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > maps_rbl_domains = sbl-xbl.spamhaus.org proxies.relays.monkeys.com > opm.blitzed.org blackholes.wirehub.net list.dsbl.orgrbl.dns-servicios.com > message_size_limit = 0 > mydestination = $myhostname, localhost.$mydomain, localhost > mydomain = opengea.org > myhostname = mail.opengea.org > mynetworks = 127.0.0.0/8, 192.168.1.0/24 > myorigin = $myhostname > proxy_interfaces = 85.48.253.234
See http://www.postfix.org/postconf.5.html#proxy_interfaces to verify your using this correctly. > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES > recipient_delimiter = + > smtp_tls_note_starttls_offer = yes > smtpd_banner = $myhostname ESMTP $mail_name > smtpd_client_restrictions = permit_mynetworks,reject_unknown_client > smtpd_delay_reject = yes > smtpd_error_sleep_time = 0 > smtpd_helo_restrictions = reject_invalid_hostname > smtpd_recipient_limit = 10 > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination Note that there is no call to policyd in your restrictions. This is why it's not working. > smtpd_sasl_auth_enable = yes > smtpd_sasl_authenticated_header = yes > smtpd_sasl_local_domain = $myhostname > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_tls_cert_file = /etc/postfix/ssl/ca-certificate.pem > smtpd_tls_key_file = /etc/postfix/ssl/private-key.pem > smtpd_tls_loglevel = 2 > smtpd_tls_received_header = yes > smtpd_tls_session_cache_timeout = 3600s > strict_rfc821_envelopes = yes > tls_random_source = dev:/dev/urandom > unknown_local_recipient_reject_code = 550 > virtual_alias_domains = $virtual_alias_maps > virtual_alias_maps = $virtual_maps > virtual_gid_maps = static:4444 > virtual_mailbox_base = /var/vmail > virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf > virtual_mailbox_limit = 0 > virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf > virtual_minimum_uid = 4444 > virtual_transport = virtual > virtual_uid_maps = static:4444 > > I use OVA (http://www.oav.net/projects/openvisp-admin/) as a web panel > control interface for Postfix and I use the MySQL scheme provided by > this project for policyd. But it seems work well according other OVA's > users. OVA is not modifying the correct files that postfix is using. Postfix believes it is in /etc/postfix and that is where the configuration files are that you need to work with. OVA is not working correctly with postfix. Either update postfix manually or you need to fix OVA. John > Maybe the master.cf shows any relevant info too: > > smtp inet n - n - - smtpd > smtps inet n - n - - smtpd > -o smtpd_tls_wrappermode=yes > -o smtpd_sasl_auth_enable=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o content_filter=smtp-amavis:[127.0.0.1]:10026 > tlsmgr unix - - n 300 1 tlsmgr > > #628 inet n - n - - qmqpd > pickup fifo n - n 60 1 pickup > cleanup unix n - n - 0 cleanup > qmgr fifo n - n 300 1 qmgr > #qmgr fifo n - n 300 1 oqmgr > tlsmgr unix - - n 1000? 1 tlsmgr > rewrite unix - - n - - trivial-rewrite > bounce unix - - n - 0 bounce > defer unix - - n - 0 bounce > trace unix - - n - 0 bounce > verify unix - - n - 1 verify > flush unix n - n 1000? 0 flush > proxymap unix - - n - - proxymap > smtp unix - - n - - smtp > # When relaying mail as backup MX, disable fallback_relay to avoid MX loops > relay unix - - n - - smtp > -o fallback_relay= > # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 > showq unix n - n - - showq > error unix - - n - - error > discard unix - - n - - discard > local unix - n n - - local > virtual unix - n n - - virtual > lmtp unix - - n - - lmtp > anvil unix - - n - 1 anvil > scache unix - - n - 1 scache > # > # ==================================================================== > # Interfaces to non-Postfix software. Be sure to examine the manual > # pages of the non-Postfix software to find out what options it wants. > # > # Many of the following services use the Postfix pipe(8) delivery > # agent. See the pipe(8) man page for information about ${recipient} > # and other message envelope options. > # ==================================================================== > # > # maildrop. See the Postfix MAILDROP_README file for details. > # Also specify in main.cf: maildrop_destination_recipient_limit=1 > # > maildrop unix - n n - - pipe > flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} > # > # The Cyrus deliver program has changed incompatibly, multiple times. > # > old-cyrus unix - n n - - pipe > flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m > ${extension} ${user} > # Cyrus 2.1.5 (Amos Gouaux) > # Also specify in main.cf: cyrus_destination_recipient_limit=1 > cyrus unix - n n - - pipe > user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m > ${extension} ${user} > # > # See the Postfix UUCP_README file for configuration details. > # > uucp unix - n n - - pipe > flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail > ($recipient) > > dovecot unix - n n - - pipe > flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d > ${recipient} > # > # Other external delivery methods. > # > ifmail unix - n n - - pipe > flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) > bsmtp unix - n n - - pipe > flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop > $recipient > > # AMAVISD-NEW INTEGRATION > > smtp-amavis unix - - n - 2 smtp > -o smtp_data_done_timeout=1200 > -o smtp_send_xforward_command=yes > -o disable_dns_lookups=yes > > 127.0.0.1:10025 inet n - n - - smtpd > -o content_filter= > -o local_recipient_maps= > -o relay_recipient_maps= > -o smtpd_tls_auth_only=no > -o smtpd_restriction_classes= > -o smtpd_client_restrictions= > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o > smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject > -o mynetworks=127.0.0.0/8 > -o smtpd_error_sleep_time=0 > -o smtpd_soft_error_limit=1001 > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
