Ian Evans:
> Aug 26 08:34:05 carson postfix/smtpd[16374]: warning: problem talking to
> server private/policy-spf: Connection timed out
This Postfix SMTP server time limit is specified with the
smtpd_policy_service_timeout parameter (default: 100s).
Your SPF script should reply in 10 seconds at most. It should not
wait indefinitely for a DNS reply.
Once the Postfix SMTP server gives up, it closes the connection to
the policy daemon. Then the Python script has an error while sending
the (too late) result.
> Aug 26 08:34:58 carson policyd-spf[16383]: Traceback (most recent call
> last):
> Aug 26 08:34:58 carson policyd-spf[16383]: File "/usr/bin/policyd-spf",
> line 690, in <module>
> Aug 26 08:34:58 carson policyd-spf[16383]: sys.stdout.flush()
> Aug 26 08:34:58 carson policyd-spf[16383]: BrokenPipeError: [Errno 32]
> Broken pipe
> Aug 26 08:34:58 carson postfix/spawn[16382]: warning: command
> /usr/bin/policyd-spf exit status 1
>
> So if emails get checked for spf, why would the vast majority get through
> and others cause this?
First. the script should limit the time for DNS lookups.
Second, the script should not die after BrokenPipeError exceptions.
try: sys.stdout.flush()
except BrokenPipeError: pass
Wietse
