I quickly checked my policyd-spf setting after read your email. I
noticed that the policyd-spf in my system is not running as a service.
I guess you are using debian. I am using CentOS7 and I installed
pypolicyd-spf from EPEL. So is there a big advantage to running it as a
daemon service? How do I enable it as a service? Obviously yum install
doesn't take care of the service setup.
Gao
On 2017-12-24 22:02, li...@lazygranch.com wrote:
There are many "problem solving pages" on the interwebs that have wrong
information on setting up policyd-spf. The key to make sure you use
consistent names in both main.cf and master.cf. Yeah, I know, I'm
preaching to the choir, but hopefully the next person with a set up
problem finds this message in a search.
In master.cf:
policy unix - n n - 0 spawn
user=nobody argv=/usr/libexec/postfix/policyd-spf
/etc/policyd-spf/policyd-spf.conf
Note you need to make sure the conf file location is correct.
In main.cf:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org,
check_policy_service unix:private/policy,
permit
policy_time_limit = 3600
The word "policy" needs to be consistent in all three locations. For
example, this would be wrong:
check_policy_service unix:private/policyd-spf,
Also wrong would be:
policyd_time_limit = 3600
In postfix, systemctl status postfix should indicate the policyd-spf
daemon was started:
------------
● postfix.service - Postfix Mail Transport
Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled;
vendor preset: disabled) Active: active (running) since Mon 2017-12-25
05:28:11 UTC; 16s ago Process: 7661 ExecStop=/usr/sbin/postfix stop
(code=exited, status=0/SUCCESS) Process: 7681
ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 7679 ExecStartPre=/usr/libexec/postfix/chroot-update
(code=exited, status=0/SUCCESS) Process: 7677
ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited,
status=0/SUCCESS) Main PID: 7755 (master)
CGroup: /system.slice/postfix.service
├─7755 /usr/libexec/postfix/master -w ├─7756 pickup -l -t unix -u
├─7757 qmgr -l -t unix -u ├─7758 smtpd -n smtp -t inet -u -o
stress= ├─7759 proxymap -t unix
-u ├─7760 tlsmgr -l -t unix -u
├─7761 anvil -l -t unix -u
├─7763 trivial-rewrite -n rewrite -t unix -u
├─7764 spawn -z -n policy -t unix user=nobody
argv=/usr/libexec/postfix/policyd-spf /etc/policyd-spf/policyd-spf.conf
├─7765 /usr/bin/python /usr/libexec/postfix/policyd-spf
/etc/policyd-spf/policyd-spf.conf
├─7766 cleanup -z -t unix -u └─7767 virtual -t unix
-------------------------------------
And proof it is working from an email header:
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
client-ip=66.163.187.148; helo=sonic316-22.consmr.mail.ne1.yahoo.com;
envelope-from=m...@yahoo.com; receiver=m...@mydomain.com