Re: executive parser (was: Re: spf configuration woes)
On Saturday 05 November 2011 22:40:03 Murray S. Kucherawy wrote: -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of David Southwell Sent: Saturday, November 05, 2011 9:41 AM To: postfix-users@postfix.org Cc: /dev/rob0 Subject: Re: executive parser (was: Re: spf configuration woes) Just to add weight to my last posting - the use of a as a critical symbol is really quite idiotic. What cannot be seen should never be that significant! The current RFC defining email message format is RFC5322, and it uses leading whitespace as line continuation in header fields. Its antecedents, going back as far as RFC733 (1977) and perhaps further, do the same thing. Thus, your assertion appears to be in conflict with quite a bit of operational history and experience. I think what is being forgotten here is that administrators have to cope with a whole variety of software. The history of one narrow sphere (e.g.) mail is being used to define an approach which does not think of the needs of administrators who are pushing for software engineers to adopt uniform approach across the whole spectrum. Hence thoughtful engineers incorporate diagnostic parsers and html configuration tools. IMHO postfix has been very slow to develop an apporocah which places the needs of system administrators in the forefront of its development strategy. People make mistakes. Even the most experienced administrators. Administrators are not primarily programmers. They look at configuration files. During a busy day they do not want the hassle of having to ask themselves the question What do spaces do in this .config .cf file? Good configuration files make their formatting requirement obvious. That is why I say the use of is, in an administrator's context, idiotic. It is idiotic because it demands that adminstrator to ask himself/he rself the question is this significant or insignificant. When there are hundreds of in a file the luckless adminstrator has too much on his/her plate when trying to fix a problem as quickly as possible. I have been taking this list silently for years. Amonst a lot of genuinely helpful contributions I have witnessed a regular splattering of rudeness and arrogance by some long standing contributors heaped on the heads of luckless administrators trying to succesfully configure postfix. The design of Postfix's configuration system and supporting documentation represents the honest efforts of people who have a single point of focus namely: Making postfix work when it has been given the appropriate configuration data. IMHO Postfix needs to add to its goals a determination to make configuration a breeze rather than a challenge. That means diagnostic and corrective parsers and or an html based configuration interface. Such facilities would cut down the traffic on this list and stop a few people looking down their noses at those who make a mistake.
Re: spf configuration woes
Zitat von David Southwell ad...@vizion2000.net: On Saturday 05 November 2011 06:42:12 Simon Brereton wrote: On 5 November 2011 08:21, David Southwell ad...@vizion2000.net wrote: On Saturday 05 November 2011 05:13:22 Wietse Venema wrote: David Southwell: Did you read the original posting and the reply from Kamil. He spotted the primary cause. It was he who spotted the extrabefore policyd-spf in master.cf which was in the part of the post you cut out. So you were right it was an error in the master.cf but noone else spotted it before Kamil made his contribution. You could have spotted it days ago with lsof/netstat which would have told you immediately that postfix was not listening on the socket. Wietse Typical Wietse response. Everyone could see postfix was not listening but it And Wietse was trying to get you to find out why - instead of making random changes. He asked you at least twice to run netstat - did you do it? yes - I had done it before wietse asked - it was too blindingly obvious everyone knew it was not starting. Wietse is too fond of being downright rude. It would have saved you 18 hours and at least 3 long mails if you had. Typically ungrateful response to Wietse's help is more like it. People come on here, expect it him not only to write it, but keep it secure and spot typgraphical errors in their own configs because they're too lazy to look (and that laziness is exemplified by a laziness to follow a simple diagnostic instruction). Misplaced critique. Like wietse you are jumping to conclusions. Assuming the worst rather than the best of people. The recomendation came after not before the act. took Kamil's careful scrutiny and knowledge to identify why - knowing why was what led to the solution. Which you'd have had much much earlier without the hand-holding had you followed Wietse's first request to run netstat. Sorry but that is B**t! The information about the excess space was there -- Wietse just didn't see it unless he was deliberately concealing the fact that he knew the excess space was there. That could not be true because he would have known that netstat would not have revealed the fact theat there was an excess space in the file. What would therefore have been the purpose of running netstat? Diagnosis is valuable but without the ability to define the treatment the diagnosis is merely a matter of record. Only valuable if you follow the steps you're asked to perform. Spoonfeeding and proof-reading your errors in your config files is not diagnosis. Clearly postfix is need of an intelligent parser that will to pinpoint errors such as this in master.cf and main.cf. That is because stupid computers are better at parsing chores than human beings. Postfix has such a parser - which is why the documentation points out that lines should not start with a white-space. Humble humans acknowledge we make errors. Wise humans use stupid computers to perform tasks that people are not good at. Stupid humans tell other people they are stupid when they make mistakes and tell them RTFM! You are failing to distinguish between a diagnostic parser and an executive parser. An executive parser rejects incorrectly configured lines at runtime. A diagnostic parser would tell you that there is an excess space at a specific location. A really good executive parser would also log the location of incorrectly configured lines to facilitate the work of an administrator. I do not expect anyone to solve my problems. On the other hand I do not expect them to be gratuitously rude rather than helpfully constructive. IF Wietse is unable to restrain himself from repeated bouts of arrogant rudeness then, IMHO, he needs counselling. In this case Kemil spotted the error. That helped me spot other errors. Kemil was constructive IMHPO Wietse was plain rude. Another one for the kill-file... While it might be true that there is room for improvment your tone is plain rude. You eat the free meal and demand that it is cooked for your taste. Take it or leave it. Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: spf configuration woes
On Sunday 06 November 2011 01:46:35 lst_ho...@kwsoft.de wrote: Zitat von David Southwell ad...@vizion2000.net: On Saturday 05 November 2011 06:42:12 Simon Brereton wrote: On 5 November 2011 08:21, David Southwell ad...@vizion2000.net wrote: On Saturday 05 November 2011 05:13:22 Wietse Venema wrote: David Southwell: Did you read the original posting and the reply from Kamil. He spotted the primary cause. It was he who spotted the extra before policyd-spf in master.cf which was in the part of the post you cut out. So you were right it was an error in the master.cf but noone else spotted it before Kamil made his contribution. You could have spotted it days ago with lsof/netstat which would have told you immediately that postfix was not listening on the socket. Wietse Typical Wietse response. Everyone could see postfix was not listening but it And Wietse was trying to get you to find out why - instead of making random changes. He asked you at least twice to run netstat - did you do it? yes - I had done it before wietse asked - it was too blindingly obvious everyone knew it was not starting. Wietse is too fond of being downright rude. It would have saved you 18 hours and at least 3 long mails if you had. Typically ungrateful response to Wietse's help is more like it. People come on here, expect it him not only to write it, but keep it secure and spot typgraphical errors in their own configs because they're too lazy to look (and that laziness is exemplified by a laziness to follow a simple diagnostic instruction). Misplaced critique. Like wietse you are jumping to conclusions. Assuming the worst rather than the best of people. The recomendation came after not before the act. took Kamil's careful scrutiny and knowledge to identify why - knowing why was what led to the solution. Which you'd have had much much earlier without the hand-holding had you followed Wietse's first request to run netstat. Sorry but that is B**t! The information about the excess space was there -- Wietse just didn't see it unless he was deliberately concealing the fact that he knew the excess space was there. That could not be true because he would have known that netstat would not have revealed the fact theat there was an excess space in the file. What would therefore have been the purpose of running netstat? Diagnosis is valuable but without the ability to define the treatment the diagnosis is merely a matter of record. Only valuable if you follow the steps you're asked to perform. Spoonfeeding and proof-reading your errors in your config files is not diagnosis. Clearly postfix is need of an intelligent parser that will to pinpoint errors such as this in master.cf and main.cf. That is because stupid computers are better at parsing chores than human beings. Postfix has such a parser - which is why the documentation points out that lines should not start with a white-space. Humble humans acknowledge we make errors. Wise humans use stupid computers to perform tasks that people are not good at. Stupid humans tell other people they are stupid when they make mistakes and tell them RTFM! You are failing to distinguish between a diagnostic parser and an executive parser. An executive parser rejects incorrectly configured lines at runtime. A diagnostic parser would tell you that there is an excess space at a specific location. A really good executive parser would also log the location of incorrectly configured lines to facilitate the work of an administrator. I do not expect anyone to solve my problems. On the other hand I do not expect them to be gratuitously rude rather than helpfully constructive. IF Wietse is unable to restrain himself from repeated bouts of arrogant rudeness then, IMHO, he needs counselling. In this case Kemil spotted the error. That helped me spot other errors. Kemil was constructive IMHPO Wietse was plain rude. Another one for the kill-file... While it might be true that there is room for improvment your tone is plain rude. You eat the free meal and demand that it is cooked for your taste. Take it or leave it. Andreas That is plain B**t. I am making a constructive contribution which, if some thought and consideration were given to it, might substantially improve Postfix and make it much more administrator friendly. You may think that the way Postfix is currently put together is perfect. Well the togh message of the modern world is that nothing is perfect including Postfix's current system. Neither am I suggesting the proposal I put forward would make it perfect. However I do argue it might make it better. There is no demand here rather than a carefully composed argument and a recomendation. You may diagree with both. If you are unwilling or do not care to
Re: spf configuration woes
Am 06.11.2011 10:34, schrieb David Southwell: That is plain B**t. I am making a constructive contribution which, if some thought and consideration were given to it, might substantially improve Postfix and make it much more administrator friendly. THIS is plain bullshit you are telling us that administrators do not understand lines with a space at the begin, we are telling you if that is true the person has to learn or hurry up to search another job becasue EVERYBODY who has the right attributes for this job will understand the config format a server-software needs not to be administrator friendly because there is really no need that every idiot out there starts thinking he is qualified to maintain a public mailserver with all it's consequences and looking at the damage a wrong configured MTA can produce a little election is not so bad signature.asc Description: OpenPGP digital signature
Re: spf configuration woes
On Sunday 06 November 2011 02:43:31 Reindl Harald wrote: Am 06.11.2011 10:34, schrieb David Southwell: That is plain B**t. I am making a constructive contribution which, if some thought and consideration were given to it, might substantially improve Postfix and make it much more administrator friendly. THIS is plain bullshit I do not agree you are telling us that administrators do not understand lines with a space at the begin, we are telling you if that is true the person has to learn or hurry up to search another job becasue EVERYBODY who has the right attributes for this job will understand the config format There is a difference between understanding the potential significant and the ease of finding an error. What I would suggest is that configuration files are better designed when a single charactter has a constant meaning. A occurs so frequently that an out of place is that much harder to detect when scanning through a file. Humans are very good at recognising standard patterns. a server-software needs not to be administrator friendly because there is really no need that every idiot out there starts thinking he is qualified to maintain a public mailserver with all it's consequences and looking at the damage a wrong configured MTA can produce a little election is not so bad There is no benefit in making things a little more difficult than they need me and then proclaiming that the mistakes that could be prevented by design are solely due to the person making thenm is IMHO idiotic. David
Re: spf configuration woes
would you please be so gently only reply to the list and not additionally to the post you are answering? your arguments are not smart enough that there is a need get them all twice signature.asc Description: OpenPGP digital signature
Re: spf configuration woes
On Sunday 06 November 2011 02:54:42 Reindl Harald wrote: would you please be so gently only reply to the list and not additionally to the post you are answering? your arguments are not smart enough that there is a need get them all twice Quite happy to do that. Mind you it may be possible to ask in a way that does not demonstrate a determination, fequently expressed on this list, to hammer into the ground anyone who has the audacity to voice an opinion which does not accord with the conventional views of over vociferous loyalists. Forgive me I have been taking this list for more years than I care to mention and have seen, what I regard, as too much rudeness and intolerance. Maybe that has influenced my approach in this dialogue. I am just fed up with listening in silence. There is no doubt that Postfix is a great application but it could be improved and as soon as anyone makes a suggestion there are far too many people willing to rubbish different approaches than welcome the committment such voices demonstrate. Maybe a little more relaxed attitude to alternative points of view might make this list a lot more attractive. David
Re: spf configuration woes
Am 06.11.2011 11:24, schrieb David Southwell: Quite happy to do that. Mind you it may be possible to ask in a way that does not demonstrate a determination, fequently expressed on this list, to hammer into the ground anyone who has the audacity to voice an opinion which does not accord with the conventional views of over vociferous loyalists. this has nothing to do with loyalists if things ain't broken don't fix them and what nobody needs is rewrite perfectly working software / syntax while postfix is since many years one of the few applications where you can do major upgrades without worry sorry but i have enough of any ideas rewrite things to make dumb people lucky as it happened in the linux-world way to often the last few years with many over a long time working subsystems / layers signature.asc Description: OpenPGP digital signature
Re: spf configuration woes
On Sunday 06 November 2011 03:33:02 Reindl Harald wrote: Am 06.11.2011 11:24, schrieb David Southwell: Quite happy to do that. Mind you it may be possible to ask in a way that does not demonstrate a determination, fequently expressed on this list, to hammer into the ground anyone who has the audacity to voice an opinion which does not accord with the conventional views of over vociferous loyalists. this has nothing to do with loyalists if things ain't broken don't fix them and what nobody needs is rewrite perfectly working software / syntax while postfix is since many years one of the few applications where you can do major upgrades without worry sorry but i have enough of any ideas rewrite things to make dumb people lucky as it happened in the linux-world way to often the last few years with many over a long time working subsystems / layers I think you have succeeded in making my point far more effectively than I. The determination you express is a good demonstration of an attitude that calls anyone dumb if they dare to disagree with their point of view. If you do not understand that such responses encapsulate an attitude of over vociferous loyalism, rudeness intolerance then you are really missing something. Hopefully you might live long enough to regret such attitudes. David
Re: spf configuration woes
Am 06.11.2011 11:40, schrieb David Southwell: On Sunday 06 November 2011 03:33:02 Reindl Harald wrote: Am 06.11.2011 11:24, schrieb David Southwell: Quite happy to do that. Mind you it may be possible to ask in a way that does not demonstrate a determination, fequently expressed on this list, to hammer into the ground anyone who has the audacity to voice an opinion which does not accord with the conventional views of over vociferous loyalists. this has nothing to do with loyalists if things ain't broken don't fix them and what nobody needs is rewrite perfectly working software / syntax while postfix is since many years one of the few applications where you can do major upgrades without worry sorry but i have enough of any ideas rewrite things to make dumb people lucky as it happened in the linux-world way to often the last few years with many over a long time working subsystems / layers I think you have succeeded in making my point far more effectively than I. The determination you express is a good demonstration of an attitude that calls anyone dumb if they dare to disagree with their point of view. i know it is not political correct to say the truth there is no need that everybody needs to believe he is the right person to maintain every peice of software - some people are having the skills, the other are able to learn what the need and the rest can simply use what people with the knowledge are maintaining If you do not understand that such responses encapsulate an attitude of over vociferous loyalism, rudeness intolerance then you are really missing something. Hopefully you might live long enough to regret such attitudes BOY YOU WROTE 'That is why I say the use of is, in an administrator's context, idiotic.' adn expect to get answers without rudeness? where do you live? you should recognize that not all things you do not understand idiotic and for me: i hope i live NOT long enough to lose the attitude to say things that have to be said because there are enough people out there speaking a lot but saying nothing signature.asc Description: OpenPGP digital signature
Re: spf configuration woes
On Sunday 06 November 2011 03:55:45 Reindl Harald wrote: Am 06.11.2011 11:40, schrieb David Southwell: On Sunday 06 November 2011 03:33:02 Reindl Harald wrote: Am 06.11.2011 11:24, schrieb David Southwell: Quite happy to do that. Mind you it may be possible to ask in a way that does not demonstrate a determination, fequently expressed on this list, to hammer into the ground anyone who has the audacity to voice an opinion which does not accord with the conventional views of over vociferous loyalists. this has nothing to do with loyalists if things ain't broken don't fix them and what nobody needs is rewrite perfectly working software / syntax while postfix is since many years one of the few applications where you can do major upgrades without worry sorry but i have enough of any ideas rewrite things to make dumb people lucky as it happened in the linux-world way to often the last few years with many over a long time working subsystems / layers I think you have succeeded in making my point far more effectively than I. The determination you express is a good demonstration of an attitude that calls anyone dumb if they dare to disagree with their point of view. i know it is not political correct to say the truth When you live a little longer I hope you get to realise that your truth is not necessarily a universal truth. The appreciation of such a point of view is a sign of maturity. The maligning of alternative opinions and claiming you have the ability to define what is right may IMHO arguably have more to do with immaturity than anything else. In regard to what I expect - If you understood the derivation of the word idiotic you might appreciate its relevance. BUt if you are upset by my use of the word then I apologise. Maybe it would have been more tactful of me to say that using a single invisible symbol to fulfill multiple purposes in a file which is intended to have very precise outcomes appears on the face of it to be irrational. In configuration files the basic twin rules I would recomend to you are: 1. one visible symbol - one visible function 2. no invisible symbols David
Re: executive parser (was: Re: spf configuration woes)
On 6 November 2011 04:22, David Southwell da...@vizion2000.net wrote: On Saturday 05 November 2011 22:40:03 Murray S. Kucherawy wrote: -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of David Southwell Sent: Saturday, November 05, 2011 9:41 AM To: postfix-users@postfix.org Cc: /dev/rob0 Subject: Re: executive parser (was: Re: spf configuration woes) Just to add weight to my last posting - the use of a as a critical symbol is really quite idiotic. What cannot be seen should never be that significant! The current RFC defining email message format is RFC5322, and it uses leading whitespace as line continuation in header fields. Its antecedents, going back as far as RFC733 (1977) and perhaps further, do the same thing. Thus, your assertion appears to be in conflict with quite a bit of operational history and experience. I think what is being forgotten here is that administrators have to cope with a whole variety of software. The history of one narrow sphere (e.g.) mail is I think what is being forgotten here is that YOU were too stupid to add an spf filter to some of the most widely used MTA SW on the web. And when you finally figured it out* you chose to be hostile, arrogant and rude. figured it out = had your hand held. Ideally it seems you wanted someone to write your master.cf for you It should be noted I installed an SPF policy a few weeks ago - which I accomplished in less time, with less mails to the list and less coding experience (and a good deal more reading of the documentation). Hence thoughtful engineers incorporate diagnostic parsers and html configuration tools. IMHO postfix has been very slow to develop an apporocah which places the needs of system administrators in the forefront of its development strategy. People make mistakes. Even the most experienced administrators. Administrators are not primarily programmers. They look at configuration files. During a busy day they do not want the hassle of having to ask themselves the question What do spaces do in this .config .cf file? Good configuration files make their formatting requirement obvious. That is why I say the use of is, in an administrator's context, idiotic. It is idiotic because it demands that adminstrator to ask himself/he rself the question is this significant or insignificant. When there are hundreds of in a file the luckless adminstrator has too much on his/her plate when trying to fix a problem as quickly as possible. Administrators should be asking themselves all the time if something is significant or not. Everytime I see an indendation I wonder if it's supposed to be a space, a run of spaces or a tab. And what the effects of aligning them all with tabs might be. You are clearly not an administrator. I have been taking this list silently for years. Amonst a lot of genuinely helpful contributions I have witnessed a regular splattering of rudeness and arrogance by some long standing contributors heaped on the heads of luckless administrators trying to succesfully configure postfix. I had no idea luckless meant to dumb or lazy to follow instructions.. You say you'd run netstat before Wietse asked you to? That being the case, why - in either of the responses immediately after that suggestion did you not simply say I did that - here's the output. For the luckless administrator in you I'd like to point out that ignoring something someone (indeed the only person engaged on issue) asks you twice to do something and you ignore it that is also rude. And when you get called on that rudeness you complain?!? The design of Postfix's configuration system and supporting documentation represents the honest efforts of people who have a single point of focus namely: Making postfix work when it has been given the appropriate configuration data. As does every other piece of SW in the entire world. IMHO Postfix needs to add to its goals a determination to make configuration a breeze rather than a challenge. That means diagnostic and corrective parsers and or an html based configuration interface. Such facilities would cut down the traffic on this list and stop a few people looking down their noses at thuose who make a mistake. You want to make it fool-proof? You'll only build a better class of fool to defeat it.
Re: spf configuration woes
On Friday 04 November 2011 14:07:36 Wietse Venema wrote: Benny Pedersen: On Fri, 4 Nov 2011 07:45:47 -0700, David Southwell wrote: policyd-spf unix - n n - 0 spawn user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl nobody have no write permissions in postfix private socket dir No, the Postfix master daemon creates the socket. it runs with system privileges. Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused since sockert is missing Yes, because of a master.cf configuration error. Wietse Lets assume that is the case. If so can anyone please help me identify the error? Grey listing is working. Relevant are: 1.master.cf 2. main.cf are below. (main.cf is shown with the spf lines commented out.) There are two versions of postconf -n: 3. Version 1 is when spf lines in main.cf are commented out. 4. Version 2 is when those lines are active. 5. Extracts from maillog showing results with the spf lines are turned on and then when they are turned off Search for '*' to page down successively to each of the 5 relevant extracts. **master.cf # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: man 5 master). # # Do not forget to execute postfix reload after editing this file. # # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy #submission inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickupfifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgrunix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounceunix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verifyunix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scacheunix - - n - 1 scache # # # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d
Re: spf configuration woes
On 2011-11-05 11:27, David Southwell wrote: Lets assume that is the case. If so can anyone please help me identify the error? [...] policyd-spf unix - n n - 0 spawn Is there whitespace at the beginning of this line? You have to remove it. man 5 master.cf says: SYNTAX The general format of the master.cf file is as follows: [...] A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line. So it has to start with: policyd-spf instead of: policyd-spf. Best Regards -- Kamil
Re: spf configuration woes
On Saturday 05 November 2011 04:13:17 Kamil Raczyński wrote: On 2011-11-05 11:27, David Southwell wrote: Lets assume that is the case. If so can anyone please help me identify the error? [...] policyd-spf unix - n n - 0 spawn Is there whitespace at the beginning of this line? You have to remove it. man 5 master.cf says: SYNTAX The general format of the master.cf file is as follows: [...] A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line. So it has to start with: policyd-spf instead of: policyd-spf. Best Regards Thank you Kamil Great observation .. this has moved it on a long way. But there is still one problem. You will see in the extract from maillog that spf does not like spf- policy_time_limit and there is still a report of server configuration error. Where can I find a definitive list of the correct commands and syntax for these commands (running postfix-policyd-spf-perl-2.007). (Currently the web site for openspf.org is down.) Hopefully this may be the last obstacle! David Extract from maillog: Nov 5 04:20:29 dns1 postfix/postfix-script[28619]: refreshing the Postfix mail system Nov 5 04:20:29 dns1 postfix/master[1324]: reload -- version 2.8.5, configuration /usr/local/etc/postfix Nov 5 04:20:48 dns1 postfix/smtpd[28626]: connect from mail-bw0- f58.google.com[209.85.214.58] Nov 5 04:20:49 dns1 postfix/policy-spf[28631]: : SPF pass (Mechanism 'ip4:209.85.128.0/17' matched): Envelope-from: rubyonrails-talk+bncCPHKr- etfxcmunt1bboeiub...@googlegroups.com Nov 5 04:20:49 dns1 postfix/policy-spf[28631]: handler sender_policy_framework: is decisive. Nov 5 04:20:49 dns1 postfix/policy-spf[28631]: : Policy action=PREPEND Received-SPF: pass (googlegroups.com ... _spf.google.com: 209.85.214.58 is authorized to use 'rubyonrails-talk+bncCPHKr- etfxcmunt1bboeiub...@googlegroups.com' in 'mfrom' identity (mechanism 'ip4:209.85.128.0/17' matched)) receiver=dns1.vizion2000.net; identity=mailfrom; envelope-from=rubyonrails-talk+bncCPHKr- etfxcmunt1bboeiub...@googlegroups.com; helo=mail-bw0-f58.google.com; client- ip=209.85.214.58 Nov 5 04:20:49 dns1 postfix/smtpd[28626]: warning: unknown smtpd restriction: spf-policy_time_limit Nov 5 04:20:49 dns1 postfix/smtpd[28626]: NOQUEUE: reject: RCPT from mail- bw0-f58.google.com[209.85.214.58]: 451 4.3.5 Server configuration error; from=rubyonrails-talk+bnccphkr-etfxcmunt1bboeiub...@googlegroups.com to=da...@atf4.com proto=ESMTP helo=mail-bw0-f58.google.com Nov 5 04:20:49 dns1 postfix/cleanup[28632]: D32BA119C4B: message- id=2005112049.d32ba119...@dns1.vizion2000.net Nov 5 04:20:49 dns1 postfix/smtpd[28626]: disconnect from mail-bw0- f58.google.com[209.85.214.58] Nov 5 04:20:49 dns1 postfix/qmgr[28625]: D32BA119C4B: from=double- bou...@dns1.vizion2000.net, size=967, nrcpt=1 (queue active) Nov 5 04:20:49 dns1 postfix/local[28633]: D32BA119C4B: to=r...@vizion2000.net, orig_to=postmaster, relay=local, delay=0.03, delays=0.01/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) Nov 5 04:20:49 dns1 postfix/qmgr[28625]: D32BA119C4B: removed Nov 5 04:21:50 dns1 postfix/smtpd[28626]: connect from unusquinquenovem.phi.ec-cluster.com[195.140.184.159] Nov 5 04:21:51 dns1 postfix/policy-spf[28631]: : SPF pass (Mechanism 'ip4:195.140.184.0/22' matched): Envelope-from: gbounce-6239235277-6160-600446737-1320491364...@bounce.youraccount.mbna.co.uk Nov 5 04:21:51 dns1 postfix/policy-spf[28631]: handler sender_policy_framework: is decisive. Nov 5 04:21:51 dns1 postfix/policy-spf[28631]: : Policy action=PREPEND Received-SPF: pass (bounce.youraccount.mbna.co.uk ... _spf.muc.ec- messenger.com: 195.140.184.159 is authorized to use 'gbounce-6239235277-6160-600446737-1320491364...@bounce.youraccount.mbna.co.uk' in 'mfrom' identity (mechanism 'ip4:195.140.184.0/22' matched)) receiver=dns1.vizion2000.net; identity=mailfrom; envelope- from=gbounce-6239235277-6160-600446737-1320491364...@bounce.youraccount.mbna.co.uk; helo=unusquinquenovem.phi.ec-cluster.com; client-ip=195.140.184.159 Nov 5 04:21:51 dns1 postfix/smtpd[28626]: warning: unknown smtpd restriction: spf-policy_time_limit Nov 5 04:21:51 dns1 postfix/smtpd[28626]: NOQUEUE: reject: RCPT from unusquinquenovem.phi.ec-cluster.com[195.140.184.159]: 451 4.3.5 Server configuration error; from=gbounce-6239235277-6160-600446737-1320491364...@bounce.youraccount.mbna.co.uk to=pa...@vizion2000.net proto=ESMTP helo=unusquinquenovem.phi.ec- cluster.com Nov 5 04:21:51 dns1 postfix/cleanup[28632]: 5ABAA119C4B: message- id=2005112151.5abaa119...@dns1.vizion2000.net Nov 5 04:21:51 dns1 postfix/smtpd[28626]: disconnect from unusquinquenovem.phi.ec-cluster.com[195.140.184.159] Nov 5 04:21:51 dns1 postfix/qmgr[28625]: 5ABAA119C4B: from=double- bou...@dns1.vizion2000.net, size=1152, nrcpt=1 (queue active) Nov 5 04:21:51 dns1 postfix/local[28633]:
Re: spf configuration woes
David Southwell: Yes, because of a master.cf configuration error. Lets assume that is the case. If so can anyone please help me identify the Have you run lsof or netstat already, to find out if postfix is listening on the policyd-spf socket? Do you prefer to debate the number of legs on a beetle, instead of simply going out and counting them. Wietse
Re: spf configuration woes
On Saturday 05 November 2011 04:57:26 Wietse Venema wrote: David Southwell: Yes, because of a master.cf configuration error. Lets assume that is the case. If so can anyone please help me identify the Have you run lsof or netstat already, to find out if postfix is listening on the policyd-spf socket? Do you prefer to debate the number of legs on a beetle, instead of simply going out and counting them. Wietse Did you read the original posting and the reply from Kamil. He spotted the primary cause. It was he who spotted the extrabefore policyd-spf in master.cf which was in the part of the post you cut out. So you were right it was an error in the master.cf but noone else spotted it before Kamil made his contribution. Would you prefer the value of your wonderful contributions over many years to postfix to be warmly appreciated or prefer to ignore the opportunity toidentify the cause of a problem by turning your attention to unnecessarily lacing your comments with seemingly trite shallow gibes? Take care David
Re: spf configuration woes
David Southwell: Did you read the original posting and the reply from Kamil. He spotted the primary cause. It was he who spotted the extrabefore policyd-spf in master.cf which was in the part of the post you cut out. So you were right it was an error in the master.cf but noone else spotted it before Kamil made his contribution. You could have spotted it days ago with lsof/netstat which would have told you immediately that postfix was not listening on the socket. Wietse
Re: spf configuration woes
On Saturday 05 November 2011 04:33:27 David Southwell wrote: On Saturday 05 November 2011 04:13:17 Kamil Raczyński wrote: On 2011-11-05 11:27, David Southwell wrote: Lets assume that is the case. If so can anyone please help me identify the error? [...] policyd-spf unix - n n - 0 spawn Is there whitespace at the beginning of this line? You have to remove it. man 5 master.cf says: SYNTAX The general format of the master.cf file is as follows: [...] A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line. So it has to start with: policyd-spf instead of: policyd-spf. Best Regards Thank you Kamil Great observation .. this has moved it on a long way. But there is still one problem. You will see in the extract from maillog that spf does not like spf- policy_time_limit and there is still a report of server configuration error. Where can I find a definitive list of the correct commands and syntax for these commands (running postfix-policyd-spf-perl-2.007). (Currently the web site for openspf.org is down.) Hopefully this may be the last obstacle! David Hi Kamil I solved this one -based on your observation- it was another example of an excessive this time before the time_limit entry. Once that was eliminated sspf works! You set me on the right track. Thank you David
Re: spf configuration woes
On Saturday 05 November 2011 05:13:22 Wietse Venema wrote: David Southwell: Did you read the original posting and the reply from Kamil. He spotted the primary cause. It was he who spotted the extrabefore policyd-spf in master.cf which was in the part of the post you cut out. So you were right it was an error in the master.cf but noone else spotted it before Kamil made his contribution. You could have spotted it days ago with lsof/netstat which would have told you immediately that postfix was not listening on the socket. Wietse Typical Wietse response. Everyone could see postfix was not listening but it took Kamil's careful scrutiny and knowledge to identify why - knowing why was what led to the solution. Diagnosis is valuable but without the ability to define the treatment the diagnosis is merely a matter of record. Clearly postfix is need of an intelligent parser that will to pinpoint errors such as this in master.cf and main.cf. That is because stupid computers are better at parsing chores than human beings. David
Re: spf configuration woes
On 5 November 2011 08:21, David Southwell ad...@vizion2000.net wrote: On Saturday 05 November 2011 05:13:22 Wietse Venema wrote: David Southwell: Did you read the original posting and the reply from Kamil. He spotted the primary cause. It was he who spotted the extra before policyd-spf in master.cf which was in the part of the post you cut out. So you were right it was an error in the master.cf but noone else spotted it before Kamil made his contribution. You could have spotted it days ago with lsof/netstat which would have told you immediately that postfix was not listening on the socket. Wietse Typical Wietse response. Everyone could see postfix was not listening but it And Wietse was trying to get you to find out why - instead of making random changes. He asked you at least twice to run netstat - did you do it? It would have saved you 18 hours and at least 3 long mails if you had. Typically ungrateful response to Wietse's help is more like it. People come on here, expect it him not only to write it, but keep it secure and spot typgraphical errors in their own configs because they're too lazy to look (and that laziness is exemplified by a laziness to follow a simple diagnostic instruction). took Kamil's careful scrutiny and knowledge to identify why - knowing why was what led to the solution. Which you'd have had much much earlier without the hand-holding had you followed Wietse's first request to run netstat. Diagnosis is valuable but without the ability to define the treatment the diagnosis is merely a matter of record. Only valuable if you follow the steps you're asked to perform. Spoonfeeding and proof-reading your errors in your config files is not diagnosis. Clearly postfix is need of an intelligent parser that will to pinpoint errors such as this in master.cf and main.cf. That is because stupid computers are better at parsing chores than human beings. Postfix has such a parser - which is why the documentation points out that lines should not start with a white-space. RTFM. Simon
Re: spf configuration woes
On Saturday 05 November 2011 06:42:12 Simon Brereton wrote: On 5 November 2011 08:21, David Southwell ad...@vizion2000.net wrote: On Saturday 05 November 2011 05:13:22 Wietse Venema wrote: David Southwell: Did you read the original posting and the reply from Kamil. He spotted the primary cause. It was he who spotted the extrabefore policyd-spf in master.cf which was in the part of the post you cut out. So you were right it was an error in the master.cf but noone else spotted it before Kamil made his contribution. You could have spotted it days ago with lsof/netstat which would have told you immediately that postfix was not listening on the socket. Wietse Typical Wietse response. Everyone could see postfix was not listening but it And Wietse was trying to get you to find out why - instead of making random changes. He asked you at least twice to run netstat - did you do it? yes - I had done it before wietse asked - it was too blindingly obvious everyone knew it was not starting. Wietse is too fond of being downright rude. It would have saved you 18 hours and at least 3 long mails if you had. Typically ungrateful response to Wietse's help is more like it. People come on here, expect it him not only to write it, but keep it secure and spot typgraphical errors in their own configs because they're too lazy to look (and that laziness is exemplified by a laziness to follow a simple diagnostic instruction). Misplaced critique. Like wietse you are jumping to conclusions. Assuming the worst rather than the best of people. The recomendation came after not before the act. took Kamil's careful scrutiny and knowledge to identify why - knowing why was what led to the solution. Which you'd have had much much earlier without the hand-holding had you followed Wietse's first request to run netstat. Sorry but that is B**t! The information about the excess space was there -- Wietse just didn't see it unless he was deliberately concealing the fact that he knew the excess space was there. That could not be true because he would have known that netstat would not have revealed the fact theat there was an excess space in the file. What would therefore have been the purpose of running netstat? Diagnosis is valuable but without the ability to define the treatment the diagnosis is merely a matter of record. Only valuable if you follow the steps you're asked to perform. Spoonfeeding and proof-reading your errors in your config files is not diagnosis. Clearly postfix is need of an intelligent parser that will to pinpoint errors such as this in master.cf and main.cf. That is because stupid computers are better at parsing chores than human beings. Postfix has such a parser - which is why the documentation points out that lines should not start with a white-space. Humble humans acknowledge we make errors. Wise humans use stupid computers to perform tasks that people are not good at. Stupid humans tell other people they are stupid when they make mistakes and tell them RTFM! You are failing to distinguish between a diagnostic parser and an executive parser. An executive parser rejects incorrectly configured lines at runtime. A diagnostic parser would tell you that there is an excess space at a specific location. A really good executive parser would also log the location of incorrectly configured lines to facilitate the work of an administrator. I do not expect anyone to solve my problems. On the other hand I do not expect them to be gratuitously rude rather than helpfully constructive. IF Wietse is unable to restrain himself from repeated bouts of arrogant rudeness then, IMHO, he needs counselling. In this case Kemil spotted the error. That helped me spot other errors. Kemil was constructive IMHPO Wietse was plain rude.
Re: spf configuration woes
On Sat, 5 Nov 2011 07:03:18 -0700 David Southwell articulated: In this case Kemil spotted the error. That helped me spot other errors. Kemil was constructive IMHPO Wietse was plain rude. In that case, cross Wietse off your Christmas card list and add Kemil. The users of this list are offering their services sans monetary compensation. If you don't like their advice/suggestions, that is your prerogative. However, it does not give you the right to degrade someone simple because they did not supply the answer you wanted. The problem was in your configuration. It was not Wietse's fault or a bug with Postfix. You created the problem. Now, I don't think Wietse would have any problem with you creating a custom configuration parser that would be more suitable to task for your needs. Perhaps if you spent more time on creating such an applications and less time on assailing Wietse your time would be better spent. -- Jerry ♔ postfix-u...@seibercom.net _ TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
executive parser (was: Re: spf configuration woes)
I have cut all the irrelevant and whiny crap from the quotes, and I ask that others please not continue that off-topic and useless discussion. One part of this, q.v., deserves to be addressed. On Saturday 05 November 2011 09:03:18 David Southwell wrote: On Saturday 05 November 2011 06:42:12 Simon Brereton wrote: On 5 November 2011 08:21, David Southwell ad...@vizion2000.net wrote: snip Clearly postfix is need of an intelligent parser that will to pinpoint errors such as this in master.cf and main.cf. That is because stupid computers are better at parsing chores than human beings. Postfix has such a parser - which is why the documentation points out that lines should not start with a white-space. snip You are failing to distinguish between a diagnostic parser and an executive parser. An executive parser rejects incorrectly configured lines at runtime. A diagnostic parser would tell you that there is an excess space at a specific location. A really good executive parser would also log the location of incorrectly configured lines to facilitate the work of an administrator. And that would be far more difficult than you imagine. How is this parser to know that the administrator did not intend to continue the logical line? It needs a DWIM filter. # a master.cf logical line submission inetn - n - - smtpd -o smtpd_tls_auth_only=yes -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=$submission_rcpt_restrictions -o milter_macro_daemon_name=ORIGINATING -o syslog_name=postfix-587 # a master.cf typo pickup fifon - n 60 1 pickup In this case we have a Postfix daemon, smtpd(8), which obviously should not have pickup fifo ... as a command argument. This one is potentially detectable by an automated parser. # a master.cf logical line dovecot unix- n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient} # a master.cf typo mailmanunix- n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} How is your executive parser going to know that dovecot-lda is not expecting mailman unix ... on its command line? It's easy to fuss and point fingers at inadequacies in software, but to address those shortcomings takes quite a bit of work. Wietse has said many times here that his time to spend on Postfix is limited. His approach was to provide clear and complete documentation of postconf(5) and master(5) files. The sample files in the source tarball include the syntax instructions as comments at the top. The fact is: if you follow directions carefully, you will not be bitten by mistakes of this nature. There is exactly one person to accept the blame here, if you want to talk about blame. But this list is not the place for that. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: executive parser (was: Re: spf configuration woes)
On Saturday 05 November 2011 07:50:58 /dev/rob0 wrote: I have cut all the irrelevant and whiny crap from the quotes, and I ask that others please not continue that off-topic and useless discussion. One part of this, q.v., deserves to be addressed. On Saturday 05 November 2011 09:03:18 David Southwell wrote: On Saturday 05 November 2011 06:42:12 Simon Brereton wrote: On 5 November 2011 08:21, David Southwell ad...@vizion2000.net wrote: snip Clearly postfix is need of an intelligent parser that will to pinpoint errors such as this in master.cf and main.cf. That is because stupid computers are better at parsing chores than human beings. Postfix has such a parser - which is why the documentation points out that lines should not start with a white-space. snip You are failing to distinguish between a diagnostic parser and an executive parser. An executive parser rejects incorrectly configured lines at runtime. A diagnostic parser would tell you that there is an excess space at a specific location. A really good executive parser would also log the location of incorrectly configured lines to facilitate the work of an administrator. And that would be far more difficult than you imagine. How do you know how much I imagine. What makes you believe that I do not know it is difficult! The problem you identify in subsequent lines, has its roots in postfix's rather primitive formatting structure. If it were replace by something like: {submission (variant,modifier [connector] data ) (variant = data) (variant = data) end submission } This type of formatting structure (it would need a few more symbols to cover all the current alternatives) is easier for humans to read, makes clear the separation between modules and facilitates the building of diagnostic executive parsers to test, implement and log outcomes. IMHO the problem caused by retaining the earliest forms of formatting known to unix is what presents postfix users unnecessary challenges. It is easier to change the formatting structure than map a parser to the current idiosyncratic framework. It would not be necessary to reinvent Postfix's executive parser because it would not be that difficult to build a diagnostic parser which could also convert a new format into the existing format. Idiosyncratic formatting is a curse inflicted on system administrators who are expected by those who are dedicated to supporting a single application. The demands they make on administrators are therefore unrealistic.
Re: executive parser (was: Re: spf configuration woes)
Just to add weight to my last posting - the use of a as a critical symbol is really quite idiotic. What cannot be seen should never be that significant!
RE: executive parser (was: Re: spf configuration woes)
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of David Southwell Sent: Saturday, November 05, 2011 9:41 AM To: postfix-users@postfix.org Cc: /dev/rob0 Subject: Re: executive parser (was: Re: spf configuration woes) Just to add weight to my last posting - the use of a as a critical symbol is really quite idiotic. What cannot be seen should never be that significant! The current RFC defining email message format is RFC5322, and it uses leading whitespace as line continuation in header fields. Its antecedents, going back as far as RFC733 (1977) and perhaps further, do the same thing. Thus, your assertion appears to be in conflict with quite a bit of operational history and experience.
spf configuration woes
System freebsd 8 Cannot get spf working with the server. Thanks in advance for any assistance. Here is the information: The following lines appear in master.cf: # Applied #1 postfix refereshed ok spf-policy unix - n n - 0 spawn user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl user nobody is in /etc/passwd nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin in /usr/local/sbin we have: [root@dns1 /usr/local/sbin]# ls -l |grep postfix -rwxr-xr-x 1 root wheel 117601 Nov 3 08:22 postfix -r-xr-xr-x 1 root wheel 11526 Nov 3 08:16 postfix-policyd-spf-perl If the following lines appear in main.cf check_policy_service unix:private/policyd-spf policyd-spf_time_limit = 3600 In the following context smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination check_policy_service unix:private/policyd-spf policyd-spf_time_limit = 3600 check_policy_service inet:127.0.0.1:10023 Here is an example of maillog error reports: Nov 3 10:57:51 dns1 postfix/smtpd[20636]: connect from mail-vw0- f52.google.com[209.85.212.52] Nov 3 10:57:52 dns1 postfix/smtpd[20636]: warning: connect to private/policyd-spf: Connection refused Nov 3 10:57:52 dns1 postfix/smtpd[20636]: warning: problem talking to server private/policyd-spf: Connection refused Nov 3 10:57:53 dns1 postfix/smtpd[20636]: warning: connect to private/policyd-spf: Connection refused Nov 3 10:57:53 dns1 postfix/smtpd[20636]: warning: problem talking to server private/policyd-spf: Connection refused Nov 3 10:57:53 dns1 postfix/smtpd[20636]: NOQUEUE: reject: RCPT from mail- vw0-f52.google.com[209.85.212.52]: 451 4.3.5 Server configuration problem; from=photoviz...@googlemail.com to=da...@vizion2000.net proto=ESMTP helo=mail-vw0-f52.google.com Nov 3 10:57:53 dns1 postfix/smtpd[20636]: disconnect from mail-vw0- f52.google.com[209.85.212.52] postconf -n does not seem to help as the only difference is that it reports the additional presence of the relevant lines. Working without spf lines enabled: postconf -n: alias_maps = hash:/etc/aliases command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 html_directory = /usr/local/share/doc/postfix inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_size_limit = 51200 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1 mydomain = vizion2000.net myhostname = dns1.vizion2000.net mynetworks = 62.49.197.48/28, 127.0.0.0/8 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases proxy_interfaces = dns1.vizion2000.net queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix relay_domains = $mydestination sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_helo_restrictions = reject_invalid_hostname smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination check_policy_service inet:127.0.0.1:10023 smtpd_sender_restrictions = reject_non_fqdn_sender soft_bounce = yes unknown_local_recipient_reject_code = 550 virtual_alias_domains = workplacemassage.co.uk, atf4.com, methuselaproject.org, methuselaproject.com, tiptogo.com, virtual_alias_maps = hash:/usr/local/etc/postfix/virtual, With spf and dreporting Server Configuration Problem alias_maps = hash:/etc/aliases command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 html_directory = /usr/local/share/doc/postfix inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_size_limit = 51200 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1 mydomain = vizion2000.net myhostname = dns1.vizion2000.net mynetworks = 62.49.197.48/28, 127.0.0.0/8 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases proxy_interfaces = dns1.vizion2000.net queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix relay_domains = $mydestination sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_helo_restrictions = reject_invalid_hostname smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination check_policy_service unix:private/policyd-spf policyd-spf_time_limit = 3600 check_policy_service inet:127.0.0.1:10023 smtpd_sender_restrictions =
Re: spf configuration woes
David Southwell: The following lines appear in master.cf: spf-policy unix - n n - 0 spawn This says: spf-policy If the following lines appear in main.cf check_policy_service unix:private/policyd-spf policyd-spf_time_limit = 3600 This says: policyd-spf The names must be the same. Wietse
Re: spf configuration woes
On Friday 04 November 2011 07:23:33 Wietse Venema wrote: David Southwell: The following lines appear in master.cf: spf-policy unix - n n - 0 spawn This says: spf-policy If the following lines appear in main.cf check_policy_service unix:private/policyd-spf policyd-spf_time_limit = 3600 This says: policyd-spf The names must be the same. Wietse Hi Wietse You spotted that quickly. Unfortunately there must be more than that wrong (assuming I made the right corrections): Changed master.cf lines to read: policyd-spf unix - n n - 0 spawn user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl Everything else remains the same HOWEVER: But still got the following errors when the lines in main.cf were unchecked: postfix/postfix-script[26646]: refreshing the Postfix mail system Nov 4 07:32:48 dns1 postfix/master[1328]: reload -- version 2.8.5, configuration /usr/local/etc/postfix Nov 4 07:37:21 dns1 postfix/smtpd[26676]: connect from bmdeda7.com[72.51.37.19] Nov 4 07:37:21 dns1 postfix/smtpd[26676]: NOQUEUE: reject: RCPT from bmdeda7.com[72.51.37.19]: 454 4.7.1 rames...@iinis.com: Relay access denied; from=bou...@bmsend.com to=rames...@iinis.com proto=ESMTP helo=bmdeda7.com Nov 4 07:37:22 dns1 postfix/smtpd[26676]: disconnect from bmdeda7.com[72.51.37.19] Nov 4 07:37:50 dns1 postfix/smtpd[26676]: connect from postbox.kde.org[46.4.96.248] Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: problem talking to server private/policyd-spf: Connection refused Nov 4 07:37:51 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused Nov 4 07:37:51 dns1 postfix/smtpd[26676]: warning: problem talking to server private/policyd-spf: Connection refused Nov 4 07:37:51 dns1 postfix/smtpd[26676]: NOQUEUE: reject: RCPT from postbox.kde.org[46.4.96.248]: 451 4.3.5 Server configuration problem; from=kdepim-users-boun...@kde.org to=da...@vizion2000.net proto=ESMTP helo=postbox.kde.org Nov 4 07:37:51 dns1 postfix/smtpd[26676]: disconnect from postbox.kde.org[46.4.96.248]
Re: spf configuration woes
On Friday 04 November 2011 07:23:33 Wietse Venema wrote: David Southwell: The following lines appear in master.cf: spf-policy unix - n n - 0 spawn This says: spf-policy If the following lines appear in main.cf check_policy_service unix:private/policyd-spf policyd-spf_time_limit = 3600 This says: policyd-spf The names must be the same. Wietse Hi Wietse You spotted that quickly. Unfortunately there must be more than that wrong (assuming I made the right corrections): Changed master.cf lines to read: policyd-spf unix - n n - 0 spawn user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl Everything else remains the same HOWEVER: But still got the following errors when the lines in main.cf were unchecked: postfix/postfix-script[26646]: refreshing the Postfix mail system Nov 4 07:32:48 dns1 postfix/master[1328]: reload -- version 2.8.5, configuration /usr/local/etc/postfix Nov 4 07:37:21 dns1 postfix/smtpd[26676]: connect from bmdeda7.com[72.51.37.19] Nov 4 07:37:21 dns1 postfix/smtpd[26676]: NOQUEUE: reject: RCPT from bmdeda7.com[72.51.37.19]: 454 4.7.1 rames...@iinis.com: Relay access denied; from=bou...@bmsend.com to=rames...@iinis.com proto=ESMTP helo=bmdeda7.com Nov 4 07:37:22 dns1 postfix/smtpd[26676]: disconnect from bmdeda7.com[72.51.37.19] Nov 4 07:37:50 dns1 postfix/smtpd[26676]: connect from postbox.kde.org[46.4.96.248] Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: problem talking to server private/policyd-spf: Connection refused Nov 4 07:37:51 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused Nov 4 07:37:51 dns1 postfix/smtpd[26676]: warning: problem talking to server private/policyd-spf: Connection refused Nov 4 07:37:51 dns1 postfix/smtpd[26676]: NOQUEUE: reject: RCPT from postbox.kde.org[46.4.96.248]: 451 4.3.5 Server configuration problem; from=kdepim-users-boun...@kde.org to=da...@vizion2000.net proto=ESMTP helo=postbox.kde.org Nov 4 07:37:51 dns1 postfix/smtpd[26676]: disconnect from postbox.kde.org[46.4.96.248]
Re: spf configuration woes
David Southwell: [ Charset ISO-8859-1 unsupported, converting... ] On Friday 04 November 2011 07:23:33 Wietse Venema wrote: David Southwell: The following lines appear in master.cf: spf-policy unix - n n - 0 spawn This says: spf-policy If the following lines appear in main.cf check_policy_service unix:private/policyd-spf policyd-spf_time_limit = 3600 This says: policyd-spf The names must be the same. Wietse Hi Wietse You spotted that quickly. Unfortunately there must be more than that wrong (assuming I made the right corrections): Changed master.cf lines to read: policyd-spf unix - n n - 0 spawn user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl You need to save the file before doing postfix reload. Everything else remains the same HOWEVER: But still got the following errors when the lines in main.cf were unchecked: postfix/postfix-script[26646]: refreshing the Postfix mail system Nov 4 07:32:48 dns1 postfix/master[1328]: reload -- version 2.8.5, configuration /usr/local/etc/postfix You need to edit master.cf in /usr/local/etc/postfix. You need to think about such details, because computers are stupid. Wietse
Re: spf configuration woes
On Friday 04 November 2011 08:01:19 Wietse Venema wrote: David Southwell: [ Charset ISO-8859-1 unsupported, converting... ] On Friday 04 November 2011 07:23:33 Wietse Venema wrote: David Southwell: The following lines appear in master.cf: spf-policy unix - n n - 0 spawn This says: spf-policy If the following lines appear in main.cf check_policy_service unix:private/policyd-spf policyd-spf_time_limit = 3600 This says: policyd-spf The names must be the same. Wietse Hi Wietse You spotted that quickly. Unfortunately there must be more than that wrong (assuming I made the right corrections): Changed master.cf lines to read: policyd-spf unix - n n - 0 spawn user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl You need to save the file before doing postfix reload. Everything else remains the same HOWEVER: But still got the following errors when the lines in main.cf were unchecked: postfix/postfix-script[26646]: refreshing the Postfix mail system Nov 4 07:32:48 dns1 postfix/master[1328]: reload -- version 2.8.5, configuration /usr/local/etc/postfix You need to edit master.cf in /usr/local/etc/postfix. You need to think about such details, because computers are stupid. Wietse Umph I am not that stupid! The results were from /usr/local/etc/postfix as shown! - I didnt realise you would assume the error came from such an ommission chuckles otherwise I would have assured you to the contrary! david David
Re: spf configuration woes
On Friday 04 November 2011 08:01:19 Wietse Venema wrote: David Southwell: [ Charset ISO-8859-1 unsupported, converting... ] On Friday 04 November 2011 07:23:33 Wietse Venema wrote: David Southwell: The following lines appear in master.cf: spf-policy unix - n n - 0 spawn This says: spf-policy If the following lines appear in main.cf check_policy_service unix:private/policyd-spf policyd-spf_time_limit = 3600 This says: policyd-spf The names must be the same. Wietse Hi Wietse You spotted that quickly. Unfortunately there must be more than that wrong (assuming I made the right corrections): Changed master.cf lines to read: policyd-spf unix - n n - 0 spawn user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl You need to save the file before doing postfix reload. Everything else remains the same HOWEVER: But still got the following errors when the lines in main.cf were unchecked: postfix/postfix-script[26646]: refreshing the Postfix mail system Nov 4 07:32:48 dns1 postfix/master[1328]: reload -- version 2.8.5, configuration /usr/local/etc/postfix You need to edit master.cf in /usr/local/etc/postfix. You need to think about such details, because computers are stupid. Wietse Umph I am not that stupid! The results were from /usr/local/etc/postfix as shown! - I didnt realise you would assume the error came from such an ommission chuckles otherwise I would have assured you to the contrary! david David
Re: spf configuration woes
David Southwell wrote: But still got the following errors when the lines in main.cf were unchecked: [snip] Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused You need to find out why your policy server isn't responding to Postfix. Since it's set up for a Unix socket, you likely either have a permissions issue (eg, running as the wrong user) or the policy server isn't running. -kgd
Re: spf configuration woes
On Friday 04 November 2011 08:01:19 Wietse Venema wrote: David Southwell: [ Charset ISO-8859-1 unsupported, converting... ] On Friday 04 November 2011 07:23:33 Wietse Venema wrote: David Southwell: The following lines appear in master.cf: spf-policy unix - n n - 0 spawn This says: spf-policy If the following lines appear in main.cf check_policy_service unix:private/policyd-spf policyd-spf_time_limit = 3600 This says: policyd-spf The names must be the same. Wietse Hi Wietse You spotted that quickly. Unfortunately there must be more than that wrong (assuming I made the right corrections): Changed master.cf lines to read: policyd-spf unix - n n - 0 spawn user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl You need to save the file before doing postfix reload. Everything else remains the same HOWEVER: But still got the following errors when the lines in main.cf were unchecked: postfix/postfix-script[26646]: refreshing the Postfix mail system Nov 4 07:32:48 dns1 postfix/master[1328]: reload -- version 2.8.5, configuration /usr/local/etc/postfix You need to edit master.cf in /usr/local/etc/postfix. You need to think about such details, because computers are stupid. Wietse Any other suggestions ? Could there be anything wrong with the time-limit statement? I have tried a few variations on that but to no avail. As soon as the spf lines are turned on I get the server configuration failure. David
Re: spf configuration woes
On Friday 04 November 2011 09:24:40 Kris Deugau wrote: David Southwell wrote: But still got the following errors when the lines in main.cf were unchecked: [snip] Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused You need to find out why your policy server isn't responding to Postfix. Since it's set up for a Unix socket, you likely either have a permissions issue (eg, running as the wrong user) or the policy server isn't running. -kgd Sounds sensible. Any advice on how I can check that out? David
Re: spf configuration woes
David Southwell: On Friday 04 November 2011 09:24:40 Kris Deugau wrote: David Southwell wrote: But still got the following errors when the lines in main.cf were unchecked: [snip] Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused You need to find out why your policy server isn't responding to Postfix. Since it's set up for a Unix socket, you likely either have a permissions issue (eg, running as the wrong user) or the policy server isn't running. -kgd Sounds sensible. Any advice on how I can check that out? You can use lsof or netstat to find out what is listening. On FreeBSD (which I recall is the platform) the error Connection refused means that no process is listening on the port. Hence, my suspicion about editing the wrong file or saving the file at the wrong time. Wietse
Re: spf configuration woes
On Friday 04 November 2011 10:24:54 Wietse Venema wrote: David Southwell: On Friday 04 November 2011 09:24:40 Kris Deugau wrote: David Southwell wrote: But still got the following errors when the lines in main.cf were unchecked: [snip] Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused You need to find out why your policy server isn't responding to Postfix. Since it's set up for a Unix socket, you likely either have a permissions issue (eg, running as the wrong user) or the policy server isn't running. -kgd Sounds sensible. Any advice on how I can check that out? You can use lsof or netstat to find out what is listening. On FreeBSD (which I recall is the platform) the error Connection refused means that no process is listening on the port. Hence, my suspicion about editing the wrong file or saving the file at the wrong time. Wietse Make sense but I do not thinbk that is problem. I have been most careful about that bit. Pardon my ignorance but where is port configured and how is the process started? Thanks for your help David
Re: spf configuration woes
On Friday 04 November 2011 10:24:54 Wietse Venema wrote: David Southwell: On Friday 04 November 2011 09:24:40 Kris Deugau wrote: David Southwell wrote: But still got the following errors when the lines in main.cf were unchecked: [snip] Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused You need to find out why your policy server isn't responding to Postfix. Since it's set up for a Unix socket, you likely either have a permissions issue (eg, running as the wrong user) or the policy server isn't running. -kgd Sounds sensible. Any advice on how I can check that out? You can use lsof or netstat to find out what is listening. On FreeBSD (which I recall is the platform) the error Connection refused means that no process is listening on the port. Hence, my suspicion about editing the wrong file or saving the file at the wrong time. Wietse I tried to test policyd-spf-perl manually with results as can be seen below. This does seem to confirm the notion that for some as yet unbeknown reason the process is not being launched. Any ideas where I should be looking? [root@dns1 /usr/local/sbin]# postfix-policyd-spf-perl request=smtpd_access_policy protocol_state=RCPT protocol_name=SMTP helo_name=hforge.com queue_id=8045F2AB23 sender=info@hforge.com recipient=da...@vizion2000.net client_address=81.169.1.52 client_name=h.server***.net action=PREPEND Received-SPF: none (hforge.com: No applicable sender policy available) receiver=dns1.vizion2000.net; identity=mailfrom; envelope- from=info@hforge.com; helo=hforge.com; client-ip=81.169.1.52
Re: spf configuration woes
On Friday 04 November 2011 10:24:54 Wietse Venema wrote: David Southwell: On Friday 04 November 2011 09:24:40 Kris Deugau wrote: David Southwell wrote: But still got the following errors when the lines in main.cf were unchecked: [snip] Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused You need to find out why your policy server isn't responding to Postfix. Since it's set up for a Unix socket, you likely either have a permissions issue (eg, running as the wrong user) or the policy server isn't running. -kgd Sounds sensible. Any advice on how I can check that out? You can use lsof or netstat to find out what is listening. On FreeBSD (which I recall is the platform) the error Connection refused means that no process is listening on the port. Hence, my suspicion about editing the wrong file or saving the file at the wrong time. Wietse I tried to test policyd-spf-perl manually with results as can be seen below. This does seem to confirm the notion that for some as yet unbeknown reason the process is not being launched. Any ideas where I should be looking? [root@dns1 /usr/local/sbin]# postfix-policyd-spf-perl request=smtpd_access_policy protocol_state=RCPT protocol_name=SMTP helo_name=hforge.com queue_id=8045F2AB23 sender=info@hforge.com recipient=da...@vizion2000.net client_address=81.169.1.52 client_name=h.server***.net action=PREPEND Received-SPF: none (hforge.com: No applicable sender policy available) receiver=dns1.vizion2000.net; identity=mailfrom; envelope- from=info@hforge.com; helo=hforge.com; client-ip=81.169.1.52
Re: spf configuration woes
On Fri, Nov 4, 2011 at 3:57 PM, David Southwell ad...@vizion2000.netwrote: On Friday 04 November 2011 10:24:54 Wietse Venema wrote: David Southwell: On Friday 04 November 2011 09:24:40 Kris Deugau wrote: David Southwell wrote: But still got the following errors when the lines in main.cf were unchecked: [snip] Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused You need to find out why your policy server isn't responding to Postfix. Since it's set up for a Unix socket, you likely either have a permissions issue (eg, running as the wrong user) or the policy server isn't running. -kgd Sounds sensible. Any advice on how I can check that out? You can use lsof or netstat to find out what is listening. On FreeBSD (which I recall is the platform) the error Connection refused means that no process is listening on the port. Hence, my suspicion about editing the wrong file or saving the file at the wrong time. Wietse I tried to test policyd-spf-perl manually with results as can be seen below. This does seem to confirm the notion that for some as yet unbeknown reason the process is not being launched. Any ideas where I should be looking? [root@dns1 /usr/local/sbin]# postfix-policyd-spf-perl request=smtpd_access_policy protocol_state=RCPT protocol_name=SMTP helo_name=hforge.com queue_id=8045F2AB23 sender=info@hforge.com recipient=da...@vizion2000.net client_address=81.169.1.52 client_name=h.server***.net action=PREPEND Received-SPF: none (hforge.com: No applicable sender policy available) receiver=dns1.vizion2000.net; identity=mailfrom; envelope- from=info@hforge.com; helo=hforge.com; client-ip=81.169.1.52 Usually, when you can run a process as root and cannot start it as a background service, the problem is that the user that is the owner of the service does not have enough permissions to open or access some resource (usually pid file, run file, socket file or config file). Try looking for: 1) which user/group is the owner of the service when you started it in background as a daemon. 2) see if that user/group has enough permissions to access the files it should access with read AND write permissions. Look for pid files, socket files and at last for config file. Fernando Maior
Re: spf configuration woes
David Southwell: Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused You can use lsof or netstat to find out what is listening. Have you tried that already? On FreeBSD (which I recall is the platform) the error Connection refused means that no process is listening on the port. Hence, my suspicion about editing the wrong file or saving the file at the wrong time. Pardon my ignorance but where is port configured and how is the process started? The port (/some/where/private/policyd-spf) is configured in master.cf. You use lsof or netstat to verify that something is listening on that port. If nothing is listening, then you made an error configuring master.cf. Wietse
Re: spf configuration woes
On Fri, 4 Nov 2011 07:45:47 -0700, David Southwell wrote: policyd-spf unix - n n - 0 spawn user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl nobody have no write permissions in postfix private socket dir Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused since sockert is missing
Re: spf configuration woes
Benny Pedersen: On Fri, 4 Nov 2011 07:45:47 -0700, David Southwell wrote: policyd-spf unix - n n - 0 spawn user=nobody argv=/usr/local/sbin/postfix-policyd-spf-perl nobody have no write permissions in postfix private socket dir No, the Postfix master daemon creates the socket. it runs with system privileges. Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to private/policyd-spf: Connection refused since sockert is missing Yes, because of a master.cf configuration error. Wietse