Nigel,
> >>> Here the log of e messages sent manually (telnet <MTA> 25) that is
> >>>
> >> not
> >>
> >>> considered by quota module of policyd (while I would like that my
> >>> quota policy matches this message too). The notably fact (at least
> I
> >>> think) is that $VAR1 = undef.
> >>>
> >>> [2009/02/24-09:47:04 - 5853] [CORE] INFO: 2009/02/24-09:47:04
> >>>
> > CONNECT
> >
> >>> TCP Peer: "127.0.0.1:35370" Local: "127.0.0.1:10031"
> >>> [2009/02/24-09:47:04 - 5853] [PROTOCOLS/Postfix] DEBUG: Possible
> >>> Postfix protocol
> >>> [2009/02/24-09:47:04 - 5853] [PROTOCOLS/Postfix] INFO: Identified
> >>> Postfix protocol
> >>> [2009/02/24-09:47:04 - 5853] [TRACKING] DEBUG: No session tracking
> >>> data exists for request: $VAR1 = {
> >>> 'ccert_fingerprint' => '',
> >>> 'sasl_method' => '',
> >>> 'sasl_sender' => '',
> >>> 'size' => '6',
> >>> '_timestamp' => 1235465224,
> >>> 'helo_name' => 'sndr',
> >>> 'reverse_client_name' => 'unknown',
> >>> 'queue_id' => '9C47115B6FA',
> >>> 'encryption_cipher' => '',
> >>> 'encryption_protocol' => '',
> >>> 'etrn_domain' => '',
> >>> 'ccert_subject' => '',
> >>> 'request' => 'smtpd_access_policy',
> >>> 'protocol_state' => 'END-OF-MESSAGE',
> >>> 'stress' => '',
> >>> '_protocol_peeraddr' => '127.0.0.1',
> >>> 'recipient' => 'roc...@rcpt',
> >>> 'sasl_username' => '',
> >>> 'instance' => '7f9.49a3b408.9b0be.0',
> >>> 'protocol_name' => 'SMTP',
> >>> 'encryption_keysize' => '0',
> >>> 'recipient_count' => '1',
> >>> 'ccert_issuer' => '',
> >>> 'sender' => 'roc...@sndr',
> >>> 'client_name' => 'unknown',
> >>> 'client_address' => 'xxx.yyy.zzz.uuu',
> >>> '_protocol_transport' => 'Postfix'
> >>> };
> >>> [2009/02/24-09:47:04 - 5853] [TRACKING] DEBUG: Protocol state is
> >>> 'END-OF-MESSAGE', decoding poliy...
> >>>
> >>>
> >> This is in END-OF-MESSAGE stage.
> >>
> >>
> >>> [2009/02/24-09:47:04 - 5853] [TRACKING] DEBUG: Decoded into: $VAR1
> =
> >>> undef;
> >>>
> >>>
> >> This is because no tracking information is found for it. Either it
> >> never matched a policy, or the message was not seen by policyd in
> the
> >> RCPT stage.
> >>
> >>
> >
> > Sorry, but I have understood not completely well.. I have the
> > following postfix setup:
> >
> > smtpd_recipient_restrictions =
> > check_client_access
> > proxy:mysql:/etc/postfix/mysql-check-client-access.cf
> > permit_mynetworks
> > permit_sasl_authenticated
> > reject_unauth_destination
> > reject_non_fqdn_sender
> > reject_non_fqdn_recipient
> > reject_unlisted_sender
> > reject_unlisted_recipient
> > reject_unknown_sender_domain
> > reject_invalid_hostname
> > reject_rbl_client zen.spamhaus.org
> > reject_rbl_client list.dsbl.org
> > check_policy_service inet:127.0.0.1:54000
> > check_policy_service inet:127.0.0.1:10031
> >
> > smtpd_end_of_data_restrictions =
> > check_policy_service inet:127.0.0.1:10031
> >
> > Moreover, the only active policy in Policyd is the one bound to the
> > quota which limit the number of messages per hour to 60, from "!@"
to
> > "any".
> >
> > So:
> >
> > 1) The message have to be matched from the policy
> > 2) How is then that "the message was not seen by policyd in the RCPT
> > stage"? Why this could be happen? I can't figure out!
> >
> > Thank you for your interest!
> >
> This is not really a policyd related problem .... if you PERMIT
> something BEFORE check_policyd_service in Postfix, Postfix will not
> make a policy request and therefore policyd will not know about the
> message.
> Then, when it hits the end_of_data stage, as check_policyd_service is
> the only item there, it will say it cannot find the message ... which
> is 100% correct.
>
> Likewise if your first policy service permits the message, it will not
> be seen by the second policy service (policyd) in your configuration
> above.
OK,
now I say:
1) surely "check_client_access" control return OK for "internal" IP (the
ones which are enable to relay trhough my platform).
2) why the messages from internal Ip are not passed to policyd in the
next stage, that is during "smtpd_end_of_data_restrictions" (as that
policy service is the only in that set of restriction)? Or what happens?
rocsca
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
