On 07/12/11 04:31, Juan Rossi wrote:
> Sure, here we go, with a second policy, that has more priority:
>
>
> Prio:25 - Default unauthenticated, !%internal_ips,
> !%unauthenticated_src_whitelist, !%unauthenticated_dest_white
>
> Prio:26 - Default Filter unauthenticated, that do not come from internal
> ips, and are not whilisted as unauthenticated sources or destinations
>
>
> Prio:35 - Default authenticated,!%authenticated_whitelist
>
>
> I have the greylisting module enabled (greylist name: policy):
>
> Do not Greylist: Default authenticated,!%authenticated_whitelist
>
> Greylist: Default unauthenticated, !%internal_ips,
> !%unauthenticated_src_whitelist, !%unauthenticated_dest_whitelist
>
> Access module configured with (name: policy: veredict: data)
>
> spamfiltering : Default Filter unauthenticated, that do not come from
> internal ips, and are not whilisted as unauthenticated sources or
> destinations : FILTER : spamassassin:dummy
>
>
> The log is the following, the bits important I think they are on the
> scope of:
>
> [2011/07/12-02:22:24 - 31441] [CBPOLICYD] DEBUG: Got request, running
> modules...
> [2011/07/12-02:22:24 - 31441] [CBPOLICYD] DEBUG: Running module: Access
> Control Plugin
> [2011/07/12-02:22:24 - 31441] [CBPOLICYD] DEBUG: Done with modules
>
>
> Seems that policies do not get resolved one after another, the access
> module, even dough that is in second priority takes over:
>
>
> debug log:
>
>
> [2011/07/12-02:22:24 - 31441] [CORE] INFO: 2011/07/12-02:22:24 CONNECT
> TCP Peer: "127.0.0.1:44366" Local: "127.0.0.1:10031"
> [2011/07/12-02:22:24 - 31412] [CORE] INFO: Starting "1" children
> [2011/07/12-02:22:24 - 31441] [TRACKING] DEBUG: No session tracking data
> exists for request: $VAR1 = {
> 'ccert_fingerprint' => '',
> 'sasl_method' => '',
> 'sasl_sender' => '',
> 'size' => '1094',
> '_timestamp' => 1310437344,
> 'helo_name' => 'mail.rimuhosting.com',
> 'reverse_client_name' => 'mail.rimuhosting.com',
> 'queue_id' => '',
> 'encryption_cipher' => '',
> 'encryption_protocol' => '',
> 'etrn_domain' => '',
> 'ccert_subject' => '',
> 'request' => 'smtpd_access_policy',
> 'protocol_state' => 'RCPT',
> 'stress' => '',
> 'recipient' => '[email protected]',
> 'sasl_username' => '',
> 'instance' => '14f.4e1bafe0.e9450.0',
> 'protocol_name' => 'ESMTP',
> 'encryption_keysize' => '0',
> 'recipient_count' => '0',
> 'ccert_issuer' => '',
> 'sender' => '[email protected]',
> 'client_name' => 'mail.rimuhosting.com',
> 'client_address' => '206.123.102.5',
> '_protocol_transport' => 'Postfix'
> };
> [2011/07/12-02:22:24 - 31441] [TRACKING] DEBUG: Added session tracking
> information for: $VAR1 = {
> 'ccert_fingerprint' => '',
> 'sasl_method' => '',
> 'sasl_sender' => '',
> 'size' => '1094',
> '_timestamp' => 1310437344,
> 'helo_name' => 'mail.rimuhosting.com',
> 'reverse_client_name' => 'mail.rimuhosting.com',
> 'queue_id' => '',
> 'encryption_cipher' => '',
> 'encryption_protocol' => '',
> 'etrn_domain' => '',
> 'ccert_subject' => '',
> 'request' => 'smtpd_access_policy',
> 'protocol_state' => 'RCPT',
> 'stress' => '',
> 'recipient' => '[email protected]',
> 'sasl_username' => '',
> 'instance' => '14f.4e1bafe0.e9450.0',
> 'protocol_name' => 'ESMTP',
> 'encryption_keysize' => '0',
> 'recipient_count' => '0',
> 'ccert_issuer' => '',
> 'sender' => '[email protected]',
> 'client_name' => 'mail.rimuhosting.com',
> 'client_address' => '206.123.102.5',
> '_protocol_transport' => 'Postfix'
> };
> [2011/07/12-02:22:24 - 31441] [TRACKING] DEBUG: Protocol state is
> 'RCPT', resolving policy...
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: Going to resolve session
> data into policy: $VAR1 = {
> 'Recipient' => '[email protected]',
> 'SASLUsername' => '',
> 'QueueID' => '',
> 'RecipientData' => '',
> 'Instance' => '14f.4e1bafe0.e9450.0',
> 'EncryptionCipher' => '',
> 'Size' => '2',
> 'EncryptionKeySize' => '0',
> 'EncryptionProtocol' => '',
> 'Helo' => 'mail.rimuhosting.com',
> 'ClientAddress' => '206.123.102.5',
> 'ClientName' => 'mail.rimuhosting.com',
> 'Sender' => '[email protected]',
> 'SASLSender' => '',
> 'Protocol' => 'ESMTP',
> 'ClientReverseName' => 'mail.rimuhosting.com',
> 'SASLMethod' => ''
> };
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: Found policy member with
> ID '1' in policy 'Default'
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: Found policy member with
> ID '6' in policy 'Default authenticated,!%authenticated_whitelist'
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: Found policy member with
> ID '7' in policy 'Default unauthenticated, !%internal_ips,
> !%unauthenticated_src_whitelist, !%unauthenticated_dest_whitelist'
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: Found policy member with
> ID '8' in policy 'Default Filter unauthenticated, that do not come from
> internal ips, and are not whilisted as unauthenticated sources or
> destinations'
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:1/Name:Default]:
> Source not defined or 'any', explicit match: matched=1
> [2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:1/Name:Default]:
> Source matching result: matched=1
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:1/Name:Default]:
> Destination not defined or 'any', explicit match: matched=1
> [2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:1/Name:Default]:
> Destination matching result: matched=1
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:6/Name:Default
> authenticated,!%authenticated_whitelist]: Main policy sources
> '$*,!%authenticated_whitelist'
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:6/Name:Default
> authenticated,!%authenticated_whitelist]: - Resolved source '$*' to a
> SASL user specification, match = 0
> [2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:6/Name:Default
> authenticated,!%authenticated_whitelist]: Source matching result: matched=0
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]: Main policy sources
> '$-,!%internal_ips,!%unauthenticated_src_whitelist'
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]: - Resolved source '$-' to a SASL user
> specification, match = 1
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]: Group 'internal_ips' has 1 source(s)
> => 127.0.0.0/8
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]=>(group:internal_ips): - Resolved
> source '127.0.0.0/8' to a IP/CIDR specification, match = 0
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]=>(group:internal_ips): Source group
> result: matched=0
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]: Group 'unauthenticated_src_whitelist'
> has 0 source(s) =>
> [2011/07/12-02:22:24 - 31441] [POLICIES] WARNING: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]: No group members for source group
> 'unauthenticated_src_whitelist'
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]=>(group:unauthenticated_src_whitelist):
> Source
> group result: matched=0
> [2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]: Source matching result: matched=1
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]: Main policy destinations
> '!%unauthenticated_dest_whitelist'
> [2011/07/12-02:22:24 - 339] [CORE] DEBUG: Child Preforked (339)
> [2011/07/12-02:22:24 - 339] [CBPOLICYD] DEBUG: Starting up caching engine
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]: Group
> 'unauthenticated_dest_whitelist' has 0 destination(s) =>
> [2011/07/12-02:22:24 - 31441] [POLICIES] WARNING: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]: No group members for destination
> group 'unauthenticated_dest_whitelist'
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]=>(group:unauthenticated_dest_whitelist):
> Destination group result: matched=0
> [2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:7/Name:Default
> unauthenticated, !%internal_ips, !%unauthenticated_src_whitelist,
> !%unauthenticated_dest_whitelist]: Destination matching result: matched=1
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
> Filter unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or destinations]: Main policy
> sources '$-,!%internal_ips,!%unauthenticated_src_whitelist'
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
> Filter unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or destinations]: - Resolved source
> '$-' to a SASL user specification, match = 1
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
> Filter unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or destinations]: Group
> 'internal_ips' has 1 source(s) => 127.0.0.0/8
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
> Filter unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or
> destinations]=>(group:internal_ips): - Resolved source '127.0.0.0/8' to
> a IP/CIDR specification, match = 0
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
> Filter unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or
> destinations]=>(group:internal_ips): Source group result: matched=0
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
> Filter unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or destinations]: Group
> 'unauthenticated_src_whitelist' has 0 source(s) =>
> [2011/07/12-02:22:24 - 31441] [POLICIES] WARNING: [ID:8/Name:Default
> Filter unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or destinations]: No group members
> for source group 'unauthenticated_src_whitelist'
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
> Filter unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or
> destinations]=>(group:unauthenticated_src_whitelist): Source group
> result: matched=0
> [2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:8/Name:Default Filter
> unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or destinations]: Source matching
> result: matched=1
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
> Filter unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or destinations]: Main policy
> destinations '!%unauthenticated_dest_whitelist'
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
> Filter unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or destinations]: Group
> 'unauthenticated_dest_whitelist' has 0 destination(s) =>
> [2011/07/12-02:22:24 - 31441] [POLICIES] WARNING: [ID:8/Name:Default
> Filter unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or destinations]: No group members
> for destination group 'unauthenticated_dest_whitelist'
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: [ID:8/Name:Default
> Filter unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or
> destinations]=>(group:unauthenticated_dest_whitelist): Destination group
> result: matched=0
> [2011/07/12-02:22:24 - 31441] [POLICIES] INFO: [ID:8/Name:Default Filter
> unauthenticated, that do not come from internal ips, and are not
> whilisted as unauthenticated sources or destinations]: Destination
> matching result: matched=1
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: END RESULT: prio=0 =>
> policy ids: 1
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: END RESULT: prio=25 =>
> policy ids: 7
> [2011/07/12-02:22:24 - 31441] [POLICIES] DEBUG: END RESULT: prio=26 =>
> policy ids: 8
> [2011/07/12-02:22:24 - 31441] [TRACKING] DEBUG: Policy resolved into:
> $VAR1 = {
> '25' => [
> '7'
> ],
> '0' => [
> '1'
> ],
> '26' => [
> '8'
> ]
> };
> [2011/07/12-02:22:24 - 31441] [TRACKING] DEBUG: Request translated into
> session data: $VAR1 = {
> 'Recipient' => '[email protected]',
> 'SASLUsername' => '',
> 'QueueID' => '',
> 'RecipientData' => '',
> 'Instance' => '14f.4e1bafe0.e9450.0',
> 'EncryptionCipher' => '',
> 'Size' => '2',
> 'EncryptionKeySize' => '0',
> 'ParsedClientAddress' => {
> 'Broadcast_Long' => 3464193541,
> 'Network' => '206.123.102.5',
> 'IP_Long' => 3464193541,
> 'Broadcast' => '206.123.102.5',
> 'IP' => '206.123.102.5',
> 'Mask_Long' => 4294967295,
> 'Network_Long' => 3464193541
> },
> 'ProtocolTransport' => 'Postfix',
> 'EncryptionProtocol' => '',
> 'Helo' => 'mail.rimuhosting.com',
> 'ClientAddress' => '206.123.102.5',
> 'ClientName' => 'mail.rimuhosting.com',
> 'Sender' => '[email protected]',
> 'SASLSender' => '',
> 'Timestamp' => 1310437344,
> 'ProtocolState' => 'RCPT',
> 'Policy' => {
> '25' => [
> '7'
> ],
> '0' => [
> '1'
> ],
> '26' => [
> '8'
> ]
> },
> 'Protocol' => 'ESMTP',
> 'ClientReverseName' => 'mail.rimuhosting.com',
> 'SASLMethod' => ''
> };
> [2011/07/12-02:22:24 - 31441] [CBPOLICYD] DEBUG: Got request, running
> modules...
> [2011/07/12-02:22:24 - 31441] [CBPOLICYD] DEBUG: Running module: Access
> Control Plugin
> [2011/07/12-02:22:24 - 31441] [CBPOLICYD] DEBUG: Done with modules
> [2011/07/12-02:22:26 - 32158] [CORE] INFO: 2011/07/12-02:22:26 CONNECT
> TCP Peer: "127.0.0.1:44367" Local: "127.0.0.1:10031"
> [2011/07/12-02:22:26 - 32158] [TRACKING] DEBUG: Protocol state is
> 'END-OF-MESSAGE', decoding policy...
> [2011/07/12-02:22:26 - 32158] [TRACKING] DEBUG: Decoded into: $VAR1 = {
> '[email protected]' => {
> '25' => [
> '7'
> ],
> '0' => [
> '1'
> ],
> '26' => [
> '8'
> ]
> }
> };
> [2011/07/12-02:22:26 - 32158] [TRACKING] DEBUG: Request translated into
> session data: $VAR1 = {
> 'SASLUsername' => '',
> 'QueueID' => '02F94604BD',
> 'RecipientData' => '/<[email protected]>#25=7;0=1;26=8;',
> 'EncryptionCipher' => '',
> 'Instance' => '14f.4e1bafe0.e9450.0',
> 'Size' => '2',
> 'EncryptionKeySize' => '0',
> 'ParsedClientAddress' => {
> 'Broadcast_Long' => 3464193541,
> 'Network' => '206.123.102.5',
> 'IP_Long' => 3464193541,
> 'Broadcast' => '206.123.102.5',
> 'IP' => '206.123.102.5',
> 'Mask_Long' => 4294967295,
> 'Network_Long' => 3464193541
> },
> 'ProtocolTransport' => 'Postfix',
> 'EncryptionProtocol' => '',
> 'Helo' => 'mail.rimuhosting.com',
> 'ClientAddress' => '206.123.102.5',
> 'ClientName' => 'mail.rimuhosting.com',
> 'Sender' => '[email protected]',
> 'SASLSender' => '',
> 'Timestamp' => 1310437346,
> 'ProtocolState' => 'END-OF-MESSAGE',
> '_Recipient_To_Policy' => {
> '[email protected]' => {
>
> '25' => [
>
> '7'
>
> ],
>
> '0' => [
>
> '1'
>
> ],
>
> '26' => [
>
> '8'
>
> ]
> }
> },
> 'Protocol' => 'ESMTP',
> 'ClientReverseName' => 'mail.rimuhosting.com',
> 'SASLMethod' => ''
> };
> [2011/07/12-02:22:26 - 32158] [CBPOLICYD] DEBUG: Got request, running
> modules...
> [2011/07/12-02:22:26 - 32158] [CBPOLICYD] DEBUG: Running module: Access
> Control Plugin
> [2011/07/12-02:22:26 - 32158] [CBPOLICYD] DEBUG: Running module:
> HELO/EHLO Check Plugin
> [2011/07/12-02:22:26 - 32158] [CBPOLICYD] DEBUG: Running module:
> Greylisting Plugin
> [2011/07/12-02:22:26 - 32158] [CBPOLICYD] DEBUG: Running module: Quotas
> Plugin
> [2011/07/12-02:22:26 - 32158] [CBPOLICYD] DEBUG: Done with modules
> [2011/07/12-02:23:06 - 31412] [CORE] INFO: Killing "1" children
> [2011/07/12-02:23:06 - 339] [CBPOLICYD] DEBUG: Shutting down caching
> engine (339)
Could you provide us with the following:
* results of a select * on the related policy tables
* sections configured for policyd in your postfix config
* policyd debugging config
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
