I'm already in debug mode ! I didn't forget all the advices I received ;-) I tried to set "cidr_allow" (cluebringer.conf) and now I get a new error :
Postfix : Aug 29 11:01:58 testing-puppet postfix/smtpd[31258]: connect from unknown[192.168.170.85] Aug 29 11:01:59 testing-puppet postfix/smtpd[31258]: warning: problem talking to server 127.0.0.1:10031: Connection reset by peer Aug 29 11:01:59 testing-puppet postfix/smtpd[31258]: NOQUEUE: reject: RCPT from unknown[192.168.170.85]: 451 4.3.5 Server configuration problem; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[192.168.170.85]> Aug 29 11:02:01 testing-puppet postfix/smtpd[31258]: disconnect from unknown[192.168.170.85] Cluebringer : [2011/08/29-11:01:58 - 30629] [CORE] INFO: Starting "1" children [2011/08/29-11:01:58 - 30651] [CORE] INFO: 2011/08/29-11:01:58 CONNECT TCP Peer: "127.0.0.1:45453" Local: "127.0.0.1:10031" [2011/08/29-11:01:58 - 31262] [CORE] DEBUG: Child Preforked (31262) [2011/08/29-11:01:58 - 31262] [CBPOLICYD] DEBUG: Starting up caching engine [2011/08/29-11:01:59 - 30853] [CORE] INFO: 2011/08/29-11:01:59 CONNECT TCP Peer: "127.0.0.1:45455" Local: "127.0.0.1:10031" [2011/08/29-11:02:29 - 30629] [CORE] INFO: Killing "1" children [2011/08/29-11:02:29 - 30653] [CBPOLICYD] DEBUG: Shutting down caching engine (30653) It seems that I made something wrong in my conf file but I don't know what. There is my main.cf : debug_peer_level = 2 smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = testing-puppet.net4all.ch alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = testing-puppet.net4all.ch, localhost.net4all.ch, , localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.170.0/24 192.168.254.0/24 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all #policyd rules smtpd_sender_restrictions = check_policy_service inet:127.0.0.1:10031 defer smtpd_recipient_restrictions = check_policy_service inet:192.186.254.242:10031 defer smtpd_end_of_data_restrictions = check_policy_service inet:192.168.254.242:10031 defer And my cluebringer.conf : # #server configuration # [server] # Protocols to load protocols=<<EOT Postfix #Bizanga EOT # Modules to load modules=<<EOT Core AccessControl #Accounting #Amavis CheckHelo CheckSPF Greylisting Quotas EOT # User to run this daemon as user=policyd group=policyd # Filename to store pid of parent process #pid_file=/var/run/cbpolicyd.pid # Uncommenting the below option will prevent cbpolicyd going into the background #background=no # Preforking configuration # # min_server - Minimum servers to keep around # min_spare_servers - Minimum spare servers to keep around ready to # handle requests # max_spare_servers - Maximum spare servers to have around doing nothing # max_servers - Maximum servers alltogether # max_requests - Maximum number of requests each child will serve # # One may want to use the following as a rough guideline... # Small mailserver: 2, 2, 4, 10, 1000 # Medium mailserver: 4, 4, 12, 25, 1000 # Large mailserver: 8, 8, 16, 64, 1000 # #min_servers=4 #min_spare_servers=4 #max_spare_servers=12 #max_servers=25 #max_requests=1000 # Log level: # 0 - Errors only # 1 - Warnings and errors # 2 - Notices, warnings, errors # 3 - Info, notices, warnings, errors # 4 - Debugging log_level=4 # File to log to instead of stdout #log_file=/var/log/cbpolicyd.log # Log destination for mail logs... # main - Default. Log to policyd's main log mechanism, accepts NO args # syslog - log mail via syslog # format: log_mail=facility@method,args # # Valid methods for syslog: # native - Let Sys::Syslog decide # unix - Unix socket # udp - UDP socket # stream - Stream (for Solaris) # # Example: unix native #log_mail=mail@syslog:native # # Example: unix socket #log_mail=mail@syslog:unix # # Example: udp #log_mail=mail@syslog:udp,127.0.0.1 # # Example: Solaris #log_mail=local0@syslog:stream,/dev/log log_mail=maillog # Things to log in extreme detail # modules - Log detailed module running information # tracking - Log detailed tracking information # policies - Log policy resolution # protocols - Log general protocol info, but detailed # bizanga - Log the bizanga protocol # cache - Log cache usage on client shutdown # # There is no default for this configuration option. Options can be # separated by commas. ie. protocols,modules # #log_detail=tracking,policies # Protocol to use "tcp" or "unix", defaults to "tcp" #proto=tcp # IP to listen on, * for all. Blank for unix sockets #host=* # Port to run on, in the case of a unix socket it would be the path # eg. 10031 # eg. /var/run/cbpolicyd/policyd.sock #port=10031 # Timeout in communication with clients, defaults to 120s #timeout=120 # cidr_allow/cidr_deny # Comma, whitespace or semi-colon separated. Contains a CIDR block to # compare the clients IP to. If cidr_allow or cidr_deny options are # given, the incoming client must match a cidr_allow and not match a # cidr_deny or the client connection will be closed. #cidr_allow=0.0.0.0/0 #cidr_deny= cidr_allow=192.168.170.0/24 [database] #DSN=DBI:SQLite:dbname=policyd.sqlite DSN=DBI:mysql:database=policyd;host=127.0.0.1:3306 Username=policyd2 Password=postfix # # What do we do when we have a database connection problem # tempfail - Return temporary failure # pass - Return success bypass_mode=pass # How many seconds before we retry a DB connection bypass_timeout=30 # Table prefix to use, be sure to generate the schema with the table # prefix aswell! #table_prefix= # Access Control module [AccessControl] enable=0 # Accounting module [Accounting] enable=0 # Amavis module [Amavis] enable=0 # Disabled by default # CheckHelo module [CheckHelo] enable=0 # CheckSPF module [CheckSPF] enable=0 # Greylisting module [Greylisting] enable=0 #training_mode=1 #defer_message=Greylisting in effect, please come back later #blacklist_message=Greylisting in effect, sending server blacklisted # Quotas module [Quotas] enable=1 2011/8/29 Simon Hobson <[email protected]>: > Roland Vogt wrote: >>I fix that, but I can't send any mail. >> >>If I check the log, I get : >> >>RCPT from unknown[192.168.170.85]: 450 4.3.2 <[email protected]>: >>Sender address rejected: Try again later; from=<[email protected]> >>to=<[email protected]> proto=ESMTP helo=<[192.168.170.85]> >> >>But I think I have correctly set my policies. I use the Quota module. >>The policy used is "Default Outbound" the limits are 10 for >>MessageCount and 8000 for MessageCumulativeSize. Track is >>Sender:user@domain, Period = 3600 and Verdict is Defer. >> >>Any idea ? > > First idea is that when people give you hints, you try to remember them ! > You've already been told that the clue is in the logs. This time we > know that Postfix is correctly calling Cluebringer, now we need to > know what it's doing when asked to pass opinion on a message. > > So what does Cluebringer log when called ? As already mentioned, you > will need to turn up debugging on that as well as the default is > fairly uninformative. > > As well as actually posting the log entries, it's also worth taking > some time to look through them and try to figure out what they are > telling you. Very often, the answer is right there in front of you. > Granted, with verbose logging it may be a large forest and only a > tiny tree to find :( > > -- > Simon Hobson > > Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed > author Gladys Hobson. Novels - poetry - short stories - ideal as > Christmas stocking fillers. Some available as e-books. > _______________________________________________ > Users mailing list > [email protected] > http://lists.policyd.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
