Hello,
I've an instalation of policyd in my environment and I dont know why it is
rejecting the email I try to send. I've not any policy or access control
configured right now.
Software:
Centos 6
postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64
postfix-2.6.6-2.2.el6_1.x86_64
amavisd-new-2.6.4-2.el5.x86_64
dspam-web-3.10.2-1.el6.x86_64
dspam-mysql-3.10.2-1.el6.x86_64
postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64
dspam-3.10.2-1.el6.x86_64
postfix-2.6.6-2.2.el6_1.x86_64
amavisd-new-2.6.4-2.el5.x86_64
dspam-libs-3.10.2-1.el6.x86_64
These are my logs:
/var/log/maillog
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: >>> START Recipient address
RESTRICTIONS <<<
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks:
name=reject_non_fqdn_sender
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: reject_non_fqdn_address:
[email protected]
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks:
name=reject_non_fqdn_sender status=0
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks:
name=reject_non_fqdn_recipient
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: reject_non_fqdn_address:
[email protected]
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks:
name=reject_non_fqdn_recipient status=0
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks:
name=check_policy_service
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: trying... [127.0.0.1]
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: auto_clnt_open: connected to
127.0.0.1:10031
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr request =
smtpd_access_policy
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr protocol_state = RCPT
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr protocol_name = ESMTP
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr client_address =
192.168.66.18
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr client_name = unknown
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr reverse_client_name
= unknown
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr helo_name =
[192.168.66.18]
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr sender =
[email protected]
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr recipient =
[email protected]
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr recipient_count = 0
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr queue_id =
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr instance =
1965.4ff548de.b5a6b.0
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr size = 376
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr etrn_domain =
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr stress =
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr sasl_method = PLAIN
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr sasl_username =
[email protected]
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr sasl_sender =
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr ccert_subject =
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr ccert_issuer =
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr ccert_fingerprint =
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr encryption_protocol =
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr encryption_cipher =
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr encryption_keysize = 0
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: 127.0.0.1:10031: wanted
attribute: action
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute name: action
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute value: DEFER
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: 127.0.0.1:10031: wanted
attribute: (list terminator)
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute name: (end)
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: check_table_result:
inet:127.0.0.1:10031 DEFER policy query
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: NOQUEUE: reject: RCPT from
unknown[192.168.66.18]: 450 4.7.1 <[email protected]>: Recipient address
rejected: Access denied; from=<[email protected]> to=<[email protected]>
proto=ESMTP helo=<[192.168.66.18]>
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks:
name=check_policy_service status=2
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: > unknown[192.168.66.18]: 450
4.7.1 <[email protected]>: Recipient address rejected: Access denied
Jul 5 09:57:18 mx-test postfix/smtpd[6501]: watchdog_pat: 0x7f1e76c3b020
As you can see in the last 10 lines, it connects to policyd (port 10031) and it
looks like it gets a DEFER, but I have not configured any access control to do
that.
/var/log/cbpolicyd/cbpolicyd.log
[2012/07/05-09:57:18 - 5970] [CORE] INFO: Starting "1" children
[2012/07/05-09:57:18 - 6329] [CORE] INFO: 2012/07/05-09:57:18 CONNECT TCP
Peer: "[::ffff:127.0.0.1]:51312" Local: "[::ffff:127.0.0.1]:10031"
[2012/07/05-09:57:18 - 6329] [TRACKING] DEBUG: No session tracking data
exists for request: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => 'PLAIN',
'sasl_sender' => '',
'size' => 376,
'_timestamp' => 1341475038,
'helo_name' => '[192.168.66.18]',
'reverse_client_name' => 'unknown',
'queue_id' => '',
'encryption_cipher' => '',
'encryption_protocol' => '',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'RCPT',
'stress' => '',
'_peer_address' => '::ffff:127.0.0.1',
'recipient' => '[email protected]',
'sasl_username' => '[email protected]',
'instance' => '1965.4ff548de.b5a6b.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '0',
'recipient_count' => '0',
'ccert_issuer' => '',
'sender' => '[email protected]',
'client_name' => 'unknown',
'client_address' => '192.168.66.18',
'_protocol_transport' => 'Postfix'
};
[2012/07/05-09:57:18 - 6506] [CORE] DEBUG: Child Preforked (6506)
[2012/07/05-09:57:18 - 6329] [TRACKING] DEBUG: Added session tracking
information for: $VAR1 = {
'ccert_fingerprint' => '',
'sasl_method' => 'PLAIN',
'sasl_sender' => '',
'size' => 376,
'_timestamp' => 1341475038,
'helo_name' => '[192.168.66.18]',
'reverse_client_name' => 'unknown',
'queue_id' => '',
'encryption_cipher' => '',
'encryption_protocol' => '',
'etrn_domain' => '',
'ccert_subject' => '',
'request' => 'smtpd_access_policy',
'protocol_state' => 'RCPT',
'stress' => '',
'_peer_address' => '::ffff:127.0.0.1',
'recipient' => '[email protected]',
'sasl_username' => '[email protected]',
'instance' => '1965.4ff548de.b5a6b.0',
'protocol_name' => 'ESMTP',
'encryption_keysize' => '0',
'recipient_count' => '0',
'ccert_issuer' => '',
'sender' => '[email protected]',
'client_name' => 'unknown',
'client_address' => '192.168.66.18',
'_protocol_transport' => 'Postfix'
};
[2012/07/05-09:57:18 - 6506] [CBPOLICYD] DEBUG: Starting up caching engine
[2012/07/05-09:57:18 - 6329] [TRACKING] ERROR: Failed to understand
PeerAddress: awitpt::netip::_clean_ip(441): IPv6 address component '127.0.0.1'
is invalid
[2012/07/05-09:57:18 - 6329] [CBPOLICYD:6329] DEBUG: Error getting session
data
[2012/07/05-09:57:48 - 5970] [CORE] INFO: Killing "1" children
[2012/07/05-09:57:48 - 6240] [CBPOLICYD] DEBUG: Caching engine: hits = 0,
misses = 0
[2012/07/05-09:57:48 - 6240] [CBPOLICYD] DEBUG: Shutting down caching
engine (6240)
Thanks & Regards
Manel
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
