Ah i see. i use policyd from portage on gentoo v1.84 maybe in cluebringer the option has other name. check for acl in config, did you?
marko Am 05.07.2012 11:11, schrieb Manel Gimeno Zaragozá: >> Date: Thu, 5 Jul 2012 10:47:54 +0200 > >> From: [email protected] >> To: [email protected] >> Subject: Re: [policyd-users] policyd always rejects recipient >> >> >> Hello Manel, >> >> can u try this?: >> >> /etc/policyd.conf >> >> CONN_ACL="127.0.0.1 192.168.66.18/32" >> >> or >> >> CONN_ACL="127.0.0.1 192.168.66.18/24" >> >> does this work for you? >> >> marko > > I guess you mean you mean the file /etc/cluebringer.conf. > > I've try to add this, but nothing change. > > I'm still getting this in maillog: > > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: 127.0.0.1:10031: wanted > attribute: action > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: input attribute name: > action > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: input attribute value: > DEFER > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: 127.0.0.1:10031: wanted > attribute: (list terminator) > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: input attribute name: > (end) > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: check_table_result: > inet:127.0.0.1:10031 DEFER policy query > > Regards! > >> >> >> Am 05.07.2012 10:06, schrieb Manel Gimeno Zaragozá: >> > Hello, >> > >> > I've an instalation of policyd in my environment and I dont know > why >> > it is rejecting the email I try to send. I've not any policy or >> > access >> > control configured right now. >> > >> > Software: >> > Centos 6 >> > postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64 >> > postfix-2.6.6-2.2.el6_1.x86_64 >> > amavisd-new-2.6.4-2.el5.x86_64 >> > dspam-web-3.10.2-1.el6.x86_64 >> > dspam-mysql-3.10.2-1.el6.x86_64 >> > postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64 >> > dspam-3.10.2-1.el6.x86_64 >> > postfix-2.6.6-2.2.el6_1.x86_64 >> > amavisd-new-2.6.4-2.el5.x86_64 >> > dspam-libs-3.10.2-1.el6.x86_64 >> > >> > These are my logs: >> > >> > /var/log/maillog >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: >>> START Recipient >> > address RESTRICTIONS <<< >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: >> > name=reject_non_fqdn_sender >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: > reject_non_fqdn_address: >> > [email protected] >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: >> > name=reject_non_fqdn_sender status=0 >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: >> > name=reject_non_fqdn_recipient >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: > reject_non_fqdn_address: >> > [email protected] >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: >> > name=reject_non_fqdn_recipient status=0 >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: >> > name=check_policy_service >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: trying... [127.0.0.1] >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: auto_clnt_open: >> > connected >> > to 127.0.0.1:10031 >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr request = >> > smtpd_access_policy >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > protocol_state >> > = RCPT >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > protocol_name >> > = >> > ESMTP >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > client_address >> > = 192.168.66.18 >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr client_name > = >> > unknown >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> > reverse_client_name = unknown >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr helo_name = >> > [192.168.66.18] >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr sender = >> > [email protected] >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr recipient = >> > [email protected] >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> > recipient_count >> > = 0 >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr queue_id = >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr instance = >> > 1965.4ff548de.b5a6b.0 >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr size = 376 >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr etrn_domain > = >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr stress = >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr sasl_method > = >> > PLAIN >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > sasl_username >> > = >> > [email protected] >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr sasl_sender > = >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > ccert_subject >> > = >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr ccert_issuer > = >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> > ccert_fingerprint = >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> > encryption_protocol = >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> > encryption_cipher = >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> > encryption_keysize = 0 >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: 127.0.0.1:10031: > wanted >> > attribute: action >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute name: >> > action >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute value: >> > DEFER >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: 127.0.0.1:10031: > wanted >> > attribute: (list terminator) >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute name: >> > (end) >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: check_table_result: >> > inet:127.0.0.1:10031 DEFER policy query >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: NOQUEUE: reject: RCPT >> > from unknown[192.168.66.18]: 450 4.7.1 <[email protected]>: >> > Recipient address rejected: Access denied; > from=<[email protected]> >> > to=<[email protected]> proto=ESMTP helo=<[192.168.66.18]> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: >> > name=check_policy_service status=2 >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: > >> > unknown[192.168.66.18]: >> > 450 4.7.1 <[email protected]>: Recipient address rejected: > Access >> > denied >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: watchdog_pat: >> > 0x7f1e76c3b020 >> > >> > As you can see in the last 10 lines, it connects to policyd (port >> > 10031) and it looks like it gets a DEFER, but I have not > configured >> > any access control to do that. >> > >> > /var/log/cbpolicyd/cbpolicyd.log >> > [2012/07/05-09:57:18 - 5970] [CORE] INFO: Starting "1" children >> > [2012/07/05-09:57:18 - 6329] [CORE] INFO: 2012/07/05-09:57:18 >> > CONNECT >> > TCP Peer: "[::ffff:127.0.0.1]:51312" Local: >> > "[::ffff:127.0.0.1]:10031" >> > [2012/07/05-09:57:18 - 6329] [TRACKING] DEBUG: No session tracking >> > data exists for request: $VAR1 = { >> > 'ccert_fingerprint' => '', >> > 'sasl_method' => 'PLAIN', >> > 'sasl_sender' => '', >> > 'size' => 376, >> > '_timestamp' => 1341475038, >> > 'helo_name' => '[192.168.66.18]', >> > 'reverse_client_name' => 'unknown', >> > 'queue_id' => '', >> > 'encryption_cipher' => '', >> > 'encryption_protocol' => '', >> > 'etrn_domain' => '', >> > 'ccert_subject' => '', >> > 'request' => 'smtpd_access_policy', >> > 'protocol_state' => 'RCPT', >> > 'stress' => '', >> > '_peer_address' => '::ffff:127.0.0.1', >> > 'recipient' => '[email protected]', >> > 'sasl_username' => '[email protected]', >> > 'instance' => '1965.4ff548de.b5a6b.0', >> > 'protocol_name' => 'ESMTP', >> > 'encryption_keysize' => '0', >> > 'recipient_count' => '0', >> > 'ccert_issuer' => '', >> > 'sender' => '[email protected]', >> > 'client_name' => 'unknown', >> > 'client_address' => '192.168.66.18', >> > '_protocol_transport' => 'Postfix' >> > }; >> > [2012/07/05-09:57:18 - 6506] [CORE] DEBUG: Child Preforked (6506) >> > [2012/07/05-09:57:18 - 6329] [TRACKING] DEBUG: Added session >> > tracking >> > information for: $VAR1 = { >> > 'ccert_fingerprint' => '', >> > 'sasl_method' => 'PLAIN', >> > 'sasl_sender' => '', >> > 'size' => 376, >> > '_timestamp' => 1341475038, >> > 'helo_name' => '[192.168.66.18]', >> > 'reverse_client_name' => 'unknown', >> > 'queue_id' => '', >> > 'encryption_cipher' => '', >> > 'encryption_protocol' => '', >> > 'etrn_domain' => '', >> > 'ccert_subject' => '', >> > 'request' => 'smtpd_access_policy', >> > 'protocol_state' => 'RCPT', >> > 'stress' => '', >> > '_peer_address' => '::ffff:127.0.0.1', >> > 'recipient' => '[email protected]', >> > 'sasl_username' => '[email protected]', >> > 'instance' => '1965.4ff548de.b5a6b.0', >> > 'protocol_name' => 'ESMTP', >> > 'encryption_keysize' => '0', >> > 'recipient_count' => '0', >> > 'ccert_issuer' => '', >> > 'sender' => '[email protected]', >> > 'client_name' => 'unknown', >> > 'client_address' => '192.168.66.18', >> > '_protocol_transport' => 'Postfix' >> > }; >> > [2012/07/05-09:57:18 - 6506] [CBPOLICYD] DEBUG: Starting up > caching >> > engine >> > [2012/07/05-09:57:18 - 6329] [TRACKING] ERROR: Failed to > understand >> > PeerAddress: awitpt::netip::_clean_ip(441): IPv6 address component >> > '127.0.0.1' is invalid >> > [2012/07/05-09:57:18 - 6329] [CBPOLICYD:6329] DEBUG: Error getting >> > session data >> > [2012/07/05-09:57:48 - 5970] [CORE] INFO: Killing "1" children >> > [2012/07/05-09:57:48 - 6240] [CBPOLICYD] DEBUG: Caching engine: > hits >> > = 0, misses = 0 >> > [2012/07/05-09:57:48 - 6240] [CBPOLICYD] DEBUG: Shutting down >> > caching >> > engine (6240) >> > >> > Thanks & Regards >> > >> > Manel >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.policyd.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
