Hello Manel, can u try this?:
/etc/policyd.conf CONN_ACL="127.0.0.1 192.168.66.18/32" or CONN_ACL="127.0.0.1 192.168.66.18/24" does this work for you? marko Am 05.07.2012 10:06, schrieb Manel Gimeno Zaragozá: > Hello, > > I've an instalation of policyd in my environment and I dont know why > it is rejecting the email I try to send. I've not any policy or > access > control configured right now. > > Software: > Centos 6 > postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64 > postfix-2.6.6-2.2.el6_1.x86_64 > amavisd-new-2.6.4-2.el5.x86_64 > dspam-web-3.10.2-1.el6.x86_64 > dspam-mysql-3.10.2-1.el6.x86_64 > postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64 > dspam-3.10.2-1.el6.x86_64 > postfix-2.6.6-2.2.el6_1.x86_64 > amavisd-new-2.6.4-2.el5.x86_64 > dspam-libs-3.10.2-1.el6.x86_64 > > These are my logs: > > /var/log/maillog > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: >>> START Recipient > address RESTRICTIONS <<< > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: > name=reject_non_fqdn_sender > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: reject_non_fqdn_address: > [email protected] > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: > name=reject_non_fqdn_sender status=0 > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: > name=reject_non_fqdn_recipient > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: reject_non_fqdn_address: > [email protected] > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: > name=reject_non_fqdn_recipient status=0 > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: > name=check_policy_service > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: trying... [127.0.0.1] > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: auto_clnt_open: > connected > to 127.0.0.1:10031 > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr request = > smtpd_access_policy > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr protocol_state > = RCPT > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr protocol_name > = > ESMTP > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr client_address > = 192.168.66.18 > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr client_name = > unknown > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > reverse_client_name = unknown > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr helo_name = > [192.168.66.18] > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr sender = > [email protected] > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr recipient = > [email protected] > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > recipient_count > = 0 > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr queue_id = > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr instance = > 1965.4ff548de.b5a6b.0 > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr size = 376 > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr etrn_domain = > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr stress = > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr sasl_method = > PLAIN > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr sasl_username > = > [email protected] > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr sasl_sender = > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr ccert_subject > = > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr ccert_issuer = > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > ccert_fingerprint = > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > encryption_protocol = > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > encryption_cipher = > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > encryption_keysize = 0 > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: 127.0.0.1:10031: wanted > attribute: action > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute name: > action > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute value: > DEFER > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: 127.0.0.1:10031: wanted > attribute: (list terminator) > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute name: > (end) > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: check_table_result: > inet:127.0.0.1:10031 DEFER policy query > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: NOQUEUE: reject: RCPT > from unknown[192.168.66.18]: 450 4.7.1 <[email protected]>: > Recipient address rejected: Access denied; from=<[email protected]> > to=<[email protected]> proto=ESMTP helo=<[192.168.66.18]> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: > name=check_policy_service status=2 > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: > > unknown[192.168.66.18]: > 450 4.7.1 <[email protected]>: Recipient address rejected: Access > denied > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: watchdog_pat: > 0x7f1e76c3b020 > > As you can see in the last 10 lines, it connects to policyd (port > 10031) and it looks like it gets a DEFER, but I have not configured > any access control to do that. > > /var/log/cbpolicyd/cbpolicyd.log > [2012/07/05-09:57:18 - 5970] [CORE] INFO: Starting "1" children > [2012/07/05-09:57:18 - 6329] [CORE] INFO: 2012/07/05-09:57:18 > CONNECT > TCP Peer: "[::ffff:127.0.0.1]:51312" Local: > "[::ffff:127.0.0.1]:10031" > [2012/07/05-09:57:18 - 6329] [TRACKING] DEBUG: No session tracking > data exists for request: $VAR1 = { > 'ccert_fingerprint' => '', > 'sasl_method' => 'PLAIN', > 'sasl_sender' => '', > 'size' => 376, > '_timestamp' => 1341475038, > 'helo_name' => '[192.168.66.18]', > 'reverse_client_name' => 'unknown', > 'queue_id' => '', > 'encryption_cipher' => '', > 'encryption_protocol' => '', > 'etrn_domain' => '', > 'ccert_subject' => '', > 'request' => 'smtpd_access_policy', > 'protocol_state' => 'RCPT', > 'stress' => '', > '_peer_address' => '::ffff:127.0.0.1', > 'recipient' => '[email protected]', > 'sasl_username' => '[email protected]', > 'instance' => '1965.4ff548de.b5a6b.0', > 'protocol_name' => 'ESMTP', > 'encryption_keysize' => '0', > 'recipient_count' => '0', > 'ccert_issuer' => '', > 'sender' => '[email protected]', > 'client_name' => 'unknown', > 'client_address' => '192.168.66.18', > '_protocol_transport' => 'Postfix' > }; > [2012/07/05-09:57:18 - 6506] [CORE] DEBUG: Child Preforked (6506) > [2012/07/05-09:57:18 - 6329] [TRACKING] DEBUG: Added session > tracking > information for: $VAR1 = { > 'ccert_fingerprint' => '', > 'sasl_method' => 'PLAIN', > 'sasl_sender' => '', > 'size' => 376, > '_timestamp' => 1341475038, > 'helo_name' => '[192.168.66.18]', > 'reverse_client_name' => 'unknown', > 'queue_id' => '', > 'encryption_cipher' => '', > 'encryption_protocol' => '', > 'etrn_domain' => '', > 'ccert_subject' => '', > 'request' => 'smtpd_access_policy', > 'protocol_state' => 'RCPT', > 'stress' => '', > '_peer_address' => '::ffff:127.0.0.1', > 'recipient' => '[email protected]', > 'sasl_username' => '[email protected]', > 'instance' => '1965.4ff548de.b5a6b.0', > 'protocol_name' => 'ESMTP', > 'encryption_keysize' => '0', > 'recipient_count' => '0', > 'ccert_issuer' => '', > 'sender' => '[email protected]', > 'client_name' => 'unknown', > 'client_address' => '192.168.66.18', > '_protocol_transport' => 'Postfix' > }; > [2012/07/05-09:57:18 - 6506] [CBPOLICYD] DEBUG: Starting up caching > engine > [2012/07/05-09:57:18 - 6329] [TRACKING] ERROR: Failed to understand > PeerAddress: awitpt::netip::_clean_ip(441): IPv6 address component > '127.0.0.1' is invalid > [2012/07/05-09:57:18 - 6329] [CBPOLICYD:6329] DEBUG: Error getting > session data > [2012/07/05-09:57:48 - 5970] [CORE] INFO: Killing "1" children > [2012/07/05-09:57:48 - 6240] [CBPOLICYD] DEBUG: Caching engine: hits > = 0, misses = 0 > [2012/07/05-09:57:48 - 6240] [CBPOLICYD] DEBUG: Shutting down > caching > engine (6240) > > Thanks & Regards > > Manel _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
