Manel, so try out
cidr_allow=127.0.0.0/8 192.168.66/24 cidr_deny= does it work? Am 05.07.2012 11:36, schrieb Manel Gimeno Zaragozá: >> Date: Thu, 5 Jul 2012 11:20:26 +0200 >> From: [email protected] >> To: [email protected] >> Subject: Re: [policyd-users] policyd always rejects recipient >> >> >> Ah i see. >> i use policyd from portage on gentoo v1.84 >> maybe in cluebringer the option has other name. >> check for acl in config, did you? >> >> marko > > I've check cluebringer.conf documentation > (http://wiki.policyd.org/cluebringer.conf) and I've not seen any > option to ACL just: > > cidr_allow=0.0.0.0/0 > cidr_deny= > > But I'm not sure about this utility. Anyway, nothing has change. > Still > rejecting recipients. > do you need any extra logs? > > regards and thanks for your support. > > Manel > >> >> Am 05.07.2012 11:11, schrieb Manel Gimeno Zaragozá: >> >> Date: Thu, 5 Jul 2012 10:47:54 +0200 >> > >> >> From: [email protected] >> >> To: [email protected] >> >> Subject: Re: [policyd-users] policyd always rejects recipient >> >> >> >> >> >> Hello Manel, >> >> >> >> can u try this?: >> >> >> >> /etc/policyd.conf >> >> >> >> CONN_ACL="127.0.0.1 192.168.66.18/32" >> >> >> >> or >> >> >> >> CONN_ACL="127.0.0.1 192.168.66.18/24" >> >> >> >> does this work for you? >> >> >> >> marko >> > >> > I guess you mean you mean the file /etc/cluebringer.conf. >> > >> > I've try to add this, but nothing change. >> > >> > I'm still getting this in maillog: >> > >> > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: 127.0.0.1:10031: > wanted >> > attribute: action >> > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: input attribute name: >> > action >> > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: input attribute value: >> > DEFER >> > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: 127.0.0.1:10031: > wanted >> > attribute: (list terminator) >> > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: input attribute name: >> > (end) >> > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: check_table_result: >> > inet:127.0.0.1:10031 DEFER policy query >> > >> > Regards! >> > >> >> >> >> >> >> Am 05.07.2012 10:06, schrieb Manel Gimeno Zaragozá: >> >> > Hello, >> >> > >> >> > I've an instalation of policyd in my environment and I dont > know >> > why >> >> > it is rejecting the email I try to send. I've not any policy or >> >> > access >> >> > control configured right now. >> >> > >> >> > Software: >> >> > Centos 6 >> >> > postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64 >> >> > postfix-2.6.6-2.2.el6_1.x86_64 >> >> > amavisd-new-2.6.4-2.el5.x86_64 >> >> > dspam-web-3.10.2-1.el6.x86_64 >> >> > dspam-mysql-3.10.2-1.el6.x86_64 >> >> > postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64 >> >> > dspam-3.10.2-1.el6.x86_64 >> >> > postfix-2.6.6-2.2.el6_1.x86_64 >> >> > amavisd-new-2.6.4-2.el5.x86_64 >> >> > dspam-libs-3.10.2-1.el6.x86_64 >> >> > >> >> > These are my logs: >> >> > >> >> > /var/log/maillog >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: >>> START Recipient >> >> > address RESTRICTIONS <<< >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: >> >> > name=reject_non_fqdn_sender >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: >> > reject_non_fqdn_address: >> >> > [email protected] >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: >> >> > name=reject_non_fqdn_sender status=0 >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: >> >> > name=reject_non_fqdn_recipient >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: >> > reject_non_fqdn_address: >> >> > [email protected] >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: >> >> > name=reject_non_fqdn_recipient status=0 >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: >> >> > name=check_policy_service >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: trying... > [127.0.0.1] >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: auto_clnt_open: >> >> > connected >> >> > to 127.0.0.1:10031 >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr request = >> >> > smtpd_access_policy >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> > protocol_state >> >> > = RCPT >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> > protocol_name >> >> > = >> >> > ESMTP >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> > client_address >> >> > = 192.168.66.18 >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > client_name >> > = >> >> > unknown >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> >> > reverse_client_name = unknown >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr helo_name > = >> >> > [192.168.66.18] >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr sender = >> >> > [email protected] >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr recipient > = >> >> > [email protected] >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> >> > recipient_count >> >> > = 0 >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr queue_id > = >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr instance > = >> >> > 1965.4ff548de.b5a6b.0 >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr size = > 376 >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > etrn_domain >> > = >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr stress = >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > sasl_method >> > = >> >> > PLAIN >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> > sasl_username >> >> > = >> >> > [email protected] >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > sasl_sender >> > = >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> > ccert_subject >> >> > = >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > ccert_issuer >> > = >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> >> > ccert_fingerprint = >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> >> > encryption_protocol = >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> >> > encryption_cipher = >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr >> >> > encryption_keysize = 0 >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: 127.0.0.1:10031: >> > wanted >> >> > attribute: action >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute > name: >> >> > action >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute > value: >> >> > DEFER >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: 127.0.0.1:10031: >> > wanted >> >> > attribute: (list terminator) >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute > name: >> >> > (end) >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: check_table_result: >> >> > inet:127.0.0.1:10031 DEFER policy query >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: NOQUEUE: reject: > RCPT >> >> > from unknown[192.168.66.18]: 450 4.7.1 <[email protected]>: >> >> > Recipient address rejected: Access denied; >> > from=<[email protected]> >> >> > to=<[email protected]> proto=ESMTP helo=<[192.168.66.18]> >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: >> >> > name=check_policy_service status=2 >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: > >> >> > unknown[192.168.66.18]: >> >> > 450 4.7.1 <[email protected]>: Recipient address rejected: >> > Access >> >> > denied >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: watchdog_pat: >> >> > 0x7f1e76c3b020 >> >> > >> >> > As you can see in the last 10 lines, it connects to policyd > (port >> >> > 10031) and it looks like it gets a DEFER, but I have not >> > configured >> >> > any access control to do that. >> >> > >> >> > /var/log/cbpolicyd/cbpolicyd.log >> >> > [2012/07/05-09:57:18 - 5970] [CORE] INFO: Starting "1" children >> >> > [2012/07/05-09:57:18 - 6329] [CORE] INFO: 2012/07/05-09:57:18 >> >> > CONNECT >> >> > TCP Peer: "[::ffff:127.0.0.1]:51312" Local: >> >> > "[::ffff:127.0.0.1]:10031" >> >> > [2012/07/05-09:57:18 - 6329] [TRACKING] DEBUG: No session > tracking >> >> > data exists for request: $VAR1 = { >> >> > 'ccert_fingerprint' => '', >> >> > 'sasl_method' => 'PLAIN', >> >> > 'sasl_sender' => '', >> >> > 'size' => 376, >> >> > '_timestamp' => 1341475038, >> >> > 'helo_name' => '[192.168.66.18]', >> >> > 'reverse_client_name' => 'unknown', >> >> > 'queue_id' => '', >> >> > 'encryption_cipher' => '', >> >> > 'encryption_protocol' => '', >> >> > 'etrn_domain' => '', >> >> > 'ccert_subject' => '', >> >> > 'request' => 'smtpd_access_policy', >> >> > 'protocol_state' => 'RCPT', >> >> > 'stress' => '', >> >> > '_peer_address' => '::ffff:127.0.0.1', >> >> > 'recipient' => '[email protected]', >> >> > 'sasl_username' => '[email protected]', >> >> > 'instance' => '1965.4ff548de.b5a6b.0', >> >> > 'protocol_name' => 'ESMTP', >> >> > 'encryption_keysize' => '0', >> >> > 'recipient_count' => '0', >> >> > 'ccert_issuer' => '', >> >> > 'sender' => '[email protected]', >> >> > 'client_name' => 'unknown', >> >> > 'client_address' => '192.168.66.18', >> >> > '_protocol_transport' => 'Postfix' >> >> > }; >> >> > [2012/07/05-09:57:18 - 6506] [CORE] DEBUG: Child Preforked > (6506) >> >> > [2012/07/05-09:57:18 - 6329] [TRACKING] DEBUG: Added session >> >> > tracking >> >> > information for: $VAR1 = { >> >> > 'ccert_fingerprint' => '', >> >> > 'sasl_method' => 'PLAIN', >> >> > 'sasl_sender' => '', >> >> > 'size' => 376, >> >> > '_timestamp' => 1341475038, >> >> > 'helo_name' => '[192.168.66.18]', >> >> > 'reverse_client_name' => 'unknown', >> >> > 'queue_id' => '', >> >> > 'encryption_cipher' => '', >> >> > 'encryption_protocol' => '', >> >> > 'etrn_domain' => '', >> >> > 'ccert_subject' => '', >> >> > 'request' => 'smtpd_access_policy', >> >> > 'protocol_state' => 'RCPT', >> >> > 'stress' => '', >> >> > '_peer_address' => '::ffff:127.0.0.1', >> >> > 'recipient' => '[email protected]', >> >> > 'sasl_username' => '[email protected]', >> >> > 'instance' => '1965.4ff548de.b5a6b.0', >> >> > 'protocol_name' => 'ESMTP', >> >> > 'encryption_keysize' => '0', >> >> > 'recipient_count' => '0', >> >> > 'ccert_issuer' => '', >> >> > 'sender' => '[email protected]', >> >> > 'client_name' => 'unknown', >> >> > 'client_address' => '192.168.66.18', >> >> > '_protocol_transport' => 'Postfix' >> >> > }; >> >> > [2012/07/05-09:57:18 - 6506] [CBPOLICYD] DEBUG: Starting up >> > caching >> >> > engine >> >> > [2012/07/05-09:57:18 - 6329] [TRACKING] ERROR: Failed to >> > understand >> >> > PeerAddress: awitpt::netip::_clean_ip(441): IPv6 address > component >> >> > '127.0.0.1' is invalid >> >> > [2012/07/05-09:57:18 - 6329] [CBPOLICYD:6329] DEBUG: Error > getting >> >> > session data >> >> > [2012/07/05-09:57:48 - 5970] [CORE] INFO: Killing "1" children >> >> > [2012/07/05-09:57:48 - 6240] [CBPOLICYD] DEBUG: Caching engine: >> > hits >> >> > = 0, misses = 0 >> >> > [2012/07/05-09:57:48 - 6240] [CBPOLICYD] DEBUG: Shutting down >> >> > caching >> >> > engine (6240) >> >> > >> >> > Thanks & Regards >> >> > >> >> > Manel >> >> >> >> _______________________________________________ >> >> Users mailing list >> >> [email protected] >> >> http://lists.policyd.org/mailman/listinfo/users >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.policyd.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
