Hello, after some test, I'm not able to find the cause of this problem.
I've created another virtual machine (HOST_B) with exactly the same configuration (postfix, mysql) and it works perfectly. Once I had this one running I've modify the configuration of "HOST_A" to point the BBDD to the new one in "HOST_B" and the problem remains in "HOST_A". So I can conclude that it is not a BBDD issue. On the other hand, postfix has exactly the same configuracion, with any modification. So I can not find where the problem comes from. Any help? I will apreciate it!! Thanks! Manel Gimeno Zaragoza [email protected] From: [email protected] To: [email protected] Date: Fri, 6 Jul 2012 08:24:41 +0200 Subject: Re: [policyd-users] policyd always rejects recipient > Date: Thu, 5 Jul 2012 14:40:03 +0200 > From: [email protected] > To: [email protected] > Subject: Re: [policyd-users] policyd always rejects recipient > > > Manel, > > so try out > > cidr_allow=127.0.0.0/8 192.168.66/24 > cidr_deny= > > does it work? No, it does not! I've checked this yesterday. Anyway, policyd was workign all right during a month, but I was cheking how the webui add records in the database for each restriction (Acces control, ehlo, greylistin, accounting, quotas), and after check the record in database, I deleted all the entries (via webui). Now I do not have any entry in policyd. I'm really desesperate because it was a test enironment but was schedule to goes to production soon, and after this issue I doubt about it. I don't know were to look. I hope some one can help me on this. If you need more logs or whatever, do not hesitate to ask me. Thanks for your support. Regards. > Am 05.07.2012 11:36, schrieb Manel Gimeno Zaragozá: > >> Date: Thu, 5 Jul 2012 11:20:26 +0200 > >> From: [email protected] > >> To: [email protected] > >> Subject: Re: [policyd-users] policyd always rejects recipient > >> > >> > >> Ah i see. > >> i use policyd from portage on gentoo v1.84 > >> maybe in cluebringer the option has other name. > >> check for acl in config, did you? > >> > >> marko > > > > I've check cluebringer.conf documentation > > (http://wiki.policyd.org/cluebringer.conf) and I've not seen any > > option to ACL just: > > > > cidr_allow=0.0.0.0/0 > > cidr_deny= > > > > But I'm not sure about this utility. Anyway, nothing has change. > > Still > > rejecting recipients. > > do you need any extra logs? > > > > regards and thanks for your support. > > > > Manel > > > >> > >> Am 05.07.2012 11:11, schrieb Manel Gimeno Zaragozá: > >> >> Date: Thu, 5 Jul 2012 10:47:54 +0200 > >> > > >> >> From: [email protected] > >> >> To: [email protected] > >> >> Subject: Re: [policyd-users] policyd always rejects recipient > >> >> > >> >> > >> >> Hello Manel, > >> >> > >> >> can u try this?: > >> >> > >> >> /etc/policyd.conf > >> >> > >> >> CONN_ACL="127.0.0.1 192.168.66.18/32" > >> >> > >> >> or > >> >> > >> >> CONN_ACL="127.0.0.1 192.168.66.18/24" > >> >> > >> >> does this work for you? > >> >> > >> >> marko > >> > > >> > I guess you mean you mean the file /etc/cluebringer.conf. > >> > > >> > I've try to add this, but nothing change. > >> > > >> > I'm still getting this in maillog: > >> > > >> > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: 127.0.0.1:10031: > > wanted > >> > attribute: action > >> > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: input attribute name: > >> > action > >> > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: input attribute value: > >> > DEFER > >> > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: 127.0.0.1:10031: > > wanted > >> > attribute: (list terminator) > >> > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: input attribute name: > >> > (end) > >> > Jul 5 11:07:59 mx-test postfix/smtpd[6977]: check_table_result: > >> > inet:127.0.0.1:10031 DEFER policy query > >> > > >> > Regards! > >> > > >> >> > >> >> > >> >> Am 05.07.2012 10:06, schrieb Manel Gimeno Zaragozá: > >> >> > Hello, > >> >> > > >> >> > I've an instalation of policyd in my environment and I dont > > know > >> > why > >> >> > it is rejecting the email I try to send. I've not any policy or > >> >> > access > >> >> > control configured right now. > >> >> > > >> >> > Software: > >> >> > Centos 6 > >> >> > postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64 > >> >> > postfix-2.6.6-2.2.el6_1.x86_64 > >> >> > amavisd-new-2.6.4-2.el5.x86_64 > >> >> > dspam-web-3.10.2-1.el6.x86_64 > >> >> > dspam-mysql-3.10.2-1.el6.x86_64 > >> >> > postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64 > >> >> > dspam-3.10.2-1.el6.x86_64 > >> >> > postfix-2.6.6-2.2.el6_1.x86_64 > >> >> > amavisd-new-2.6.4-2.el5.x86_64 > >> >> > dspam-libs-3.10.2-1.el6.x86_64 > >> >> > > >> >> > These are my logs: > >> >> > > >> >> > /var/log/maillog > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: >>> START Recipient > >> >> > address RESTRICTIONS <<< > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: > >> >> > name=reject_non_fqdn_sender > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: > >> > reject_non_fqdn_address: > >> >> > [email protected] > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: > >> >> > name=reject_non_fqdn_sender status=0 > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: > >> >> > name=reject_non_fqdn_recipient > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: > >> > reject_non_fqdn_address: > >> >> > [email protected] > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: > >> >> > name=reject_non_fqdn_recipient status=0 > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: > >> >> > name=check_policy_service > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: trying... > > [127.0.0.1] > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: auto_clnt_open: > >> >> > connected > >> >> > to 127.0.0.1:10031 > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr request = > >> >> > smtpd_access_policy > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > >> > protocol_state > >> >> > = RCPT > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > >> > protocol_name > >> >> > = > >> >> > ESMTP > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > >> > client_address > >> >> > = 192.168.66.18 > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > > client_name > >> > = > >> >> > unknown > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > >> >> > reverse_client_name = unknown > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr helo_name > > = > >> >> > [192.168.66.18] > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr sender = > >> >> > [email protected] > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr recipient > > = > >> >> > [email protected] > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > >> >> > recipient_count > >> >> > = 0 > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr queue_id > > = > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr instance > > = > >> >> > 1965.4ff548de.b5a6b.0 > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr size = > > 376 > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > > etrn_domain > >> > = > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr stress = > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > > sasl_method > >> > = > >> >> > PLAIN > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > >> > sasl_username > >> >> > = > >> >> > [email protected] > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > > sasl_sender > >> > = > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > >> > ccert_subject > >> >> > = > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > > ccert_issuer > >> > = > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > >> >> > ccert_fingerprint = > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > >> >> > encryption_protocol = > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > >> >> > encryption_cipher = > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: send attr > >> >> > encryption_keysize = 0 > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: 127.0.0.1:10031: > >> > wanted > >> >> > attribute: action > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute > > name: > >> >> > action > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute > > value: > >> >> > DEFER > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: 127.0.0.1:10031: > >> > wanted > >> >> > attribute: (list terminator) > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: input attribute > > name: > >> >> > (end) > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: check_table_result: > >> >> > inet:127.0.0.1:10031 DEFER policy query > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: NOQUEUE: reject: > > RCPT > >> >> > from unknown[192.168.66.18]: 450 4.7.1 <[email protected]>: > >> >> > Recipient address rejected: Access denied; > >> > from=<[email protected]> > >> >> > to=<[email protected]> proto=ESMTP helo=<[192.168.66.18]> > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: generic_checks: > >> >> > name=check_policy_service status=2 > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: > > >> >> > unknown[192.168.66.18]: > >> >> > 450 4.7.1 <[email protected]>: Recipient address rejected: > >> > Access > >> >> > denied > >> >> > Jul 5 09:57:18 mx-test postfix/smtpd[6501]: watchdog_pat: > >> >> > 0x7f1e76c3b020 > >> >> > > >> >> > As you can see in the last 10 lines, it connects to policyd > > (port > >> >> > 10031) and it looks like it gets a DEFER, but I have not > >> > configured > >> >> > any access control to do that. > >> >> > > >> >> > /var/log/cbpolicyd/cbpolicyd.log > >> >> > [2012/07/05-09:57:18 - 5970] [CORE] INFO: Starting "1" children > >> >> > [2012/07/05-09:57:18 - 6329] [CORE] INFO: 2012/07/05-09:57:18 > >> >> > CONNECT > >> >> > TCP Peer: "[::ffff:127.0.0.1]:51312" Local: > >> >> > "[::ffff:127.0.0.1]:10031" > >> >> > [2012/07/05-09:57:18 - 6329] [TRACKING] DEBUG: No session > > tracking > >> >> > data exists for request: $VAR1 = { > >> >> > 'ccert_fingerprint' => '', > >> >> > 'sasl_method' => 'PLAIN', > >> >> > 'sasl_sender' => '', > >> >> > 'size' => 376, > >> >> > '_timestamp' => 1341475038, > >> >> > 'helo_name' => '[192.168.66.18]', > >> >> > 'reverse_client_name' => 'unknown', > >> >> > 'queue_id' => '', > >> >> > 'encryption_cipher' => '', > >> >> > 'encryption_protocol' => '', > >> >> > 'etrn_domain' => '', > >> >> > 'ccert_subject' => '', > >> >> > 'request' => 'smtpd_access_policy', > >> >> > 'protocol_state' => 'RCPT', > >> >> > 'stress' => '', > >> >> > '_peer_address' => '::ffff:127.0.0.1', > >> >> > 'recipient' => '[email protected]', > >> >> > 'sasl_username' => '[email protected]', > >> >> > 'instance' => '1965.4ff548de.b5a6b.0', > >> >> > 'protocol_name' => 'ESMTP', > >> >> > 'encryption_keysize' => '0', > >> >> > 'recipient_count' => '0', > >> >> > 'ccert_issuer' => '', > >> >> > 'sender' => '[email protected]', > >> >> > 'client_name' => 'unknown', > >> >> > 'client_address' => '192.168.66.18', > >> >> > '_protocol_transport' => 'Postfix' > >> >> > }; > >> >> > [2012/07/05-09:57:18 - 6506] [CORE] DEBUG: Child Preforked > > (6506) > >> >> > [2012/07/05-09:57:18 - 6329] [TRACKING] DEBUG: Added session > >> >> > tracking > >> >> > information for: $VAR1 = { > >> >> > 'ccert_fingerprint' => '', > >> >> > 'sasl_method' => 'PLAIN', > >> >> > 'sasl_sender' => '', > >> >> > 'size' => 376, > >> >> > '_timestamp' => 1341475038, > >> >> > 'helo_name' => '[192.168.66.18]', > >> >> > 'reverse_client_name' => 'unknown', > >> >> > 'queue_id' => '', > >> >> > 'encryption_cipher' => '', > >> >> > 'encryption_protocol' => '', > >> >> > 'etrn_domain' => '', > >> >> > 'ccert_subject' => '', > >> >> > 'request' => 'smtpd_access_policy', > >> >> > 'protocol_state' => 'RCPT', > >> >> > 'stress' => '', > >> >> > '_peer_address' => '::ffff:127.0.0.1', > >> >> > 'recipient' => '[email protected]', > >> >> > 'sasl_username' => '[email protected]', > >> >> > 'instance' => '1965.4ff548de.b5a6b.0', > >> >> > 'protocol_name' => 'ESMTP', > >> >> > 'encryption_keysize' => '0', > >> >> > 'recipient_count' => '0', > >> >> > 'ccert_issuer' => '', > >> >> > 'sender' => '[email protected]', > >> >> > 'client_name' => 'unknown', > >> >> > 'client_address' => '192.168.66.18', > >> >> > '_protocol_transport' => 'Postfix' > >> >> > }; > >> >> > [2012/07/05-09:57:18 - 6506] [CBPOLICYD] DEBUG: Starting up > >> > caching > >> >> > engine > >> >> > [2012/07/05-09:57:18 - 6329] [TRACKING] ERROR: Failed to > >> > understand > >> >> > PeerAddress: awitpt::netip::_clean_ip(441): IPv6 address > > component > >> >> > '127.0.0.1' is invalid > >> >> > [2012/07/05-09:57:18 - 6329] [CBPOLICYD:6329] DEBUG: Error > > getting > >> >> > session data > >> >> > [2012/07/05-09:57:48 - 5970] [CORE] INFO: Killing "1" children > >> >> > [2012/07/05-09:57:48 - 6240] [CBPOLICYD] DEBUG: Caching engine: > >> > hits > >> >> > = 0, misses = 0 > >> >> > [2012/07/05-09:57:48 - 6240] [CBPOLICYD] DEBUG: Shutting down > >> >> > caching > >> >> > engine (6240) > >> >> > > >> >> > Thanks & Regards > >> >> > > >> >> > Manel > >> >> > >> >> _______________________________________________ > >> >> Users mailing list > >> >> [email protected] > >> >> http://lists.policyd.org/mailman/listinfo/users > >> > >> > >> _______________________________________________ > >> Users mailing list > >> [email protected] > >> http://lists.policyd.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [email protected] > http://lists.policyd.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
