> Policyd however should be as easy as downloading
> the .tar.gz, extracting it and throwing a ./cbpolicyd to fire it up.
I've tried that (downloaded cluebringer-v2.1.x-201310261831.tar), and I believe
I've found an issue - emails from gmail were being rejected.
Took me ages scratching my head before I realised it wasn't Postfix generating
my rejects. But I think I've tracked it down.
I was getting rejects like this :
reject: RCPT from mail-wi0-x241.google.com[2a00:1450:400c:c05::241]: 554 5.7.1
<****>: Recipient address rejected: Invalid HELO/EHLO; Cannot resolve
'mail-wi0-x241.google.com', no records found; from=<****@gmail.com> to=<****>
proto=ESMTP helo=<mail-wi0-x241.google.com>
I found this strange as that address does resolve.
So I removed my IPv6 MX record, and things worked fine. So I started digging,
grepped the code, and I think I may have found the issue - but as I don't do
Perl I could be completely wrong !
In CheckHelo.pm I see it does (line 317) :
my $res = Net::DNS::Resolver->new;
my $query = $res->search($sessionData->{'Helo'});
So I did a search and came across this :
http://www.net-dns.org/docs/Net/DNS/Resolver.html
Where it says :
"The record type and class can be omitted; they default to A and IN"
In the case of gmail, the FQDN only resolves to AAAA records - hence no results
for the default search.
I changed line 318 to "my $query =
$res->search($sessionData->{'Helo'},"A","AAAA","MX");" and the HELO failure
stopped, now I get a different error to track down ! I obviously didn't get it
right as PolicyD logs :
[CBPOLICYD] ERROR: Error running module request_process():
Net::DNS::classesbyval() argument is not CLASS### (AAAA) at
/usr/lib/perl5/Net/DNS.pm line 261
and a load of other Perl errors (traceback).
Also, looking at the above page, would it not be more correct to use "query"
rather than "search" ? I can't personally see any situation where you'd want to
be adding local domains to a helo provided FQDN to find an answer.
One thing I did learn from this is that it would help if the PolicyD messages
were easily distinguishable from Postfix messages !
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
