On 01/03/2014 04:40 PM, Simon Hobson wrote:
>> Policyd however should be as easy as downloading
>> the .tar.gz, extracting it and throwing a ./cbpolicyd to fire it up.
> I've tried that (downloaded cluebringer-v2.1.x-201310261831.tar), and I
> believe I've found an issue - emails from gmail were being rejected.
> Took me ages scratching my head before I realised it wasn't Postfix
> generating my rejects. But I think I've tracked it down.
>
> I was getting rejects like this :
> reject: RCPT from mail-wi0-x241.google.com[2a00:1450:400c:c05::241]: 554
> 5.7.1 <****>: Recipient address rejected: Invalid HELO/EHLO; Cannot resolve
> 'mail-wi0-x241.google.com', no records found; from=<****@gmail.com> to=<****>
> proto=ESMTP helo=<mail-wi0-x241.google.com>
>
> I found this strange as that address does resolve.
>
> So I removed my IPv6 MX record, and things worked fine. So I started digging,
> grepped the code, and I think I may have found the issue - but as I don't do
> Perl I could be completely wrong !
>
> In CheckHelo.pm I see it does (line 317) :
> my $res = Net::DNS::Resolver->new;
> my $query = $res->search($sessionData->{'Helo'});
> So I did a search and came across this :
> http://www.net-dns.org/docs/Net/DNS/Resolver.html
> Where it says :
> "The record type and class can be omitted; they default to A and IN"
>
> In the case of gmail, the FQDN only resolves to AAAA records - hence no
> results for the default search.
>
> I changed line 318 to "my $query =
> $res->search($sessionData->{'Helo'},"A","AAAA","MX");" and the HELO failure
> stopped, now I get a different error to track down ! I obviously didn't get
> it right as PolicyD logs :
> [CBPOLICYD] ERROR: Error running module request_process():
> Net::DNS::classesbyval() argument is not CLASS### (AAAA) at
> /usr/lib/perl5/Net/DNS.pm line 261
> and a load of other Perl errors (traceback).
>
>
> Also, looking at the above page, would it not be more correct to use "query"
> rather than "search" ? I can't personally see any situation where you'd want
> to be adding local domains to a helo provided FQDN to find an answer.
>
>
> One thing I did learn from this is that it would help if the PolicyD messages
> were easily distinguishable from Postfix messages !
Added issue to development site, it should be fixed in the next version.
--
-N
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
