[policyd-users] Solved: Module execution order, but...

Sun, 02 Nov 2014 02:26:03 -0800 

Hi,
first, sorry for my elementary english.
I've encountered a problem running cluebringer 2.0.11 on my new Debian 7 mailserver. 

My intention was to do SPF check in 3 possible fashion:

1) standard incoming email, all checked.

2) specials "tolerate" problem in SPF record, sometime misconfigured 
customer's mailserver create a problem on receiveng email, so i'd like 
to use a policy that "tolerate" bad SPF leaving a track into mail header

3) special sender that do not check SPF at all


So, i've maked my simple 3 policy in a cascade fashion, briefly the 
policies:



Priority 20:   Incoming mail, members: !$*,!%internal_ips , SPF 
Chech=yes, Reject=yes, Add SPF Header: ---
Priority 21:   Tolerate SPF, members: %spf_tolerate, SPF Chech=yes, 
Reject=NO, Add SPF Header: YES
Priority 22:   NO-Check, members: %spf_no_check, SPF Chech=NO, 
Reject=NO, Add SPF Header: NO


all works good, and the 'Tolerate' leave this on logfile:

module=CheckSPF, action=add_header, ..... reason=spf_fail

Also che check appears into mail header, perfect.


Problem come putting ON the Greylisting module, everiting seems to works 
and on logfile I found 2 rows:


module=CheckSPF, action=add_header ..... reason=spf_fail
module=Greylisting, action=pass, ...... reason=authenticated

but in heder mail nothing appear about SPF check.


I've found that the problem is on modules execution order, infact every 
module has a declaration like this:


# User plugin info
our $pluginInfo = {
        name                    => "SPF Check Plugin",
        priority              => 70,
        init                    => \&init,
        request_process => \&check,
};

and the modules/README.txt explain:

Module Priorities:
------------------
0 - Lowest
100 - Highest

Core - 100

AccessControl - 90

CheckHelo - 80

CheckSPF - 70

Greylisting - 60

Quotas - 50



To solve my problem I've switched the priorities of the two modules 
CheckSPF / Greylisting and now on my logfile the 2 rows are inverted:


module=Greylisting, action=pass, ...... reason=authenticated
module=CheckSPF, action=add_header ..... reason=spf_fail


so the action=add_header effectively puts info info mail header and 
eveithing now work properly.


So my question is:

Why this strange execution order?


Before making some DNS requests to resolve SPF is not best to resolve 
local Greylisted DB entry?


Is this proposable to default on distribution?

Can I making this simple change cause some other future strange behavior?

Best regards to everyone.
Franco








_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org














    











					Reply via email to