Date: Thu, 8 Apr 2010 16:57:12 -0500 From: Noel Jones <noeldude@gmail.com> To: perikillo <perikillo@gmail.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: FreeBSD 8: Postfix policyd-weight not working!!! Message-ID: <w2scce506b1004081457za583c53co5b27cfb1b96cd4cc@mail.gmail.com> In-Reply-To: <i2k51d7a5161004080729ua1945906w242add379296f2de@mail.gmail.com> References: <i2k51d7a5161004080729ua1945906w242add379296f2de@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 8, 2010 at 9:29 AM, perikillo <perikillo@gmail.com> wrote: > =A0Hi people. > > =A0I'm working in my first spam gateway, using Postfix + policyd-weight. > > =A0I have 2 jails for this, the jail-A is the mail server, where the mail= boxes > exist, they are on each user home directory: > > =A0/home/user-1 > =A0/home/user-2 > =A0/home/user-3 > ... > =A0/home/user-N > > =A0This jail-A have samba+ldap=3DPDC, nss_ldap+pam_ldap working + > dovecot+postfix working to. > > =A0id test > uid=3D10003(test) gid=3D513(Domain Users) groups=3D513(Domain Users) > id root > uid=3D0(root) gid=3D0(wheel) groups=3D0(wheel),5(operator),512(Domain Adm= ins) > > =A0I can add users without a issue using smbldap-tools. > > =A0I have test dovecot+postfix and I can send emails with that jail. > > Now I want to setup my spam gateway, is another jail called jail-B, I hav= e > setup nss_ldap+pam_ldap to contact my PDC(jail-A) and is working: > > id user1 > uid=3D10002(user1) gid=3D513(Domain Users) groups=3D513(Domain Users) > id test > uid=3D10003(test) gid=3D513(Domain Users) groups=3D513(Domain Users) > > Now, the part is the one is not working is postfix+ policyd-weight. > > Went I test with other machine in the network using telnet, for some reas= on > once postfix accept the mail wants to send the email to the outside not > internally. I have setup transport to send the email jail-A but I don't s= ee > any task doing this, check: > > Apr =A08 07:02:01 filtro postfix/qmgr[6723]: 97002BB47C2: from=3D<test@X.= org>, > size=3D409, nrcpt=3D1 (queue active) > Apr =A08 07:02:04 filtro postfix/smtpd[6727]: connect from filtro.X.org > [192.168.49.7] > Apr =A08 07:02:31 filtro postfix/smtp[6725]: connect to X.org[X.Y.Z.W]:25= : > Operation timed out > Apr =A08 07:02:31 filtro postfix/smtp[6725]: 97002BB47C2: to=3D<user2@X.o= rg>, > relay=3Dnone, delay=3D869, delays=3D839/0.03/30/0, dsn=3D4.4.1, status=3D= deferred > (connect to X.org[X.Y.Z.W]:25: Operation timed out) You say that X.org should be delivered locally. Postfix doesn't think X.org is a local domain. > Apr =A08 07:10:00 filtro postfix/sendmail[6763]: fatal: root(0): No recip= ient > addresses found in message header This appears that you've used "sendmail -t" to inject some mail, and there was no To: header. Don't rely on headers for mail routing. > > X.Y.Z.W --> Public address. > > My postfix settings are this: > > alias_maps =3D hash:/etc/aliases > command_directory =3D /usr/local/sbin > config_directory =3D /usr/local/etc/postfix > daemon_directory =3D /usr/local/libexec/postfix > data_directory =3D /var/db/postfix > debug_peer_level =3D 2 > home_mailbox =3D Maildir/ > html_directory =3D /usr/local/share/doc/postfix > inet_interfaces =3D all > local_destination_concurrency_limit =3D 2 > mail_owner =3D postfix > mailq_path =3D /usr/local/bin/mailq > manpage_directory =3D /usr/local/man > mydomain =3D X.org > myhostname =3D filtro.X.org You might want to add mydestination =3D $mydomain $myhostname localhost > myorigin =3D $mydomain > newaliases_path =3D /usr/local/bin/newaliases > queue_directory =3D /var/spool/postfix > readme_directory =3D /usr/local/share/doc/postfix > relay_domains =3D $transport_maps Bad idea. If you add a transport for eg. hotmail, you become an instant open relay. Don't reuse transport_maps this way. If mail is delivered locally on this box, relay_domains should be explicitly set empty. relay_domains =3D > sample_directory =3D /usr/local/etc/postfix > sendmail_path =3D /usr/local/sbin/sendmail > setgid_group =3D maildrop > smtpd_delay_reject =3D yes > smtpd_helo_required =3D yes > smtpd_recipient_restrictions =3D permit_mynetworks, > reject_unauth_destination, =A0 =A0 =A0reject_non_fqdn_recipient, > reject_invalid_helo_hostname, =A0 check_policy_service > inet:[192.168.49.7]:12525 > soft_bounce =3D no > transport_maps =3D hash:/usr/local/etc/postfix/transport > unknown_local_recipient_reject_code =3D 550 > > Now, my transport file is: > > nis.X.org =A0 =A0smtp:[192.168.49.6] =A0----->jail-A > > Is created: =A0transport.db > > Another think, in the log I don't see went is touching "policyd-weight: > 12525" or this is just for the outside connections? Mail that's permitted by "permit_mynetworks" or submitted via the sendmail(1) interface won't trigger the policy server in your config. -- Noel Jones
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?w2scce506b1004081457za583c53co5b27cfb1b96cd4cc>