Date: Thu, 8 Apr 2010 15:29:52 -0700 From: perikillo <perikillo@gmail.com> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: FreeBSD 8: Postfix policyd-weight not working!!! Message-ID: <u2n51d7a5161004081529jb8a55435o7ce1ddc255bb4ba8@mail.gmail.com> In-Reply-To: <w2scce506b1004081457za583c53co5b27cfb1b96cd4cc@mail.gmail.com> References: <i2k51d7a5161004080729ua1945906w242add379296f2de@mail.gmail.com> <w2scce506b1004081457za583c53co5b27cfb1b96cd4cc@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 8, 2010 at 2:57 PM, Noel Jones <noeldude@gmail.com> wrote: > On Thu, Apr 8, 2010 at 9:29 AM, perikillo <perikillo@gmail.com> wrote: > > Hi people. > > > > I'm working in my first spam gateway, using Postfix + policyd-weight. > > > > I have 2 jails for this, the jail-A is the mail server, where the > mailboxes > > exist, they are on each user home directory: > > > > /home/user-1 > > /home/user-2 > > /home/user-3 > > ... > > /home/user-N > > > > This jail-A have samba+ldap=PDC, nss_ldap+pam_ldap working + > > dovecot+postfix working to. > > > > id test > > uid=10003(test) gid=513(Domain Users) groups=513(Domain Users) > > id root > > uid=0(root) gid=0(wheel) groups=0(wheel),5(operator),512(Domain Admins) > > > > I can add users without a issue using smbldap-tools. > > > > I have test dovecot+postfix and I can send emails with that jail. > > > > Now I want to setup my spam gateway, is another jail called jail-B, I > have > > setup nss_ldap+pam_ldap to contact my PDC(jail-A) and is working: > > > > id user1 > > uid=10002(user1) gid=513(Domain Users) groups=513(Domain Users) > > id test > > uid=10003(test) gid=513(Domain Users) groups=513(Domain Users) > > > > Now, the part is the one is not working is postfix+ policyd-weight. > > > > Went I test with other machine in the network using telnet, for some > reason > > once postfix accept the mail wants to send the email to the outside not > > internally. I have setup transport to send the email jail-A but I don't > see > > any task doing this, check: > > > > Apr 8 07:02:01 filtro postfix/qmgr[6723]: 97002BB47C2: from=<test@X.org > >, > > size=409, nrcpt=1 (queue active) > > Apr 8 07:02:04 filtro postfix/smtpd[6727]: connect from filtro.X.org > > [192.168.49.7] > > Apr 8 07:02:31 filtro postfix/smtp[6725]: connect to X.org[X.Y.Z.W]:25: > > Operation timed out > > Apr 8 07:02:31 filtro postfix/smtp[6725]: 97002BB47C2: to=<user2@X.org > >, > > relay=none, delay=869, delays=839/0.03/30/0, dsn=4.4.1, status=deferred > > (connect to X.org[X.Y.Z.W]:25: Operation timed out) > > You say that X.org should be delivered locally. Postfix doesn't think > X.org is a local domain. > > > Apr 8 07:10:00 filtro postfix/sendmail[6763]: fatal: root(0): No > recipient > > addresses found in message header > > This appears that you've used "sendmail -t" to inject some mail, and > there was no To: header. > Don't rely on headers for mail routing. > > > > > > X.Y.Z.W --> Public address. > > > > My postfix settings are this: > > > > alias_maps = hash:/etc/aliases > > command_directory = /usr/local/sbin > > config_directory = /usr/local/etc/postfix > > daemon_directory = /usr/local/libexec/postfix > > data_directory = /var/db/postfix > > debug_peer_level = 2 > > home_mailbox = Maildir/ > > html_directory = /usr/local/share/doc/postfix > > inet_interfaces = all > > local_destination_concurrency_limit = 2 > > mail_owner = postfix > > mailq_path = /usr/local/bin/mailq > > manpage_directory = /usr/local/man > > mydomain = X.org > > myhostname = filtro.X.org > > You might want to add > mydestination = $mydomain $myhostname localhost > > > > myorigin = $mydomain > > newaliases_path = /usr/local/bin/newaliases > > queue_directory = /var/spool/postfix > > readme_directory = /usr/local/share/doc/postfix > > relay_domains = $transport_maps > > Bad idea. If you add a transport for eg. hotmail, you become an > instant open relay. Don't reuse transport_maps this way. > > If mail is delivered locally on this box, relay_domains should be > explicitly set empty. > relay_domains = > > > > sample_directory = /usr/local/etc/postfix > > sendmail_path = /usr/local/sbin/sendmail > > setgid_group = maildrop > > smtpd_delay_reject = yes > > smtpd_helo_required = yes > > smtpd_recipient_restrictions = permit_mynetworks, > > reject_unauth_destination, reject_non_fqdn_recipient, > > reject_invalid_helo_hostname, check_policy_service > > inet:[192.168.49.7]:12525 > > soft_bounce = no > > transport_maps = hash:/usr/local/etc/postfix/transport > > unknown_local_recipient_reject_code = 550 > > > > Now, my transport file is: > > > > nis.X.org smtp:[192.168.49.6] ----->jail-A > > > > Is created: transport.db > > > > Another think, in the log I don't see went is touching "policyd-weight: > > 12525" or this is just for the outside connections? > > Mail that's permitted by "permit_mynetworks" or submitted via the > sendmail(1) interface won't trigger the policy server in your config. > > Thanks Noel for your quick answer, just would like to inform u that this is a spam server not a email server, once this server accept the email, he need to send it to the real mail server, is other machine in the network(other jail). This is why I'm using the transport stuff, if exist a more secure way please let me know, spam server + email server exist in the same network(jails). The test was made with telnet, about the sendmail, I don't know went I setup something about sendmail, I just have been working with postfix. Thanks again!!! > -- Noel Jones >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?u2n51d7a5161004081529jb8a55435o7ce1ddc255bb4ba8>