From owner-freebsd-questions@FreeBSD.ORG Thu Apr 8 21:57:13 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E6561065672 for ; Thu, 8 Apr 2010 21:57:13 +0000 (UTC) (envelope-from noeldude@gmail.com) Received: from mail-yw0-f193.google.com (mail-yw0-f193.google.com [209.85.211.193]) by mx1.freebsd.org (Postfix) with ESMTP id 2E28C8FC0C for ; Thu, 8 Apr 2010 21:57:12 +0000 (UTC) Received: by ywh31 with SMTP id 31so77102ywh.3 for ; Thu, 08 Apr 2010 14:57:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=u7CZMpJU82ii+AnwVCzhiLQ28Pl76v+W7cXVPx2eqbY=; b=v9ErFUWP5kl6OD70iq1p55PDBBfmyk8A/NP219Ffmhs7wZnuI7+ROhak9FK2Q/fcXN +QjhiqqDY7Gg9dT9bOlfxK7/TRFlbg3mNyLsIk/lakSlpIL7FbkDokhPRqCWl9o2hIOY qm63hL69DhlbpXw+iW7b5o/KuynsYSWATQkb0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=FlpeNqybuOcTUlCzAjRsSnfK484RIcUOlXLGbwrbCY+aI/e4dXyHcA4TeqRLq6+B+I KJwepe7QX0aO1n+q2p1p/dgJo9957PcvhfSEUuKJIugjTgrpLyE2XPXNLIkt5McKgaX9 LRyaPpF/X8Te3LAPh1CdxJivW/bxd8OIjqENY= MIME-Version: 1.0 Received: by 10.150.124.11 with HTTP; Thu, 8 Apr 2010 14:57:12 -0700 (PDT) In-Reply-To: References: Date: Thu, 8 Apr 2010 16:57:12 -0500 Received: by 10.151.20.11 with SMTP id x11mr736454ybi.216.1270763832095; Thu, 08 Apr 2010 14:57:12 -0700 (PDT) Message-ID: From: Noel Jones To: perikillo Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: FreeBSD Mailing List Subject: Re: FreeBSD 8: Postfix policyd-weight not working!!! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Apr 2010 21:57:13 -0000 On Thu, Apr 8, 2010 at 9:29 AM, perikillo wrote: > =A0Hi people. > > =A0I'm working in my first spam gateway, using Postfix + policyd-weight. > > =A0I have 2 jails for this, the jail-A is the mail server, where the mail= boxes > exist, they are on each user home directory: > > =A0/home/user-1 > =A0/home/user-2 > =A0/home/user-3 > ... > =A0/home/user-N > > =A0This jail-A have samba+ldap=3DPDC, nss_ldap+pam_ldap working + > dovecot+postfix working to. > > =A0id test > uid=3D10003(test) gid=3D513(Domain Users) groups=3D513(Domain Users) > id root > uid=3D0(root) gid=3D0(wheel) groups=3D0(wheel),5(operator),512(Domain Adm= ins) > > =A0I can add users without a issue using smbldap-tools. > > =A0I have test dovecot+postfix and I can send emails with that jail. > > Now I want to setup my spam gateway, is another jail called jail-B, I hav= e > setup nss_ldap+pam_ldap to contact my PDC(jail-A) and is working: > > id user1 > uid=3D10002(user1) gid=3D513(Domain Users) groups=3D513(Domain Users) > id test > uid=3D10003(test) gid=3D513(Domain Users) groups=3D513(Domain Users) > > Now, the part is the one is not working is postfix+ policyd-weight. > > Went I test with other machine in the network using telnet, for some reas= on > once postfix accept the mail wants to send the email to the outside not > internally. I have setup transport to send the email jail-A but I don't s= ee > any task doing this, check: > > Apr =A08 07:02:01 filtro postfix/qmgr[6723]: 97002BB47C2: from=3D, > size=3D409, nrcpt=3D1 (queue active) > Apr =A08 07:02:04 filtro postfix/smtpd[6727]: connect from filtro.X.org > [192.168.49.7] > Apr =A08 07:02:31 filtro postfix/smtp[6725]: connect to X.org[X.Y.Z.W]:25= : > Operation timed out > Apr =A08 07:02:31 filtro postfix/smtp[6725]: 97002BB47C2: to=3D, > relay=3Dnone, delay=3D869, delays=3D839/0.03/30/0, dsn=3D4.4.1, status=3D= deferred > (connect to X.org[X.Y.Z.W]:25: Operation timed out) You say that X.org should be delivered locally. Postfix doesn't think X.org is a local domain. > Apr =A08 07:10:00 filtro postfix/sendmail[6763]: fatal: root(0): No recip= ient > addresses found in message header This appears that you've used "sendmail -t" to inject some mail, and there was no To: header. Don't rely on headers for mail routing. > > X.Y.Z.W --> Public address. > > My postfix settings are this: > > alias_maps =3D hash:/etc/aliases > command_directory =3D /usr/local/sbin > config_directory =3D /usr/local/etc/postfix > daemon_directory =3D /usr/local/libexec/postfix > data_directory =3D /var/db/postfix > debug_peer_level =3D 2 > home_mailbox =3D Maildir/ > html_directory =3D /usr/local/share/doc/postfix > inet_interfaces =3D all > local_destination_concurrency_limit =3D 2 > mail_owner =3D postfix > mailq_path =3D /usr/local/bin/mailq > manpage_directory =3D /usr/local/man > mydomain =3D X.org > myhostname =3D filtro.X.org You might want to add mydestination =3D $mydomain $myhostname localhost > myorigin =3D $mydomain > newaliases_path =3D /usr/local/bin/newaliases > queue_directory =3D /var/spool/postfix > readme_directory =3D /usr/local/share/doc/postfix > relay_domains =3D $transport_maps Bad idea. If you add a transport for eg. hotmail, you become an instant open relay. Don't reuse transport_maps this way. If mail is delivered locally on this box, relay_domains should be explicitly set empty. relay_domains =3D > sample_directory =3D /usr/local/etc/postfix > sendmail_path =3D /usr/local/sbin/sendmail > setgid_group =3D maildrop > smtpd_delay_reject =3D yes > smtpd_helo_required =3D yes > smtpd_recipient_restrictions =3D permit_mynetworks, > reject_unauth_destination, =A0 =A0 =A0reject_non_fqdn_recipient, > reject_invalid_helo_hostname, =A0 check_policy_service > inet:[192.168.49.7]:12525 > soft_bounce =3D no > transport_maps =3D hash:/usr/local/etc/postfix/transport > unknown_local_recipient_reject_code =3D 550 > > Now, my transport file is: > > nis.X.org =A0 =A0smtp:[192.168.49.6] =A0----->jail-A > > Is created: =A0transport.db > > Another think, in the log I don't see went is touching "policyd-weight: > 12525" or this is just for the outside connections? Mail that's permitted by "permit_mynetworks" or submitted via the sendmail(1) interface won't trigger the policy server in your config. -- Noel Jones