Greyfix not being run
gr...@vig.co.nz
smtpd_recipient_restrictions =
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_unlisted_recipient,
check_policy_service unix:private/greyfix,
permit# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd -o content_filter=spamassassin
greyfix unix - n n - - spawn
user=nobody argv=/usr/local/sbin/greyfix -/ 24 -6 56
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
#smtp inet n - - - - smtpd
Any ideas?
Kim Minh Kaplan
> I've got a Postfix 2.9.6 install, and just added greyfix. It doesn't seem to be working - my logs show no greylisting entries at all.
If you could post (or email it privately) a sample of your log that traces an email from submission to delivery (or nexthop submission) it could help track down the problem.
> I do have Spam Assassin running too, and I wonder if this is somehow affecting greyfix.
I don't see particular reason why it would. I do not really know Spam Assassin, but I believe it operates *after* smtpd_recipient_restrictions is checked.
> Here's part of my main.cf:
> smtpd_recipient_restrictions =
> permit_mynetworks,
> reject_invalid_hostname,
> reject_non_fqdn_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_unauth_destination,
> reject_unlisted_recipient,
> check_policy_service unix:private/greyfix,
> permit
The only reason I can see Greyfix not being checked here is if one of the preceding checks either accepts or rejects the mail. Are you sure your submission is not coming from "my networks"?
> And master.cf:
>
> smtp inet n - n - - smtpd -o content_filter=spamassassin
>
>
> greyfix unix - n n - - spawn
> user=nobody argv=/usr/local/sbin/greyfix -/ 24 -6 56
You can add "-d" argument to have greyfix log some debugging information.
You can "su -c '/usr/local/sbin/greyfix -d </dev/null' -" just to verify that greyfix can start and log.
If you can post full postfix configuration files it could also help.
Kim Minh.
gr...@vig.co.nz
The only reason I can see Greyfix not being checked here is if one of the preceding checks either accepts or rejects the mail. Are you sure your submission is not coming from "my networks"?
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128You can add "-d" argument to have greyfix log some debugging information.
You can "su -c '/usr/local/sbin/greyfix -d </dev/null' -" just to verify that greyfix can start and log.
Jan 31 17:21:29 tui greyfix[16998]: This daemon was compiled with Berkeley DB 5.1.25: (January 28, 2011) (5.1.25) definitions.
Jan 31 17:21:29 tui greyfix[16998]: allocate 8192 bytes for request buffer
Jan 31 17:21:29 tui greyfix[16998]: Cleaned
If you can post full postfix configuration files it could also help.
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = tui.vig.co.nz
mydomain = tui.vig.co.nz
myorigin = tui.vig.co.nz
# mailproc.vig.co.nz is for Capo payment advice processor
# vig.co.nz is now hosted on gmail, so excluded from mydestination
mydestination = $mydomain, $myhostname, localhost.domain, mailproc.vig.co.nz
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp:/etc/postfix/helo.regexp, permit
smtpd_recipient_restrictions =
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_unlisted_recipient,
check_policy_service unix:private/greyfix,
permit
alias_maps = hash:/etc/postfix/aliases hash:/home/vigboss/.aliases
alias_database = hash:/etc/postfix/aliases
virtual_alias_domains =
... removed for privacy ...
virtual_alias_maps = hash:/etc/postfix/virtual
relayhost =
mailbox_size_limit = 0
message_size_limit = 104857600
recipient_delimiter = +
#inet_interfaces = loopback-only
inet_interfaces = all
home_mailbox =
smtpd_sasl_auth_enable = no
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
smtpd_sasl_authenticated_header = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = no
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_sender_restrictions =
mailbox_command =
smtp_use_tls = no
smtpd_tls_received_header = no
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = no
tls_random_source = dev:/dev/urandom
#default_transport = error
#relay_transport = error
inet_protocols = all
Thanks for your time looking at this, Kim - I really appreciate it. If there is any way to make postfix provide blow-by-blow logs on how it decides how to handle each message, let me know and I'll enable it.