Wietse Venema via Postfix-users escribió el 10/12/2023 a las 18:49:
Carlos Velasco via Postfix-users:
That means you are somehow calling the policy server twice.
You didn't mention what version of the SPF policy server you are
using. Recent versions (under the project name SPF Engine, since
it's not just a policy server anymore) also provide a milter front
end if you would rather do all the processing in milters. It uses
the same SPF processing code, so it's merely a choice of how you
would prefer to integrate with Postfix.
No, it's called only 1 time, verified with debugs. The duplicated
header issue is located in postfix when mixing policyd and milter,
something weird happens.
Sorry, when the Received-SPF header is generated by a policy service,
and that header is added twice, then you are calling that service
twice. Postfix does not duplicate headers.
If you disagree, then I need to see the proof in your debug logging.
If you have been making changes to Postfix source code, then you
are out of support.
Is only called 1 time. You are ignoring the test and troubleshooting I have
done.
To know if it is called more than 1 time is pretty easy, just putting
debugLevel = 4 in policyd-spf.conf and look at the syslog.
Dec 10 18:59:19 mail:info postfix/smtpd: postfix/smtpd[537116]: connect from
out1.vger.email[2620:137:e000::1:20]:33610
*** Here it goes ***
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Starting
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"request=smtpd_access_policy"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"protocol_state=RCPT"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"protocol_name=ESMTP"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"client_address=2620:137:e000::1:20"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"client_name=out1.vger.email"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"client_port=33610"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"reverse_client_name=out1.vger.email"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"server_address=2a01:4f8:202:6022::2"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"server_port=25"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"helo_name=out1.vger.email"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"sender=linux-kernel-ow...@vger.kernel.org"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"recipient=mtgh...@newipnet.com"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"recipient_count=0"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"queue_id="
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"instance=8321c.6575fc78.234b4.0"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"size=3915"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"etrn_domain="
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line: "stress="
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"sasl_method="
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"sasl_username="
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"sasl_sender="
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"ccert_subject="
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"ccert_issuer="
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"ccert_fingerprint="
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"ccert_pubkey_fingerprint="
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"encryption_protocol="
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"encryption_cipher="
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"encryption_keysize=0"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"policy_context="
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"compatibility_level=3.6"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line:
"mail_version=3.8.3"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Read line: ""
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Found the end of
entry
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Config:
{'debugLevel': 4, 'HELO_reject': 'Fail', 'Mail_From_reject': 'Fail',
'PermError_reject': 'False', 'TempError_Defer': 'False', 'skip_addresses':
'127.0.0.0/8,::ffff:127.0.0.0/104,::1', 'TestOnly': 1,
'SPF_Enhanced_Status_Codes': 'Yes', 'Header_Type': 'SPF', 'Hide_Receiver':
'Yes', 'Authserv_Id': 'hermes', 'Lookup_Time': 20, 'Whitelist_Lookup_Time': 10,
'Void_Limit': 2, 'Reason_Message': 'Message {rejectdefer} due to: {spf}. Please
see {url}', 'No_Mail': False, 'Mock': False, 'Socket':
'local:/run/pyspf-milter/pyspf-milter.sock', 'PidFile':
'/run/pyspf-milter/pyspf-milter.pid', 'UserID': 'pyspf-milter', 'UMask': 7,
'InternalHosts': '127.0.0.1', 'IntHosts': False, 'MacroListVerify': ''}
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Cached data for
this instance: []
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: skip_addresses
enabled.
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: spfcheck: pyspf result:
"['None', '', 'helo']"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: None; identity=helo;
client-ip=2620:137:e000::1:20; helo=out1.vger.email;
envelope-from=linux-kernel-ow...@vger.kernel.org; receiver=<UNKNOWN>
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: spfcheck: pyspf result:
"['Pass', 'sender SPF authorized', 'mailfrom']"
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Pass; identity=mailfrom;
client-ip=2620:137:e000::1:20; helo=out1.vger.email;
envelope-from=linux-kernel-ow...@vger.kernel.org; receiver=<UNKNOWN>
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: not peruser
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: Action: prepend: Text:
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2620:137:e000::1:20;
helo=out1.vger.email; envelope-from=linux-kernel-ow...@vger.kernel.org;
receiver=<UNKNOWN> Reject action: 550 5.7.23
Dec 10 18:59:20 mail:info policyd-spf: policyd-spf[537122]: prepend Received-SPF:
Pass (mailfrom) identity=mailfrom; client-ip=2620:137:e000::1:20;
helo=out1.vger.email; envelope-from=linux-kernel-ow...@vger.kernel.org;
receiver=<UNKNOWN>
Dec 10 18:59:20 mail:info postfix/smtpd: postfix/smtpd[537116]: 9BA2FC0087:
client=out1.vger.email[2620:137:e000::1:20]:33610
Dec 10 18:59:20 mail:info postfix/cleanup: postfix/cleanup[537123]: 9BA2FC0087:
message-id=<20231210125908.5bf1c...@rorschach.local.home>
*** And there is the milter, is custom made ***
Dec 10 18:59:20 mail:info milter: milter[505155]: Processing: ...
...
Dec 10 18:59:23 mail:info postfix/qmgr: postfix/qmgr[465418]: 9BA2FC0087:
from=<linux-kernel-ow...@vger.kernel.org>, size=4371, nrcpt=1 (queue active)
Dec 10 18:59:23 mail:info postfix/local: postfix/local[537134]: 9BA2FC0087: passing
<x...@domain.com> to transport=lmtp
Dec 10 18:59:23 mail:info postfix/lmtp: postfix/lmtp[537135]: 9BA2FC0087:
to=<x...@domain.com>, relay=X.X.X.X[X.X.X.X]:24, delay=3.7,
delays=3.6/0.01/0.01/0.04, dsn=2.1.5, status=sent (250 2.1.5 Success
SESSIONID=<Mail1-1702231163-2874448-2-9414096827346685264>)
Dec 10 18:59:23 mail:info postfix/qmgr: postfix/qmgr[465418]: 9BA2FC0087:
removed
So, executed only 1 time. No source code change (I'm still trying to understand
where to change anything about this...)
Facts:
1. if, in milter, I remove "Received" header index 1, the "own Received" header is
eliminated. Yes, this one: "Postfix hides its own Postfix-prepended Received: header, for compatibility
with Sendmail. Postfix does not hide other headers that Postfix or Milters added or modified."
2. mixing policy and milter makes header created in policy to be passed to
milter (this is ok), but then if you delete it and re-add it in milter, then it
gets duplicated in the final email. *It is NOT duplicated if I don't do any
thing with this header in milter phase*.
Regards,
Carlos Velasco
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
