On Tue, Aug 26, 2014 at 8:21 PM, Wietse Venema <wie...@porcupine.org> wrote:
> Ian Evans: > > Aug 26 08:34:05 carson postfix/smtpd[16374]: warning: problem talking to > server private/policy-spf: Connection timed out > > This Postfix SMTP server time limit is specified with the > smtpd_policy_service_timeout parameter (default: 100s). > > Your SPF script should reply in 10 seconds at most. It should not > wait indefinitely for a DNS reply. > > Once the Postfix SMTP server gives up, it closes the connection to > the policy daemon. Then the Python script has an error while sending > the (too late) result. > > > Aug 26 08:34:58 carson policyd-spf[16383]: Traceback (most recent call > > last): > > Aug 26 08:34:58 carson policyd-spf[16383]: File "/usr/bin/policyd-spf", > > line 690, in <module> > > Aug 26 08:34:58 carson policyd-spf[16383]: sys.stdout.flush() > > Aug 26 08:34:58 carson policyd-spf[16383]: BrokenPipeError: [Errno 32] > > Broken pipe > > Aug 26 08:34:58 carson postfix/spawn[16382]: warning: command > > /usr/bin/policyd-spf exit status 1 > > > > So if emails get checked for spf, why would the vast majority get through > > and others cause this? > > First. the script should limit the time for DNS lookups. > > Second, the script should not die after BrokenPipeError exceptions. > > try: sys.stdout.flush() > except BrokenPipeError: pass > > > > Making this change gave me: Aug 26 22:37:03 carson postfix/spawn[24709]: warning: command /usr/bin/policyd-spf exit status 1 Aug 26 22:37:03 carson postfix/smtpd[24704]: warning: premature end-of-input on private/policy-spf while reading input attribute name Aug 26 22:37:04 carson postfix/smtpd[24704]: warning: premature end-of-input on private/policy-spf while reading input attribute name Aug 26 22:37:04 carson postfix/smtpd[24704]: warning: problem talking to server private/policy-spf: Connection reset by peer
