I think this one is for Wietse or Viktor;

OVERVIEW
--------
Trying to make a policy server run or not-run per recipient.


DETAILS
-------
main.cf:
    smtpd_restriction_classes = verify_spfpolicy
    verify_spfpolicy = check_policy_service unix:private/spfpolicy
    smtpd_recipient_restrictions =
        ...
check_recipient_access mysql:/etc/postfix/mysql_rcpt_restrictions

mysql_rcpt_restrictions:
    hosts = <???>
    dbname = <???>
    user = <???>
    password = <???>
    require_result_set = no
query = SELECT CONCAT(IF(spfVerify, 'verify_spfpolicy,', ''), IF(senderVerify, 'reject_unverified_sender,', '')) AS restrictions FROM settings WHERE email='%s' LIMIT 1


BEHAVIOR
--------
If sql column spfVerify=true then postfix runs policy server and checks SPF. If i comment out the #check_recipient_access line then postfix does not run policy server and does not check SPF If i don't comment out the check_recipient_access and set column spfVerify=false then i get a warning in the logs about empty results and it runs the policy server anyways and checks SPF.

postfix/smtpd[9941]: warning: table "mysql:/etc/postfix/mysql_rcpt_restrictions": empty lookup result for: "u...@example.com" -- ignored policyd-spf[9947]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=xxx.xxx.xxx.xxx; helo=mx.example.com; envelope-from=t...@example.com; receiver=u...@example.com

I don't understand how it is running the policy service when there are no results returned and is being ignored. The class verify_spfpolicy isn't listed anywhere inside smtpd_recipient_restrictions and only gets returned in the sql query. Is this expected behavior? Can you help me understand why this is happening?

Reply via email to