I think this one is for Wietse or Viktor;
OVERVIEW
--------
Trying to make a policy server run or not-run per recipient.
DETAILS
-------
main.cf:
smtpd_restriction_classes = verify_spfpolicy
verify_spfpolicy = check_policy_service unix:private/spfpolicy
smtpd_recipient_restrictions =
...
check_recipient_access
mysql:/etc/postfix/mysql_rcpt_restrictions
mysql_rcpt_restrictions:
hosts = <???>
dbname = <???>
user = <???>
password = <???>
require_result_set = no
query = SELECT CONCAT(IF(spfVerify, 'verify_spfpolicy,', ''),
IF(senderVerify, 'reject_unverified_sender,', '')) AS restrictions FROM
settings WHERE email='%s' LIMIT 1
BEHAVIOR
--------
If sql column spfVerify=true then postfix runs policy server and checks
SPF.
If i comment out the #check_recipient_access line then postfix does not
run policy server and does not check SPF
If i don't comment out the check_recipient_access and set column
spfVerify=false then i get a warning in the logs about empty results and
it runs the policy server anyways and checks SPF.
postfix/smtpd[9941]: warning: table
"mysql:/etc/postfix/mysql_rcpt_restrictions": empty lookup result for:
"u...@example.com" -- ignored
policyd-spf[9947]: prepend Received-SPF: Pass (mailfrom)
identity=mailfrom; client-ip=xxx.xxx.xxx.xxx; helo=mx.example.com;
envelope-from=t...@example.com; receiver=u...@example.com
I don't understand how it is running the policy service when there are
no results returned and is being ignored. The class verify_spfpolicy
isn't listed anywhere inside smtpd_recipient_restrictions and only gets
returned in the sql query. Is this expected behavior? Can you help me
understand why this is happening?