On 2023-04-10 12:39, Peter via Postfix-users wrote:
On 10/04/23 14:21, tom--- via Postfix-users wrote:
I have resolved the issue by:
1. install unbound as dns resolver locally
This is good.
2. change this statement:
check_policy_service unix:private/policyd-spf,
to this one:
check_policy_service { unix:private/policyd-spf,
default_action=DUNNO },
The default_action here actually defines what action postfix will take
if the policyd errors out (e.g. not running). By default this is "451
4.3.5 Server configuration problem" which results in a deferral, so it
would not cause the message to pass by default but rather to defer.
That said, there is nothing wrong with this setting if that's what you
actually want to happen if the policyd isn't working.
I was thinking the python version configuration for policyd-spf maybe
have bugs.
from the doc:
https://manpages.debian.org/testing/postfix-policyd-spf-python/policyd-spf.conf.5.en.html
which says:
HELO/EHLO PASS RESTRICTION
HELO Pass Restriction allows integration with other Postfix access
controls by provding a user supplied name of a postfix access
restriction to be applied to a message when the HELO checking result is
Pass. The indicated restriction must be an action as defined for a
Postfix SMTP server access table access(5) and explained in the Postfix
RESTRICTION CLASS README. The README.per_user_whitelisting file provided
with this distribution provides examples. Note: A helo pass restriction
will be the returned result even if the mail from result would cause the
message to be rejected.
Example:
HELO_pass_restriction = helo_passed_spf
Default:
None
I think the Default should be set to "DUNNO" here. but it's None. so a
system argument
like mine is required.
Am I right?
Thanks.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org