On 2023-04-10 12:39, Peter via Postfix-users wrote:
On 10/04/23 14:21, tom--- via Postfix-users wrote:
I have resolved the issue by:

1. install unbound as dns resolver locally

This is good.

2. change this statement:
    check_policy_service unix:private/policyd-spf,
   to this one:
   check_policy_service { unix:private/policyd-spf, default_action=DUNNO },

The default_action here actually defines what action postfix will take if the policyd errors out (e.g. not running). By default this is "451 4.3.5 Server configuration problem" which results in a deferral, so it would not cause the message to pass by default but rather to defer. That said, there is nothing wrong with this setting if that's what you actually want to happen if the policyd isn't working.


I was thinking the python version configuration for policyd-spf maybe have bugs.
from the doc:
https://manpages.debian.org/testing/postfix-policyd-spf-python/policyd-spf.conf.5.en.html

which says:

HELO/EHLO PASS RESTRICTION
HELO Pass Restriction allows integration with other Postfix access controls by provding a user supplied name of a postfix access restriction to be applied to a message when the HELO checking result is Pass. The indicated restriction must be an action as defined for a Postfix SMTP server access table access(5) and explained in the Postfix RESTRICTION CLASS README. The README.per_user_whitelisting file provided with this distribution provides examples. Note: A helo pass restriction will be the returned result even if the mail from result would cause the message to be rejected.

Example:

HELO_pass_restriction = helo_passed_spf

Default:

None


I think the Default should be set to "DUNNO" here. but it's None. so a system argument
 like mine is required.

Am I right?
Thanks.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to