On April 10, 2023 4:52:04 AM UTC, tom--- via Postfix-users
<postfix-users@postfix.org> wrote:
>On 2023-04-10 12:39, Peter via Postfix-users wrote:
>> On 10/04/23 14:21, tom--- via Postfix-users wrote:
>>> I have resolved the issue by:
>>>
>>> 1. install unbound as dns resolver locally
>>
>> This is good.
>>
>>> 2. change this statement:
>>> check_policy_service unix:private/policyd-spf,
>>> to this one:
>>> check_policy_service { unix:private/policyd-spf, default_action=DUNNO },
>>
>> The default_action here actually defines what action postfix will take if
>> the policyd errors out (e.g. not running). By default this is "451 4.3.5
>> Server configuration problem" which results in a deferral, so it would not
>> cause the message to pass by default but rather to defer. That said, there
>> is nothing wrong with this setting if that's what you actually want to
>> happen if the policyd isn't working.
>>
>
>I was thinking the python version configuration for policyd-spf maybe have
>bugs.
>from the doc:
>https://manpages.debian.org/testing/postfix-policyd-spf-python/policyd-spf.conf.5.en.html
>
>which says:
>
>HELO/EHLO PASS RESTRICTION
>HELO Pass Restriction allows integration with other Postfix access controls by
>provding a user supplied name of a postfix access restriction to be applied to
>a message when the HELO checking result is Pass. The indicated restriction
>must be an action as defined for a Postfix SMTP server access table access(5)
>and explained in the Postfix RESTRICTION CLASS README. The
>README.per_user_whitelisting file provided with this distribution provides
>examples. Note: A helo pass restriction will be the returned result even if
>the mail from result would cause the message to be rejected.
>
>Example:
>
>HELO_pass_restriction = helo_passed_spf
>
>Default:
>
>None
>
>
>I think the Default should be set to "DUNNO" here. but it's None. so a system
>argument
> like mine is required.
>
>Am I right?
>Thanks.
No. If you set HELO_pass_restriction, you can override the normal responses.
If it's None (the default) the normally appropriate response will be returned
(e. g. DUNNO). If you haven't set a value for the option, you don't need to
worry about it, it does nothing.
Scott K
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
