>> Its not a matter of policyd intercepting mail, its a matter of Postfix
>> making a policy request to policyd.
>>
>> Could you paste your postfix config again.
> Hello Nigel,
>
> here is the main.cf:
>
> ############# main.cf #####################
> queue_directory = /var/spool/postfix
> command_directory = /usr/sbin
> daemon_directory = /usr/libexec/postfix
> mail_owner = postfix
> myhostname=mathsmtps.labomath.univ-lille1.fr
> inet_interfaces = localhost
> mydestination = $myhostname, localhost.$mydomain, localhost
> unknown_local_recipient_reject_code = 550
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> debug_peer_level = 2
> debugger_command =
> PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
> xxgdb $daemon_directory/$process_name $process_id & sleep 5
> sendmail_path = /usr/sbin/sendmail.postfix
> newaliases_path = /usr/bin/newaliases.postfix
> mailq_path = /usr/bin/mailq.postfix
> setgid_group = postdrop
> html_directory = no
> manpage_directory = /usr/share/man
> sample_directory = /usr/share/doc/postfix-2.3.3/samples
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
> myhostname = nilus.labomath.univ-lille1.fr
> mydomain = math.univ-lille1.fr
> myorigin = $mydomain
> mydestination = $myhostname, $mydomain, localhost.$mydomain
> relayhost = smtp.univ-lille1.fr
> masquerade_domains = $mydomain
> inet_interfaces = $myhostname, localhost
> mynetworks = 127.0.0.0/8, 134.206.80.4/32, 134.206.80.164/32,
> 134.206.80.237/32, 134.206.80.241/32, 134.206.81.110/32,
> 193.49.225.0/24, 134.206.1.0/24
> home_mailbox = Maildir/
> mailbox_command = /usr/bin/procmail
> alias_maps = hash:/etc/postfix/aliases
> alias_database = hash:/etc/postfix/aliases
> canonical_maps = hash:/etc/postfix/canonical
> transport_maps = hash:/etc/postfix/transport
> virtual_maps = hash:/etc/postfix/virtual
> content_filter = smtp-amavis:[127.0.0.1]:10024
> smtpd_recipient_restrictions =
> check_policy_service inet:127.0.0.1:10031,
> reject_sender_login_mismatch,
> reject_unknown_sender_domain,
> check_sender_access hash:/etc/postfix/restricted_senders,
> permit_sasl_authenticated,
> permit_mynetworks,
> check_relay_domains,reject
> smtpd_end_of_data_restrictions =
> check_policy_service inet:127.0.0.1:10031
> smtpd_restriction_classes = local_only
> local_only =
> check_recipient_access hash:/etc/postfix/local_domains, reject
> smtpd_sender_restrictions =
> permit_mynetworks,
> check_sender_access hash:/etc/postfix/sender_access,
> reject_unknown_sender_domain,
> warn_if_reject reject_unverified_sender
> smtpd_tls_loglevel = 2
> ############################################################
>
> and master.cf:
>
> ############### master.cf #############################
> smtp inet n - n - - smtpd
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp
> -o fallback_relay=
> showq unix n - n - - showq
> error unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> old-cyrus unix - n n - - pipe
> flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m
> ${extension} ${user}
> cyrus unix - n n - - pipe
> user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
> ${extension} ${user}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
> $recipient
>
> smtp-amavis unix - - n - 2 smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes
> -o max_use=20
>
> 127.0.0.1:10025 inet n - n - - smtpd
> -o content_filter=
> -o smtpd_delay_reject=no
> -o smtpd_client_restrictions=permit_mynetworks,reject
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o smtpd_data_restrictions=reject_unauth_pipelining
> -o smtpd_end_of_data_restrictions=
> -o smtpd_restriction_classes=
> -o mynetworks=127.0.0.0/8
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
> -o smtpd_client_connection_count_limit=0
> -o smtpd_client_connection_rate_limit=0
> -o
> receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
> -o local_header_rewrite_clients=
>
> submission inet n - n - - smtpd
> -o smtpd_enforce_tls=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o
> smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
> -o broken_sasl_auth_clients=yes
> -o smtpd_sasl_path=smtpd
> -o smtpd_tls_cert_file=/etc/postfix/certs/mycert.pem
> -o smtpd_tls_key_file=/etc/postfix/certs/mykey.key
> -o smtpd_tls_loglevel=2
> -o smtpd_tls_received_header=yes
> -o smtpd_tls_security_level=encrypt
>
> smtps inet n - n - - smtpd
> -o smtpd_enforce_tls=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o
> smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
> -o broken_sasl_auth_clients=yes
> -o smtpd_sasl_path=smtpd
> -o smtpd_tls_cert_file=/etc/postfix/certs/mycert.pem
> -o smtpd_tls_key_file=/etc/postfix/certs/mykey.key
> -o smtpd_tls_loglevel=2
> -o smtpd_tls_received_header=yes
> -o smtpd_tls_security_level=encrypt
>
> 10587 inet n - n - - smtpd
> -o smtpd_enforce_tls=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o
> smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
> -o broken_sasl_auth_clients=yes
> -o smtpd_sasl_path=smtpd
> -o smtpd_tls_cert_file=/etc/postfix/certs/mycert.pem
> -o smtpd_tls_key_file=/etc/postfix/certs/mykey.key
> -o smtpd_tls_loglevel=2
> -o smtpd_tls_received_header=yes
> -o smtpd_tls_security_level=encrypt
>You're overriding alot of those smtpd_recipient_restrictions in master.cf , what port is the mail entering your mailserver on? -N
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
