A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Amira Othman wrote: >I am conntecting through outlook from a network not listed in mynetworks. >But I don't understand you !! should I add this network to mynetwors in >order to apply policy ? or I miss understand ? No, do not add this network to mynetworks. I don't think you understood what I wrote. Postfix applies the checks in the order listed, so as you have your settings, the checks go like this : permit_mynetworks Is the client in one of the listed networks ? If so, then accept the message and skip the rest of the checks. Else continue to the next check. permit_sasl_authenticated Did the client authenticate ? (you haven't mentioned if it does or not) If so, then accept the message and skip the rest of the checks. Else continue to the next check. reject_unauth_destination Is the recipient in a domain we handle (relay or final destination) ? If not then reject the message and skip rest of checks. Else continue to the next check. check_policy_service inet:127.0.0.1:10031 Consult the policy server and see what it says. It may say Accept or Reject, in which case accept or reject the message and skip the rest of the checks. Or it can say "dunno" in which case continue to next check. Finally, if none of the previous checks have explicitly accepted or rejected the message, then accept it. So if the client was in a network listed in mynetworks (which you've said it isn't), or the client authenticates with SASL, then Postfix will never get as far as querying the policy server - so you'll never see any logs from Policyd. Order of the checks is important, so if (for example) you want policies applied to SASL authenticated clients then you *MUST* put the policy server check before permit_sasl_authenticated. I strongly recommend you turn on debugging as I described : >Finally, when debugging, I've found that the Postfix debugging >options are really useful. >Adding : >debug_peer_level = 2 >debug_peer_list = w.x.y.z >to main.cf (obviously putting an appropriate address in) means that a >lot of debugging information is written to the mail log - and you can >see what steps Postfix is taking. Do this just for the IP address of your client. The logs are "quite verbose", but if you follow them carefully then you should be able to figure out exactly what Postfix is doing - and what decisions it is taking. Also, I generally test using telnet. You can type individual steps in by hand and watch in the logs to see what's happening. It's also easier for testing your settings as you can vary the input (for example, variations on the HELO string for testing HELO restrictions) and see what happens.) Here is a sample transcript from such a session : >$ telnet localhost 25 >Trying 127.0.0.1... >Connected to localhost. >Escape character is '^]'. >220 patsy.thehobsons.co.uk ESMTP Postfix (Debian/GNU) >ehlo linux.thehobsons.co.uk >250-patsy.thehobsons.co.uk >250-PIPELINING >250-SIZE 26214400 >250-ETRN >250-ENHANCEDSTATUSCODES >250-8BITMIME >250 DSN >mail from: [email protected] >250 2.1.0 Ok >rcpt to: [email protected] >250 2.1.5 Ok >data >354 End data with <CR><LF>.<CR><LF> >From: Simon Hobson <[email protected]> >TO: Simon Hobson <[email protected]> >Subject: Test message >This is a test message >. >250 2.0.0 Ok: queued as 4CC1729EDE >quit >221 2.0.0 Bye >Connection closed by foreign host. The bits typed in are : >$ telnet localhost 25 >ehlo linux.thehobsons.co.uk >mail from: [email protected] >rcpt to: [email protected] >data >From: Simon Hobson <[email protected]> >TO: Simon Hobson <[email protected]> >Subject: Test message >This is a test message >. >quit the rest is the response. Everything between "data" and "." is freeform - so you don't *need* to put in the headers. As an aside, if you experiment a bit here, you can see how the "From" and "To" headers you see in a mail are completely unrelated to the sender and recipient addresses used for routing mail. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
