OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
poicy_service issues

From: Leeman Strout (l.stroutagilixcorp.com)
Date: Mon Feb 07 2005 - 13:45:56 CST

I am attempting to setup greylisting with gld. It works fine if I enter
a simple check_policy_service ... line in my smtpd_recipient_restrictions.

If I try to use a restriction class, it doesn't work and I can't figure
out why.

I add to main.cf:
smtpd_restriction_classes = greylist_policy
greylist_policy = check_policy_service inet:127.0.0.1:2525

and insert into smtpd_recipient_restrictions:
check_recipient_access hash:/etc/postfix/grey_enabled

/etc/postfix/grey_enabled:
some.domain greylist_policy
userother.domain greylist_policy

As I said, placing:
check_policy_service inet:127.0.0.1:2525
instead of:
check_recipient_access hash:/etc/postfix/grey_enabled

in the same location within smtpd_recipient_restrictions works, I just
don't want gld active for all domains.

So what am I missing?

Thanks,
Leeman

alias_database = hash:/etc/postfix/aliases/assorted hash:/etc/postfix/aliases/dotNOdot hash:/etc/postfix/aliases/-place-AT hash:/etc/postfix/aliases/-place-_researchAT hash:/etc/postfix/aliases/engineeringAT hash:/etc/postfix/aliases/genomicsAT hash:/etc/postfix/aliases/-somewhere-AT hash:/etc/postfix/aliases/-somewhere2-AT hash:/etc/postfix/aliases/programs
alias_maps = hash:/etc/postfix/aliases/assorted hash:/etc/postfix/aliases/dotNOdot hash:/etc/postfix/aliases/-place-AT hash:/etc/postfix/aliases/-place-_researchAT hash:/etc/postfix/aliases/engineeringAT hash:/etc/postfix/aliases/genomicsAT hash:/etc/postfix/aliases/-somewhere-AT hash:/etc/postfix/aliases/-somewhere2-AT hash:/etc/postfix/aliases/programs
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
default_privs = admin
mailbox_command = /usr/local/bin/dspam --mode=teft --deliver=innocent,spam --feature=chained,noise,whitelist --user "$USER""$DOMAIN" -t DEFAULT=/mail/"$DOMAIN"/"$USER"/Maildir/ HOME=/mail/"$DOMAIN"/"$USER" PEEP="$USER" DOM="$DOMAIN"
mailbox_size_limit = 0
max_use = 15
message_size_limit = 20971520
mydestination = $myhostname localhost.$mydomain $mydomain nhct.$mydomain
myhostname = mail.-place-corp.com
mynetworks = 127.0.0.0/8, 10.4.2.0/24, 10.5.2.0/24
myorigin = /etc/mailname
notify_classes = bounce, policy, resource, software
proxy_interfaces = 68.164.32.246 12.111.58.17
recipient_delimiter = +
relay_recipient_maps = hash:/etc/postfix/AD_recipients
relayhost =
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated hash:/etc/postfix/access
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/invalid_recip permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unlisted_recipient check_recipient_access hash:/etc/postfix/access check_recipient_access hash:/etc/postfix/grey_enabled check_sender_access hash:/etc/postfix/deny_my_domain
smtpd_restriction_classes = greylist_policy
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/priv-ca.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/mail.key.crt
smtpd_tls_key_file = /etc/postfix/ssl/mail.key.crt
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/random
virtual_alias_maps = hash:/etc/postfix/virtual-alias/-place2-.com
virtual_mailbox_domains = hash:/etc/postfix/virtual-domains
virtual_mailbox_maps = hash:/etc/postfix/virtual-users/-place2-.com
virtual_transport = dspam