postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Postfix seems to ignore check_policy_service

Re: Postfix seems to ignore check_policy_service

From: mouss <mouss_at_nospam>
Date: Tue Oct 05 2010 - 21:44:43 GMT

  Le 05/10/2010 23:05, John Swift a écrit :
> Hello,
> We have a Postfix instance that we're attempting to use a mail filter on (specifically policyd). We've used the instructions in the mail filter and added this in our
> smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_policy_service inet:
> We have verified that Postfix is reading this line as expected but it doesn't seem like it is calling the service on port 10031. We have verified that the service is running as expected, but all mail doesn't seem to be going through this filter. In fact, if we run Netcat and have it listen on port 10031, we never get a connection to this port. Ever.
> We have verified that modifying the other arguments in the line does make a difference. The check_policy_service inet: just doesn't seem to do anything. Incoming mail just sails right through without trying what is on port 10031.
> We've tried various troubleshooting options but we can't seem to get Postfix to call the service on this port. Looking through Google we have verified on the setup pages for other services that we have set this up correctly. This Postfix instance is on a CentOS box with iptables/SELinux disabled.
> Troubleshooting tips? Anyone else run into this problem before?

if you send mail from mynetworks, then permit_mynetworks give it a pass
and what follows in your restrictions is irrelevant.

if you really send mail from outside and it doesn't go to the policy
server, then disable selinux/apparmor/...

mouss Gulliver:) [sorry, couldn't resist it!]