On Tue, Aug 26, 2014 at 8:21 PM, Wietse Venema <wie...@porcupine.org> wrote:
> Ian Evans: > > Aug 26 08:34:05 carson postfix/smtpd[16374]: warning: problem talking to > server private/policy-spf: Connection timed out > > This Postfix SMTP server time limit is specified with the > smtpd_policy_service_timeout parameter (default: 100s). > > Your SPF script should reply in 10 seconds at most. It should not > wait indefinitely for a DNS reply. > > Once the Postfix SMTP server gives up, it closes the connection to > the policy daemon. Then the Python script has an error while sending > the (too late) result. > > > Aug 26 08:34:58 carson policyd-spf[16383]: Traceback (most recent call > > last): > > Aug 26 08:34:58 carson policyd-spf[16383]: File "/usr/bin/policyd-spf", > > line 690, in <module> > > Aug 26 08:34:58 carson policyd-spf[16383]: sys.stdout.flush() > > Aug 26 08:34:58 carson policyd-spf[16383]: BrokenPipeError: [Errno 32] > > Broken pipe > > Aug 26 08:34:58 carson postfix/spawn[16382]: warning: command > > /usr/bin/policyd-spf exit status 1 > > > > So if emails get checked for spf, why would the vast majority get through > > and others cause this? > > First. the script should limit the time for DNS lookups. > > Second, the script should not die after BrokenPipeError exceptions. > > try: sys.stdout.flush() > except BrokenPipeError: pass > > > Again, since I'm tired, I just want to be sure I understand...are you suggesting I edit /usr/bin/policyd-spf and add that? If so, isn't that a pretty standard add-on and if so, wouldn't a lot of others be seeing this? I just want to make sure this is actually the issue since some of the emails rejected are from business contacts. Thanks so much for your help.
