Re: policyd-spf tip
On December 25, 2017 10:25:42 PM EST, "li...@lazygranch.com"wrote: >I figured I would middle post, so skip down a bit. > >On Mon, 25 Dec 2017 11:56:02 -0800 >Gao wrote: > >> I quickly checked my policyd-spf setting after read your email. I >> noticed that the policyd-spf in my system is not running as a >service. >> >> I guess you are using debian. I am using CentOS7 and I installed >> pypolicyd-spf from EPEL. So is there a big advantage to running it as >> a daemon service? How do I enable it as a service? Obviously yum >> install doesn't take care of the service setup. >> >> Gao > >I'm on Centos 7. This is my uname -a. >Linux servername 3.10.0-693.11.1.el7.x86_64 #1 SMP Mon Dec 4 23:52:40 >UTC 2017 x86_64 x86_64 x86_64 GNU/Linux > >Looking at ps aux, policyd-spf is not running. In the strict sense, >that means it is not a daemon. >https://en.wikipedia.org/wiki/Daemon_(computing) >However all references to policyd and policyd-spf are as daemons. > >I'm new to Centos. I run opensuse on my desktop and had presently have >my VPS server on FreeBSD. Due to update issues, I decided to abandon >FreeBSD for Centos, since I'm more familiar with Linux than BSD these >days. Despite the name, it's not a daemon. When I started the project, I anticipated that in it's future, but later decided staying with using spawn was a good idea. I also decided renaming wasn't worth the trouble. Scott K
Re: policyd-spf tip
I figured I would middle post, so skip down a bit. On Mon, 25 Dec 2017 11:56:02 -0800 Gaowrote: > I quickly checked my policyd-spf setting after read your email. I > noticed that the policyd-spf in my system is not running as a service. > > I guess you are using debian. I am using CentOS7 and I installed > pypolicyd-spf from EPEL. So is there a big advantage to running it as > a daemon service? How do I enable it as a service? Obviously yum > install doesn't take care of the service setup. > > Gao I'm on Centos 7. This is my uname -a. Linux servername 3.10.0-693.11.1.el7.x86_64 #1 SMP Mon Dec 4 23:52:40 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux Looking at ps aux, policyd-spf is not running. In the strict sense, that means it is not a daemon. https://en.wikipedia.org/wiki/Daemon_(computing) However all references to policyd and policyd-spf are as daemons. I'm new to Centos. I run opensuse on my desktop and had presently have my VPS server on FreeBSD. Due to update issues, I decided to abandon FreeBSD for Centos, since I'm more familiar with Linux than BSD these days. > > On 2017-12-24 22:02, li...@lazygranch.com wrote: > > There are many "problem solving pages" on the interwebs that have > > wrong information on setting up policyd-spf. The key to make sure > > you use consistent names in both main.cf and master.cf. Yeah, I > > know, I'm preaching to the choir, but hopefully the next person > > with a set up problem finds this message in a search. > > > > In master.cf: > > policyunix - n n - 0 spawn > > user=nobody argv=/usr/libexec/postfix/policyd-spf > > /etc/policyd-spf/policyd-spf.conf > > > > Note you need to make sure the conf file location is correct. > > > > In main.cf: > > smtpd_recipient_restrictions = > > permit_sasl_authenticated, > > permit_mynetworks, > > reject_unauth_destination, > > reject_rbl_client zen.spamhaus.org, > > check_policy_service unix:private/policy, > > permit > > > > policy_time_limit = 3600 > > > > The word "policy" needs to be consistent in all three locations. For > > example, this would be wrong: > > check_policy_service unix:private/policyd-spf, > > > > Also wrong would be: > > policyd_time_limit = 3600 > > > > > > In postfix, systemctl status postfix should indicate the policyd-spf > > daemon was started: > > > > ● postfix.service - Postfix Mail Transport > > Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; > > enabled; vendor preset: disabled) Active: active (running) since > > Mon 2017-12-25 05:28:11 UTC; 16s ago Process: 7661 > > ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS) > > Process: 7681 ExecStart=/usr/sbin/postfix start (code=exited, > > status=0/SUCCESS) Process: 7679 > > ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, > > status=0/SUCCESS) Process: 7677 > > ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, > > status=0/SUCCESS) Main PID: 7755 (master) > > CGroup: /system.slice/postfix.service > > ├─7755 /usr/libexec/postfix/master -w ├─7756 pickup -l -t unix -u > > ├─7757 qmgr -l -t unix -u ├─7758 smtpd -n smtp -t inet -u -o > > stress= ├─7759 proxymap -t unix -u ├─7760 tlsmgr -l -t unix -u > >├─7761 anvil -l -t unix -u > >├─7763 trivial-rewrite -n rewrite -t unix -u > >├─7764 spawn -z -n policy -t unix user=nobody > > argv=/usr/libexec/postfix/policyd-spf /etc/policyd-spf/policyd-spf.conf > > ├─7765 /usr/bin/python /usr/libexec/postfix/policyd-spf > > /etc/policyd-spf/policyd-spf.conf > > ├─7766 cleanup -z -t unix -u └─7767 virtual -t unix > > - > > > > And proof it is working from an email header: > > Received-SPF: Pass (sender SPF authorized) identity=mailfrom; > > client-ip=66.163.187.148; > > helo=sonic316-22.consmr.mail.ne1.yahoo.com; > > envelope-from=m...@yahoo.com; receiver=m...@mydomain.com
Re: policyd-spf tip
I quickly checked my policyd-spf setting after read your email. I noticed that the policyd-spf in my system is not running as a service. I guess you are using debian. I am using CentOS7 and I installed pypolicyd-spf from EPEL. So is there a big advantage to running it as a daemon service? How do I enable it as a service? Obviously yum install doesn't take care of the service setup. Gao On 2017-12-24 22:02, li...@lazygranch.com wrote: There are many "problem solving pages" on the interwebs that have wrong information on setting up policyd-spf. The key to make sure you use consistent names in both main.cf and master.cf. Yeah, I know, I'm preaching to the choir, but hopefully the next person with a set up problem finds this message in a search. In master.cf: policyunix - n n - 0 spawn user=nobody argv=/usr/libexec/postfix/policyd-spf /etc/policyd-spf/policyd-spf.conf Note you need to make sure the conf file location is correct. In main.cf: smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_policy_service unix:private/policy, permit policy_time_limit = 3600 The word "policy" needs to be consistent in all three locations. For example, this would be wrong: check_policy_service unix:private/policyd-spf, Also wrong would be: policyd_time_limit = 3600 In postfix, systemctl status postfix should indicate the policyd-spf daemon was started: ● postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2017-12-25 05:28:11 UTC; 16s ago Process: 7661 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS) Process: 7681 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS) Process: 7679 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS) Process: 7677 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS) Main PID: 7755 (master) CGroup: /system.slice/postfix.service ├─7755 /usr/libexec/postfix/master -w ├─7756 pickup -l -t unix -u ├─7757 qmgr -l -t unix -u ├─7758 smtpd -n smtp -t inet -u -o stress= ├─7759 proxymap -t unix -u ├─7760 tlsmgr -l -t unix -u ├─7761 anvil -l -t unix -u ├─7763 trivial-rewrite -n rewrite -t unix -u ├─7764 spawn -z -n policy -t unix user=nobody argv=/usr/libexec/postfix/policyd-spf /etc/policyd-spf/policyd-spf.conf ├─7765 /usr/bin/python /usr/libexec/postfix/policyd-spf /etc/policyd-spf/policyd-spf.conf ├─7766 cleanup -z -t unix -u └─7767 virtual -t unix - And proof it is working from an email header: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.163.187.148; helo=sonic316-22.consmr.mail.ne1.yahoo.com; envelope-from=m...@yahoo.com; receiver=m...@mydomain.com