DevHeads.net

451 4.3.5 Server configuration problem

Hi
I have a server (server.domain) with policy service configure (see
postconf output). The problem comes when the policy server
(server_policy.domain:9997 ) goes down, I get this error:
May 21 16:43:16 server postfix/smtpd[23075]: connect from
localhost.domain[127.0.0.1]
May 21 16:43:16 server postfix/smtpd[23075]: warning: connect to
server_policy.domain:9997: Connection refused
May 21 16:43:16 server postfix/smtpd[23075]: warning: problem talking
to server server_policy.domain:9997: Connection refused
May 21 16:43:17 server postfix/smtpd[23075]: warning: connect to
server_policy.domain:9997: Connection refused
May 21 16:43:17 server postfix/smtpd[23075]: warning: problem talking
to server server_policy.domain:9997: Connection refused
May 21 16:43:17 server postfix/smtpd[23075]: NOQUEUE: reject: RCPT
from localhost.domain[127.0.0.1]: 451 4.3.5 Server configuration
problem; from=<monit@xxxxx> to=<yyy@xxxxxxxx> proto=SMTP
helo=<server.domain>

How can I ignore the policy server if it's down? Any suggest to my
server config?

thanks
Israel.

(server.domain) postconf output:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = server.domain, localhost.domain, , localhost
myhostname = server.domain
mynetworks = 127.0.0.0/8 xx.xx.xx.x/xx
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = [lbsmtp]
smtp_host_lookup = dns,native
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = check_policy_service
inet:server_policy.domain:9997 permit_mynetworks,
reject_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

Comments

Re: 451 4.3.5 Server configuration problem

By Noel Jones at 05/21/2010 - 16:55

There is no config directive to ignore a broken policy server.

Use a system monitor utility to restart your policy service,
or use a more reliable policy service.

-- Noel Jones

Re: 451 4.3.5 Server configuration problem

By Israel Garcia at 05/21/2010 - 17:01

Hi Noel,

What about avoid the NOQUEUE error on the smtp server when policy
service is down? I mean, queue all mail until the policy server is UP
again. Is it possible?

thanks
Israel.

RE: 451 4.3.5 Server configuration problem

By Gary Smith at 05/21/2010 - 17:10

That defeats the use of the policy server. The purpose of the policy server is to help determine if it should be queued or rejected. If we queue it, then it's hard to reject it at that point. I guess you could, but you would end up with backscatter from spammers.

In the end, postfix is doing what is should. It is saying, hey, I can't accept this message right now, try again later.

Re: 451 4.3.5 Server configuration problem

By Israel Garcia at 05/21/2010 - 17:37

Got it!

thanks

Israel.

Re: 451 4.3.5 Server configuration problem

By Noel Jones at 05/21/2010 - 17:09

The mail is queued on the remote client and will be retried later.

Your server can't queue the mail because the policy server
must be consulted before the mail is queued.

-- Noel Jones