[Kolab-devel] [issue1779] SUMMARY kolab server 2.1 private/kolabpolicy: Socket operation or non-socket

soliva at comcept-net.ch soliva at comcept-net.ch
Sun Jul 1 12:40:12 CEST 2007


Hi all 

I think I have found the issue but I'm not 100% sure. Can you please have a
look and say me what you are thinking about what I found out in
troubleshooting postfix:

First of all I found out that the implementation unix: in the "Policy
client/server configuration" in master.cf is not working under Solaris
meaning (Refrence for this is following site
http://www.postfix.org/SMTPD_POLICY_README.html)

The Postfix delegated policy client can connect to a TCP socket or to a
UNIX-domain socket. Examples: 

unix:/some/where/policy
unix:private/policy
inet:127.0.0.1:9998


The below Example covers this what you implemented in kolab2 V2.1.0 final:
**************************************************************************

To create a policy service that listens on a UNIX-domain socket called
"policy", and that runs under control of the Postfix spawn(8) daemon, you
would use something like this: 

 1 /etc/postfix/master.cf:
 2     policy  unix  -       n       n       -       0       spawn
 3       user=nobody argv=/some/where/policy-server
 4 
 5 /etc/postfix/main.cf:
 6     smtpd_recipient_restrictions =
 7         ... 
 8         reject_unauth_destination 
 9         check_policy_service unix:private/policy 
10         ...
11     policy_time_limit = 3600


ATTENTION On the page there is a note:
*********

Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead.
This means:

 1 /etc/postfix/master.cf:
 2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
 3       user=nobody argv=/some/where/policy-server
 4 
 5 /etc/postfix/main.cf:
 6     smtpd_recipient_restrictions =
 7         ... 
 8         reject_unauth_destination 
 9         check_policy_service inet:127.0.0.1:9998
10         ...
11     127.0.0.1:9998_time_limit = 3600


This means I implemented following:

For master.cf:
**************

127.0.0.1:10028  inet    n       n       n       -       0       spawn
user=kolab-n argv=/kolab/etc/kolab/kolab_smtpdpolicy

--> Instead of:

kolabpolicy    unix  -       n       n       -       -       spawn
user=kolab-n argv=/kolab/etc/kolab/kolab_smtpdpolicy


For main.cf
***********

## Kolab Policy Server
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
        reject_unauth_destination, reject_unlisted_recipient,
        check_policy_service inet:127.0.0.1:10028
smtpd_sender_restrictions = permit_mynetworks,
        check_policy_service inet:127.0.0.1:10028
127.0.0.1:10028_time_limit = 3600
127.0.0.1:10028_max_idle = 20

--> Instead of:

## Kolab Policy Server
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
        reject_unauth_destination, reject_unlisted_recipient,
        check_policy_service unix:private/kolabpolicy
smtpd_sender_restrictions = permit_mynetworks,
        check_policy_service unix:private/kolabpolicy
kolabpolicy_time_limit = 3600
kolabpolicy_max_idle = 20


Also a confirmation is that the private/ directory looks on a linux
different as on a Solaris server meaning:

Linux looks like:
*****************

srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 anvil
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 bounce
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 defer
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 error
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 kolabfilter
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 kolabmailboxfilter
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 kolabpolicy
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 lmtp
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 local
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 proxymap
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 relay
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 rewrite
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 scache
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 smtp
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 smtp-amavis
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 tlsmgr
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 trace
srw-rw-rw-   1 kolab kolab    0 Jun 29 05:30 verify

"s" indicates "Sockets". The rights are chmod 666.

Solaris looks like:
******************

prw--w--w-  1 kolab kolab  0 Jun 30 00:18 anvil
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 bounce
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 defer
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 error
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 kolabfilter
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 kolabmailboxfilter
prw--w--w-  1 kolab kolab  0 Jun 29 23:07 kolabpolicy
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 lmtp
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 local
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 proxymap
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 relay
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 rewrite
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 scache
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 smtp
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 smtp-amavis
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 tlsmgr
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 trace
prw--w--w-  1 kolab kolab  0 Jun 30 00:18 verify

"p" indicates "Pipe". The rights are 622.


All tests are now successful! What do you think? Visible......?


There is by the way also something which does not work on Solaris and that
is:

Change in following files the entry "unix" to "inet":

/opt/kolab/etc/kolab/kolabquotawarn
/opt/kolab/etc/kolab/kolab_smtpdpolicy


my $syslog_socktype = 'inet'; # inet, unix, stream, console


Now you can see the message in syslog and bevore you did not see anything.
Any feedback depending both issues are wellcome. 

Many thanks 


Andrea







Bernhard Reiter <bernhard at intevation.de> added the comment:
?
The interaction between kolabsmtppolicy and postfix is completely  
a postfix technology interaction. Look for policy daemon and debugging 
in the postfix documentation. 
You could replace kolabsmtppolicy with some nooperation script 
to prove that it would also fail, thus the purpose of it has no 
effect on the technical problem you are seeing. 
 
Thus I suggest to ask over postfix channels. 
Kolab Server 2.2.0beta1 has a different postfix version, so maybe they  
have fixed something there.
________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://intevation.de/roundup/kolab/issue1779>
________________________________________________




More information about the devel mailing list