Author Topic: policyd-spf skip_addresses not IP network  (Read 26879 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
policyd-spf skip_addresses not IP network
« on: May 29, 2017, 01:16:07 AM »
Quote
May 28 18:52:53 server policyd-spf[12368]: ERROR: 127.0.0.0/8 in skip_addresses not IP network.  Message: '65.54.190.90' does not appear to be an IPv4 or IPv6 address. Did you pass in a bytes (str in Python 2) instead of a unicode object?. Aborting whitelist processing.

Fix...

Quote
yum install -y python34
sed -i "s|/usr/bin/python|/usr/bin/python3|" /etc/postfix/master.cf
/bin/systemctl restart postfix


Bye
« Last Edit: May 29, 2017, 01:18:56 AM by thefantas »

Offline
*
Re: policyd-spf skip_addresses not IP network
« Reply #1 on: June 12, 2017, 01:09:05 PM »
When I follow this I get an error as follows

Code: [Select]
Traceback (most recent call last):
  File "/usr/libexec/postfix/policyd-spf", line 35, in <module>
    import spf
ImportError: No module named 'spf'

(As a work around until I get this fixed in master.cf I use: user=nobody argv=/usr/bin/python /usr/libexec/postfix/policyd-spf
instead of: user=nobody argv=/usr/bin/python3 /usr/libexec/postfix/policyd-spf

Also I have to disable the ipaddress modules in python. While this causes other problems the server can at least receive mails)


Offline
*
Re: policyd-spf skip_addresses not IP network
« Reply #2 on: June 16, 2017, 11:10:43 PM »
Solved this by:

1) installing pip for python 3 following this: https://stackoverflow.com/questions/32618686/how-to-install-pip-in-centos-7

2) then seeing what modules were missing by invoking the script from ssh with
Code: [Select]
sudo -u nobody /usr/bin/python3.4 /usr/libexec/postfix/policyd-spf     I added the following:
2a) module spf with
Code: [Select]
pip3 install pyspf2b) module dns with
Code: [Select]
pip3 install py3dns2c) module policydspfsupp with
Code: [Select]
pip3 install pypolicyd-spf
3) then changed back to python3 (as per the original solution above) in /etc/postfix/master.cf
Code: [Select]
user=nobody argv=/usr/bin/python3 /usr/libexec/postfix/policyd-spf
4) restarted postfix

Offline
*
Re: policyd-spf skip_addresses not IP network
« Reply #3 on: October 30, 2017, 04:26:03 PM »
Solved this by:

1) installing pip for python 3 following this: https://stackoverflow.com/questions/32618686/how-to-install-pip-in-centos-7

2) then seeing what modules were missing by invoking the script from ssh with
Code: [Select]
sudo -u nobody /usr/bin/python3.4 /usr/libexec/postfix/policyd-spf     I added the following:
2a) module spf with
Code: [Select]
pip3 install pyspf2b) module dns with
Code: [Select]
pip3 install py3dns2c) module policydspfsupp with
Code: [Select]
pip3 install pypolicyd-spf
3) then changed back to python3 (as per the original solution above) in /etc/postfix/master.cf
Code: [Select]
user=nobody argv=/usr/bin/python3 /usr/libexec/postfix/policyd-spf
4) restarted postfix

thx!!! works perfect.

Offline
***
Re: policyd-spf skip_addresses not IP network
« Reply #4 on: October 30, 2017, 06:59:25 PM »
Will it be included in official CWP ??

Offline
*
Re: policyd-spf skip_addresses not IP network
« Reply #5 on: October 31, 2017, 01:24:54 PM »
this is related with centos 7.4 only for now, you can also disable spf check by removing check_policy_service unix:private/spfpolicy from line smtpd_recipient_restrictions = in file /etc/postfix/main.cf

this will disable spf check and you could get more spam.
CWP default mail server rebuild has that already as temporary fix and soon there should release a new cwp mail server with additional options.
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
***
Re: policyd-spf skip_addresses not IP network
« Reply #6 on: November 03, 2017, 09:05:00 AM »
But Can I apply this fix or it will conflict with feauters cwp ??
How CWP plan to fix this issue ?

Offline
*
Re: policyd-spf skip_addresses not IP network
« Reply #7 on: November 05, 2017, 09:51:22 AM »
Any ETA for a permanent fix for this issue?

Quite annoying not being able to use SPF/DKIM and implementing a temporary fix that might give trouble ahead, does not seem to be a good choice....