postfix-users May 2014 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Using check_policy_service for greylisting wi

Re: Using check_policy_service for greylisting with sqlgrey

From: Alex <mysqlstudent_at_nospam>
Date: Fri May 09 2014 - 01:38:42 GMT
To: Postfix users <>


On Thu, May 8, 2014 at 3:47 PM, Wietse Venema <> wrote:

> Alex:
> > Hi,
> >
> > I'm using postfix-2.10.3 on fedora20 with sqlgrey, distributed across
> three
> > separate servers through mysql. I've configured it using:
> >
> > check_policy_service inet:
> >
> > in However, this doesn't provide fault protection in the same
> way
> > as the example does in the smtpd policy docs describe. The
> The Postfix SMTP server uses the same policy daemon connection
> for multiple queries.
> > issue is that sqlgrey is a daemon, not a binary that is spawned every
> time
> > a call is made.
> The policy daemon (running under the Postfix spawn daemon) is started
> when a Postfix SMTP server connects to its port. The Postfix SMTP
> server will try to use that connection for several queries.
> > is it okay to have the sqlgrey daemon run from in the same
> way?
> The Postfix spawn daemon assumes that its command will read from
> standard input, and that it will write to stadard output and
> standard error. If sqlgrey works that way then it can be run from
> the Postfix spawn daemon. Otherwise you need a different solution.

Okay, I'm seeing that it's possible to configure sqlgrey to listen on a
socket, but I can't get that working either.

I've configured sqlgrey to listen on the private/greylist socket created by
postfix. When configuring to create a socket:

greylist unix - n n - 0 spawn
        user=nobody argv=/usr/bin/perl /usr/sbin/sqlgrey

and adding the check_policy_service to

check_policy_service unix:private/greylist

It responds with:

May 8 21:28:01 mail01 postfix/spawn[19944]: warning: command /usr/bin/perl
exit status 1
May 8 21:28:01 mail01 postfix/smtpd[19940]: warning: premature
end-of-input on private/greylist while reading input attribute name

When I run it manually from the command-line, it reports that it's binded
successfully to the postfix socket.

I'm assuming somehow sqlgrey isn't properly understanding the data format
necessary? Yet it communicates properly when only specified as a inet
service in

If the daemon is inaccessible, mail delivery stops, and users receive a
connection refused message. Is there any way to configure this to avoid the
hard failure, without having to configure the private/greylist service?


> Wietse