postfix-policyd startet unter lucid nicht?

monotek
Posts: 64
Joined: 2003-08-26 23:23
Location: Dresden

postfix-policyd startet unter lucid nicht?

Post by monotek »

Wenn ich in Ubuntu Lucid (10.04) versuche den Dienst mit "/etc/init.d/postfix-policyd start" zu straten, bekomme ich folgende Fehlermeldung im Syslog:

Code: Select all

Sep  3 19:07:53 server postfix-policyd: fatal: didn't find priority 'LOG_IFOO', exiting


Hab mit Google nicht wirklich was finden können.

Im Policyd Quellcode scheint der Fehler wohl was mit Syslog zu tun zu haben.

Finde in der Config aber leider nichts passendes.

Anbei noch die postfix-policyd.conf:

Code: Select all

######################################################################
#                    POLICY DAEMON CONFIGURATION                     #
######################################################################
#                          DATABASE CONFIG                           #
######################################################################
#
# ip address or hostname to connect to:
#
#   if you want to connect to a host/ip, enter it here.
#   if you want to via a unix socket, set MYSQLHOST=""
#
MYSQLHOST="localhost"

#
# database name:
#
#   name of database to connect to
#
MYSQLDBASE="postfixpolicyd"

#
# database username:
#
#   username to connect to database as
#
MYSQLUSER="postfix-policyd"

#
# database password:
#
#   password to for username
#
MYSQLPASS="geheim"

#
# connection options:
#
#   what client side connections policyd will use>
#
#     CLIENT_COMPRESS -> compress connection from policyd -> mysql
#     CLIENT_SSL      ->  encrypt connection from policyd -> mysql
#
MYSQLOPT=""

#
# failsafe/failover mode:                             default: on
#
#   if the database or queries fail, continue accepting mail
#   
#                                                     1=on  0=off
FAILSAFE=1

#
# database keep alive:                                default: off
#
#   if you recieve very little mail, your connection to  the
#   mysql database will time out. enabling this option pings
#   the database to ensure the database connection is alive.
#   if it is not, it reconnects to the database. this option
#   is not needed on mail servers that recieve more than one
#   mail every 60 to 120 seconds. disabling this increases
#   performance a little.
#   
#                                                     1=on  0=off
DATABASE_KEEPALIVE=0





######################################################################
#                           DAEMON  CONFIG                           #
######################################################################
#
# debugging information:                              default: 3
#
#   only use debugging when there are problems
#
#   0 -> off (recommended)
#   1 -> standard debugging
#   2 -> 1+mysql queries+results
#   3 -> 1+2+network debugging
#                                                           0=off
DEBUG=0

#
# daemon/background mode:                             default: off
#
#   detach policyd from terminal. enable when you're happy
#   that things are working as they should.
#
#                                                     1=on  0=off
DAEMON=1

#
# bind to ip address:
#
#   ip address which the policy daemon will listen on
#
BINDHOST=127.0.0.1

#
# port to bind to:
#
#   port which the policy daemon will listen on
#
BINDPORT=10031

#
# path to pidfile:
#
#   where policyd will write its current pid to
#
PIDFILE=/var/run/policyd.pid

#
# syslog facility
#
#   what syslog facility to log to
#
SYSLOG_FACILITY="LOG_MAIL | LOG_INFO"




######################################################################
#                              SECURITY                              #
######################################################################
#
# chroot:
#
#   directory to change to before binding
#
CHROOT=/

#
# uid:
#
#   userid for the policy daemon to run as
#
UID=0

#
# gid:
#
#   groupid for the policy daemon to run as
#   
GID=0

#
# connection acl:
#
#   this is the list of ip addresses or networks (cidr format) that
#   will be allowed to connect to policyd. leaving this blank causes
#   policyd to reject all connection attempts.
#
CONN_ACL="127.0.0.1"


#####################################################################
#                            WHITELISTING              (functional) #
#####################################################################
#
# whitelisting:                                       default: on
#
#   this enables whitelisting of ip/netblocks. this is needed
#   if you want to allow any of the whitelisting features.
#
#                                                     1=on  0=off
WHITELISTING=1

#
# whitelist null sender:                              default: off
#
#   null senders are normally used for bounce messages. many
#   viruses use null senders so its wise to leave this disabled.
#
#                                                     1=on  0=off
WHITELISTNULL=0

#
# whitelist sender address/domain
#
#   this allows you to do whitelisting based on envelope sender
#   address or envelope sender domain. a number of people have
#   been asking for this. please AVOID using this as spammers
#   forge senders and domains a lot.
#
#                                                     1=on  0=off
WHITELISTSENDER=0

#
# whitelist client dns name
#
#   this allows you whitelist clients that have proper resolving
#   records. for example, i could whitelist 'bulk.scd.yahoo.com'.
#   so any connections from n6a.bulk.scd.yahoo.com or
#   n6b.bulk.scd.yahoo.com would be whitelisted. this type of
#   whitelisting gives far greater power when it comes to
#   whitelisting ISPs or big companies which you know do not
#   house spammers. please note. this table must NOT have more
#   than 10 000 -> 15 000 entries.
#
#                                                     1=on  0=off
WHITELISTDNSNAME=0

#
# automatic whitelisting                              default: off
#
#   this allows whitelisting of remote networks who have sent
#   more than AUTO_WHITELIST_NUMBER of authenticated triplets.
#
#                                                     1=on  0=off
AUTO_WHITE_LISTING=0

#
# auto whitelist number:                              default: 500
#
#   how many succesfull triplets does it require before a
#   network is automatically whitelisted
#
AUTO_WHITELIST_NUMBER=500

#
# whitelist netblock/24:                              default: 0
#
#   when hosts get autowhitelisted, should the host be whitelisted
#   or should the entire netblock (class C).
#
#                                                     1=class 0=host
AUTO_WHITELIST_NETBLOCK=0

#
# whitelist expiry                                    default: 7 days
#
#   this allows you to specify for what period of time any
#   host will be whitelisted for when auto whitelisted.
#   a setting of 0 sets a permanent whitelist
#
AUTO_WHITELIST_EXPIRE=7d





#####################################################################
#                            BLACKLISTING              (functional) #
#####################################################################
#
# blacklisting:                                       default: off
#
#   this enables blacklisting of ip/netblocks. this is needed
#   if you want to allow any of the blacklisting features and
#   the spamtrapping module. if blacklisting is disabled,
#   the other modules still run and insert blacklisting records
#   into the table, but it doesn't take effect untill you
#   actually turn blacklisting on. this allows people to look
#   and what hosts get blacklisted and see if any possible
#   problems occured. (false-positive)
#
#                                                     1=on  0=off
BLACKLISTING=0

#
# blacklist client dns name:
#
#   this allows you blacklist clients that have proper resolving
#   records. for example, i could blacklist 'spamtargeting.com'.
#   so any connections from mail1.spamtargeting.com or
#   mail2.spamtargeting.com would be blacklisted. this type of
#   blacklisting gives far greater power when it comes to
#   blacklisting ISPs or big companies which you know do
#   house spammers, or e.g. ADSL home users when their ISPs
#   give an easily identifiable reverse DNS to them like
#   adsl-*.revip.thisisp.com. please note. this table must
#   NOT have more than 10 000 -> 15 000 entries.
#                                                     1=on  0=off
BLACKLISTDNSNAME=0

#
# blacklist temp rejection:                           default: 4xx
#
#   this allows you to either temp reject (4xx) blacklisted
#   hosts or if you're sure that blacklisted hosts are safe
#   to reject, you can hard reject (5xx) blacklisted hosts.
#
#                                                     1=4xx  0=5xx
BLACKLIST_TEMP_REJECT=1

#
# blacklist netblock/24:                              default: host
#
#   when hosts get blacklisted, should the host be blacklisted
#   or should the entire netblock (class C). this applies to
#   both when a host gets blacklisted via the spamtrap module
#   or via the blacklist helo module.
#
#                                                     1=class 0=host
BLACKLIST_NETBLOCK=0

#
# blacklist rejection                                 default: "Abuse. Go Away"
#
#   what error message blacklisted hosts will recieve.
#
BLACKLIST_REJECTION="Abuse. Go away."

#
# automatic blacklisting                              default: off
#
#   this allows blacklisting of remote networks who have sent
#   more than AUTO_BLACKLIST_NUMBER of unauthenticated triplets.
#
#                                                     1=on  0=off
AUTO_BLACK_LISTING=0

#
# auto blacklist number:                              default: 500
#
#   how many succesfull untriplets does it require before a
#   network is automatically blacklisted
#
AUTO_BLACKLIST_NUMBER=500

#
# blacklist expiry                                    default: 7 days
#
#   this allows you to specify for what period of time any
#   host will be blacklisted for when auto blacklisted.
#   a setting of 0 sets a permanent blacklist
#
AUTO_BLACKLIST_EXPIRE=7d





#####################################################################
#                        BLACKLISTING HELO             (functional) #
#####################################################################
#
# blacklisting helo:                                  default: off
#
#   this enables blacklisting of ip/netblocks who attempt to
#   identify themselve as you. no legit MTA should be using
#   your helo identity when connecting to your machines.
#
#                                                     1=on  0=off
BLACKLIST_HELO=0

#
# blacklist helo auto expire:                         default: permanent
#
#   this allows you to specify for what period of time any
#   host will be blacklisted for when it has been caught
#   using your HELO to identify itself. (a setting of 0
#   sets a permanent blacklist)
#
BLACKLIST_HELO_AUTO_EXPIRE=0



#####################################################################
#                        BLACKLIST SENDER              (functional) #
#####################################################################
#
# blacklist sender:                                   default: off
#
#   this allows you to use policyd to block domains and/or   
#   email addresses.
#                                                     1=on  0=off
BLACKLISTSENDER=0



#####################################################################
#                             HELO_CHECK               (functional) #
#####################################################################
#
# helo unique checking                                default: off
#
#   (legit) hosts that connect to your mail servers 99% of
#   the time use static HELO information. spammers randomize
#   their helo. enabling this will cut down the amount of
#   spam entering your network.
#                                                     1=on  0=off
HELO_CHECK=0

#
# helo max number count:
#
#   this allows you to specify how many unique/different
#   helo names a connecting host/ip is allowed to send.
#   spammers randomize their helo information in big
#   numbers. legit MTAs with floating ips also do this,
#   but the number of them is fairly small.
#
#
HELO_MAX_COUNT=10

#
# helo blacklist auto expire:
#
#   this allows you to specify for what period of time any
#   host will be blacklisted for when it has been caught
#   randomizing their helo information. (a setting of 0
#   sets a permanent blacklist)
#
HELO_BLACKLIST_AUTO_EXPIRE=14d

#
# helo auto expire:
#
#   this allows you to specify for what period of time any
#   HELO identity will remain in the database for before it
#   gets expired. (a setting of 0 ensures that all HELO
#   information stays stored and is never expired).
#
HELO_AUTO_EXPIRE=7d





#####################################################################
#                             SPAMTRAP                 (functional) #
#####################################################################
#
# enable spamtrap                                     default: off
#
#   the idea of this module is to allow you to capture
#   hosts that mail to your spamtraps without having to
#   resort to parsing the mails to identify senders. you
#   now have the ability to blacklist the host/netblock
#   for a period of time (definable in SPAMTRAP_AUTO_EXPIRE).
#
#                                                     1=on  0=off
SPAMTRAPPING=0

#
# spamtrap rejection:                                 default: "Abuse. Go Away."
#
#   what error message the connecting host will recieve
#   when a message is directly sent to your spamtraps
#
SPAMTRAP_REJECTION="Abuse. Go away."

#
# spamtrap auto expire:                               default: 7 days
#
#   this allows you to specify for what period of time any
#   host will be blacklisted for when it has been caught
#   mailing to your spamtrap addresses. (a setting of 0
#   sets a permanent blacklist)
#
SPAMTRAP_AUTO_EXPIRE=7d





#####################################################################
#                            GREYLISTING               (functional) #
#####################################################################
#
# enable greylisting                                  default: on
#
#   whether greylisting should be enabled or disabled.
#
#                                                     1=on  0=off
GREYLISTING=1

#
# greylist rejection:                                 default: "Please try later"
#
#   what error message the connecting host will recieve
#   when a new triplet has been created.
#
GREYLIST_REJECTION="Please try later."

#
# greylist x-header:                                  default: off
#
#   you now have the functionality of tagging all mail
#   that has passed greylisting.
#
#                                                     1=on  0=off
GREYLIST_X_HEADER=0

#
# greylist host address:                              default: off
#
#   by default policyd will only use 3 octets when dealing
#   with greylisting information. this allows policyd to
#   work around roaming MTAs which are known to move mail
#   between different queues after a 450/temp rejection.
#   
#   some dont want this functionality and wish to be more
#   aggressive when receiving mail. example of the format
#   of the ips stored:
#
#   1=192
#   2=192.168
#   3=192.168.0            <- default/recommended
#   4=192.168.0.1
#
GREYLIST_HOSTADDR=3

#
# train database:                                     default: off
#
#   this is very usefull for people would want to build
#   up a collection of triplets before they start rejecting
#   mail. training mode allows the collection of triplets
#   to mature to a stage that when greylisting is actually
#   enabled, they impact caused is far far less.
#
#                                                     1=on  0=off
TRAINING_MODE=0

#
# training policy duration/timeout                    default: 0d
#
#   when you have run TRAINING_MODE for your all your domains
#   and are running greylisting across the board, adding new
#   domains and subjecting them to greylisting without a
#   training period can bring unnessasary hassles. this feature
#   allows you to specify for how long 'new domains' are to be
#   trained for before being subjected to greylisting.
#
#   a value of 0 disables this feature.
#
TRAINING_POLICY_TIMEOUT=0

#
#
# triplet timeout:                                    default: 4 minutes
#
#   when a triplet is created from the first mail delivery
#   attempt, what period of time should go by before we
#   allow the 'final delivery'. a study shows that there
#   is no difference between 1 minute and 1 hour for spam
#   at this point in time. a sane limit would be 5 minutes.
#   
TRIPLET_TIME=4m

#
# opt in and opt out:                                 default: off
#
#   some people are fairly irate when it comes to mail and
#   refuse wanting to have any type of delay. this feature
#   enables each and every person the ability to not subject
#   themselves to greylisting. this feature is also VERY
#   usefull when you dont want to subject EVERY person to
#   greylisting at once but instead allows you to enable
#   it in batches/groups of users so you get a feel on the
#   type of complaints or praise from your users.
#
#                                                     1=on  0=off
OPTINOUT=0

#
# optinoutall:                                        default: off
#
#   this allows you to either opt everyone in, or opt every
#   one out and only has any effect if OPTINOUT is enabled.
#
#                                                     1=on  0=off
OPTINOUTALL=0

#
# triplet authenticated cleanup                       default: 30d
#
#   if a triplet has been successfully updated (retried and
#   delivered), this is what is considered an 'authenticated'
#   triplet. this options allows some sanity so you do not
#   keep these triplets forever. specify the amount of days
#   that we keep authenticated triplets since it was last updated.
#
TRIPLET_AUTH_TIMEOUT=30d

#
# triplet unauthenticated cleanup                     default: 2d
#
#   if a triplet has NOT been successfully updated (no retry
#   attempt), this is what is considered as an 'unathenticated'
#   triplet. this option allows some sanity so you do not
#   keep these triplets forever. specify the amount of days
#   that we keep unauthenticated triplets since being inserted
#   into the database
#
TRIPLET_UNAUTH_TIMEOUT=2d




#####################################################################
#                      SENDER THROTTLE                 (functional) #
#####################################################################
#
# throttle senders                                    default: off
#
#   sender throttling allows per-user limits of all
#   mail that passes the policy daemon. any envelope
#   sender that is not found in the database will
#   fall back to the config defaults listed below.
#
#                                                     1=on  0=off
SENDERTHROTTLE=0

#
# throttle SASL users                                 default=on
#
#   throttling based upon envelope sender addresses does
#   not work very well as it can of course be easily forged.
#   if your users are forced to authenticate via SASL, enable
#   this option so that quotas stick like glue regardless of
#   what they try.
#
#   if this option is enabled, and a remote client connects
#   WITHOUT sasl, it will then use the clients sending/FROM
#   address.
#                                                     1=on  0=off
SENDER_THROTTLE_SASL=0

#
# throttle IP addresses                               default=on
#
#   throttling based upon the ip address of the sender
#   will ensure that the host does not send more than
#   their allowed quota. you may only enable
#   SENDER_THROTTLE_SASL or SENDER_THROTTLE_HOST but
#   *NOT* both.
#                                                     1=on  0=off
SENDER_THROTTLE_HOST=1

#
# quota exceeded temp rejection:                           default: 5xx
#
#   select temp reject (4xx) or hard reject (5xx) on quota exceeded
#
#                                                     1=4xx  0=5xx
QUOTA_EXCEEDED_TEMP_REJECT=1

#
# throttle rejection:                               default: "Quota Exceeded"
#
#   what error message the connecting host will recieve
#   when they have exceeded any of their quotas.
#
SENDER_QUOTA_REJECTION="Quota Exceeded."

#
# throttle max message size reject message          default: Message size too big
#
#   
#
SENDER_SIZE_REJECTION="Message size too big."

#
# maximum mail sent per time period                 default: 5000
#
#   how many messages a user is allowed to send out
#   before the time limit has expired.
#
SENDERMSGLIMIT=512

#
# maximum mail recipients per time period           default: 5000
#
#   how many recipients a user is allowed to send out
#   before the time limit has expired.
#
SENDERRCPTLIMIT=3600

#
# maximum mail quota/size per time period           default: 250 meg
#
#   how much mail will be allowed from a user (in bytes)
#   which will be accepted before the timelimit has expired.
#   note: the maximum supported size is 2gig
#
SENDERQUOTALIMIT=250000000

#
# sender time limit:                                default: 24 hours
#
#   after how long does all quota last before counters
#   are reset back to to zero.
#
SENDERTIMELIMIT=1h

#
# sender message size:                              default: 10 meg
#
#   this is the maximum sender mail size
#
SENDERMSGSIZE=10240000

#
# sender "warning" threshold
#
#   this is the threshold (in percentage) that will trigger a
#   a warning to syslog. valid percentages are 1 -> 99
#
SENDERMSGSIZE_WARN=50

#
# sender "panic" threshold
#
#   this is the threshold (in percentage) that will trigger a
#   a warning to syslog. valid percentages are 1 -> 99
#
SENDERMSGSIZE_PANIC=90

#
# inactive sender database record cleanup           default: 31 days
#
#   this allows you to specify how long the throttling
#   records of inactive senders kept in the database.
#   this allows to keep the database small. a setting
#   of 0 keeps all entries.
#
SENDER_INACTIVE_EXPIRE=31d




#####################################################################
#                    RECIPIENT THROTTLE                (functional) #
#####################################################################
#
# throttle recipients                               default: off
#
#   recipient throttling allows per-user limits of all
#   mail that passes the policy daemon. any envelope
#   recipient that is not found in the database will
#   fall back to the config defaults listed below.
#
#                                                     1=on  0=off
RECIPIENTTHROTTLE=0

#
# maximum mail sent per time period                 default: 5000
#
#   how many messages a user is allowed to send out
#   before the time limit has expired.
#
RECIPIENTMSGLIMIT=64

#
# recipient time limit:                             default: 24 hours
#
#   after how long does all quota last before counters
#   are reset back to to zero.
#
RECIPIENTTIMELIMIT=1h

# throttle recipient rejection:                     default: "Quota Exceeded"
#
#   what error message the connecting host will recieve
#   when they have exceeded any of their quotas.
#
RECIPIENT_QUOTA_REJECTION="Quota Exceeded."

#
# inactive recipients database record cleanup       default: 31 days
#
#   this allows you to specify how long the throttling
#   records of inactive recipients are kept in the database.
#   this allows to keep the database small. a setting
#   of 0 keeps all entries.
#
RECIPIENT_INACTIVE_EXPIRE=31d



#######
# EOF #
#######
Top

User avatar
daemotron
Administrator
Administrator
Posts: 2800
Joined: 2004-01-21 17:44

Re: postfix-policyd startet unter lucid nicht?

Post by daemotron »

Sieht für mich nach einem Typo im Code aus - gültige log priorities sind normalerweise

Code: Select all

LOG_EMERG
LOG_ALERT
LOG_CRIT
LOG_ERR
LOG_WARNING
LOG_NOTICE
LOG_INFO
LOG_DEBUG
Für mich sieht das nach einem verunglückten LOG_INFO aus. Hast Du mal den Quellcode nach LOG_IFOO durchgegrept?
“Some humans would do anything to see if it was possible to do it. If you put a large switch in some cave somewhere, with a sign on it saying 'End-of-the-World Switch. PLEASE DO NOT TOUCH', the paint wouldn't even have time to dry.” — Terry Pratchett, Thief of Time
Top

monotek
Posts: 64
Joined: 2003-08-26 23:23
Location: Dresden

Re: postfix-policyd startet unter lucid nicht?

Post by monotek »

Danke :-)

Das scheints wirklich zu sein.

Ändert man LOK_INFO nach LOG_ERR startet er problemlos.

Bugreport: https://bugs.launchpad.net/ubuntu/+sour ... bug/627117
Top