premature end-of-input on private/po licyd-spf while reading input attribute name

Asked by Mark Watts on 2013-07-29

Hi,

I'm trying to get pypolicyd-spf working with Postfix on CentOS 6.4.

Each time I try and send a test message through Postfix, I get the following output in my mail log; nothing appears to be logged to syslog (I have a catchall logging *.* to /var/log/syslog and I see no logs from pypolicyd-spf itself - debugLevel is set to 5).

Jul 29 19:22:02 synapse postfix/spawn[20923]: warning: command /usr/bin/policyd-spf exit status 1
Jul 29 19:22:02 synapse postfix/smtpd[20920]: warning: premature end-of-input on private/policyd-spf while reading input attribute name
Jul 29 19:22:03 synapse postfix/spawn[20923]: warning: command /usr/bin/policyd-spf exit status 1
Jul 29 19:22:03 synapse postfix/smtpd[20920]: warning: premature end-of-input on private/policyd-spf while reading input attribute name
Jul 29 19:22:03 synapse postfix/smtpd[20920]: warning: problem talking to server private/policyd-spf: Connection reset by peer

I've run /usr/bin/policyd-spf by hand, which works:

# /usr/bin/policyd-spf
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=linux-corner.info
queue_id=8045F2AB23
instance=12345.6789
<email address hidden>
<email address hidden>
client_address=209.20.80.102
client_name=mail.linux-corner.info

action=prepend Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.20.80.102; helo=linux-corner.info; <email address hidden>; <email address hidden>

/etc/postfix/master.cf has:

policyd-spf unix - n n - 0 spawn
                   user=nobody argv=/usr/bin/policyd-spf /etc/python-policyd-spf/policyd-spf.conf

/etc/postfix/main.cf has (among other things):

smtpd_recipient_restrictions =
        check_policy_service unix:private/policyd-spf,
        permit
policyd-spf_time_limit = 3600

/etc/python-policyd-spf/policyd-spf.conf is the default as created by the tool itself, modified with debugLevel=5

Any ideas what I might be doing wrong, either with Postfix or debugLevel not logging anything?

Mark.

pydns-2.3.6.tar.gz
ipaddr-2.1.10.tar.gz
pyspf-2.0.8.tar.gz
pypolicyd-spf-1.2.tar.gz
postfix-2.6.6-2.2.el6_1.x86_64

Question information

Language:
English Edit question
Status:
Solved
For:
pypolicyd-spf Edit question
Assignee:
No assignee Edit question
Solved by:
Mark Watts
Solved:
2013-07-29
Last query:
2013-07-29
Last reply:
2013-07-29
Scott Kitterman (kitterman) said : #1

I think that this may be becuase you're using python(2) and the shebang in /usr/bin/policyd-spf is for python3. Try changing:

user=nobody argv=/usr/bin/policyd-spf /etc/python-policyd-spf/policyd-spf.conf

to:

user=nobody argv=python /usr/bin/policyd-spf /etc/python-policyd-spf/policyd-spf.conf

Mark Watts (markrwatts) said : #2

Unfortunately that didn't change anything; the python bangpath is /usr/bin/python anyway which uses the system python 2.6.6.

Mark.

Scott Kitterman (kitterman) said : #3

What are the permissions on /usr/bin/policyd-spf? Does the nobody user have rights to execute it?

Mark Watts (markrwatts) said : #4

# ls -laZ /usr/bin/policyd-spf
-rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0 /usr/bin/policyd-spf

Scott Kitterman (kitterman) said : #5

I don't have another immediate suggestion. Almost the first thing the policy server does is log that it started. When youvrun it by hand does it manage to log? If it does, that and the complete lack of logging when postfix runs it indicate it probably never gets started.

Mark Watts (markrwatts) said : #6

Yes you're right - running it by hand does generate logs.
I'll focus on Postfix now - thanks for the hints.

Mark.

Scott Kitterman (kitterman) said : #7

The other thing I would try (it may be a permissions issue) is running it by hand as user nobody. As root, su nobody and then run it by hand again. If there's a permissions issue, that should make it clear.

Mark Watts (markrwatts) said : #8

For the record this was unrelated to either Postfix or pypolicyd-spf.
I'd unwittingly set root's umask to 077 which caused all of the python modules to be installed with permissions such that only root could read them. Doh >.<

Scott Kitterman (kitterman) said : #9

Thanks fir ldtting ne know.