SPF configuration problem

[paulux32]

Hello,

I try to install SPF on my postfix relays.
Centos Version: 7.3
Postfix Version: 2.11

I configured the main.cf as follows:

Smtpd_recipient_restrictions =
.......................
reject_unauth_destination
Check_policy_service unix: private / policy
allowed

Policy_time_limit = 3600


#SPF
Policy unix - n n - 0 spawn
User = nobody argv = / usr / local / lib / policyd-spf-perl

I had to use CPAN to install missing modules. Everything seemed okay, but during my tests of receiving mails, I have the following errors:


........../spawn[20103]: warning: command /usr/local/lib/policyd-spf-perl exit status 2
........../smtpd[20099]: warning: premature end-of-input on private/policy while reading input attribute name
........./spawn[20103]: warning: command /usr/local/lib/policyd-spf-perl exit status 2
........./smtpd[20099]: warning: problem talking to server private/policy: Connection reset by peer
........./smtpd[20099]: NOQUEUE: reject: RCPT from unknown[IP]: 451 4.3.5 Server configuration problem;


It's been a week since I've been looking for a solution, but I can not find anything.
I also tried to use python, but the error is the same: it does not really seem to come from policyd-spf but from a configuration problem somewhere.
Another precision, if I inhibit the SPF policy, the mails are well received.

Thank you very much for your help, and forgive me for my English

[TrevorH]

Don't use CPAN on a packaged distribution. I'm pretty sure there are packaged versions of everything you need to make postfix do SPF in the various repos - if not in CentOS base/updates then in EPEL. What did you have to use CPAN for?

Also, we ship postfix-2.10.1-6.el7.x86_64 not 2.11 so it sounds like you've really broken your system and installed that from source too

[paulux32]

Hello TrevorH and thanks for your help.

I used CPAN to install SPF modules (I read this on various forums), but I can go back and try EPEL (I did a snapshot before installing CPAN)
Before that, and before using the Perl policyd script, I had tested with Python, but the error was the same.

I would like to be sure to understand: are you telling me that centos 7.3 and postfix 2.11 are incompatible?
I'm sorry, I do not speak English well, and it is possible that my interpretation is not the correct one.

[TrevorH]

No, I'm saying that the postfix that we ship and that we issue patches for and maintain security for is 2.10. If you have 2.11 then you got it from somewhere that is not CentOS and that it won't have the same degree of security support that the CentOS version does. It might work, it might not, it's not tested or supported and you may have broken various other packages that depend on postfix by installing it.

[paulux32]

Understood.

I will go on a healthy basis : reinstall a server with postfix 2.10 and repeat the tests.
I'll keep you informed.

thanks again