hi!
i'm struggling around to implement a before-queue spamcheck.
but the problem ist not the spamcheck itself, but a problem with
smtp-authentication (pam_mysql) :(((((
up to now i'm running the system with after-queue spamcheck with
postfix/spamassassin/amavid-new, everything works fine, user can
authenticate and send emails ..
but if i change the following to implement before-queue spamcheck:
a) in master.cf:
-----------------------------------------------
smtp inet n - n - - smtpd
change to =>
smtp inet n - - - 20 smtpd
-o smtpd_proxy_filter=127.0.0.1:10024
-o smtpd_client_connection_count_limit=10
and
-----------------------------------------------
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
change to =>
127.0.0.1:10025 inet n - n - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=
-o mynetworks=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_checks
b) in main.cf
-----------------------------------------------
content_filter = smtp-amavis:[127.0.0.1]:10024
change to =>
#content_filter = smtp-amavis:[127.0.0.1]:10024
c) in header_checks
-----------------------------------------------
add the following line
/X-Spam-Level: \*{25,}/ REJECT Looks like spam to me
d) in /etc/amavisd/amavisd.conf
-----------------------------------------------
add the following line
@auth_mech_avail=qw(PLAIN LOGIN);
after restarting postfix everything seems o.k. for the mail-transfer,
because the mailserver accepts mails from other servers and mails with a
spamscore above 25 ist rejected, as intended.
BUT: if someone of the "internal user" want's to send an email, he/she
cannot authenticate anymore !!!
"telnet mailserver smtp" and "ehlo hkrebs" and "auth plain xxxxxxxxx"
gives:
535 5.7.8 Error: authentication failed: generic failure
if i'm using a correct username/password and gives back
535 5.7.8 Error: authentication failed: another step is needed in
authentication
if i'm using a wrong combination
and my /var/log/maillog tells me:
Jan 29 13:32:53 mx postfix/smtpd[28022]: warning: SASL authentication
failure: cannot connect to saslauthd server: No such file or directory
Jan 29 13:32:53 mx postfix/smtpd[28022]: warning: SASL authentication
failure: Password verification failed
Jan 29 13:32:53 mx postfix/smtpd[28022]: warning: unknown[127.0.0.1]:
SASL plain authentication failed: generic failure
can anybody tell me, what i'm doing wrong????
ciao
H.
