I’m 77. I’ve been retired for 10 years. Now I’m struggling trying to get postfix working with Dovecot and Spamasassin on a CentOS 7 server. I manage a small hobby domain for some friends (for free), and the changes in systems are so dramatic that I feel I’m losing touch.
I read this doc to help me understand the new setup: https://samhobbs.co.uk/2014/03/raspberry-pi-email-server-part-4-spam-detection-spamassassin I used to use filter.sh and didn’t run the spamd daemon, but I thought that using the daemon would be the best way to go now. I uninstalled postfix 2.10 and installed postfix 3.9. I installed spamassassin 3.4. I copied my old 2.1 master.cf and main.cf to the new configs (after backing those up) and started up both daemons. (I don’t know if that’s a mistake. I can send and receive email, including remotely using saslauth. But, I’m not gettting headers altered by spamassassin and I’m seeing some warnings in the logs that bother me. Here’s the spamassassin bits in master.cf: smtp inet n - n - - smtpd -o content_filter=spamassassin spamassassin unix - n n - - pipe user=spamd argv=/usr/local/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} [root@ded602 etc]# postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases allow_mail_to_commands = alias,forward allow_mail_to_files = alias,forward allow_percent_hack = no anvil_status_update_time = 1d biff = no broken_sasl_auth_clients = yes command_directory = /usr/sbin compatibility_level = 2 config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debug_peer_list = 127.0.0.1 debugger_command = PATH=/usr/bin: xxgdb $daemon_directory/$process_name $process_id & sleep 5 default_privs = nobody default_process_limit = 75 delay_warning_time = 1d home_mailbox = Maildir/ html_directory = /usr/share/doc/postfix inet_interfaces = all inet_protocols = ipv4 lmtp_destination_recipient_limit = 3000 lmtp_sasl_auth_enable = no local_destination_concurrency_limit = 2 local_destination_recipient_limit = 100 local_recipient_maps = unix:passwd.byname $alias_maps mail_owner = postfix mailbox_size_limit = 900000000 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maximal_queue_lifetime = 5d message_size_limit = 900000000 meta_directory = /etc/postfix milter_default_action = accept mydestination = $myhostname, localhost.$mydomain, localhost mail.$mydomain, www.$mydomain, lists.$mydomain, $mydomain mydomain = stovebolt.com myhostname = mail.$mydomain mynetworks = 127.0.0.0/8,162.250.226.170/32 myorigin = $mydomain newaliases_path = /usr/bin/newaliases non_smtpd_milters = $smtpd_milters owner_request_special = no postscreen_access_list = permit_mynetworks postscreen_bare_newline_action = ignore postscreen_bare_newline_enable = no postscreen_bare_newline_ttl = 30d postscreen_blacklist_action = enforce postscreen_cache_cleanup_interval = 12h postscreen_cache_map = btree:$data_directory/postscreen_cache postscreen_cache_retention_time = 7d postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit postscreen_command_count_limit = 20 postscreen_command_filter = postscreen_command_time_limit = ${stress?10}${stress:300}s postscreen_disable_vrfy_command = $disable_vrfy_command postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords postscreen_dnsbl_action = enforce postscreen_dnsbl_reply_map = postscreen_dnsbl_sites = bl.spamcop.net, zen.spamhaus.org postscreen_dnsbl_threshold = 1 postscreen_dnsbl_ttl = 1h postscreen_expansion_filter = $smtpd_expansion_filter postscreen_forbidden_commands = $smtpd_forbidden_commands postscreen_greet_action = enforce postscreen_greet_banner = $smtpd_banner postscreen_greet_ttl = 1d postscreen_greet_wait = ${stress?2}${stress:6}s postscreen_helo_required = $smtpd_helo_required postscreen_non_smtp_command_action = drop postscreen_non_smtp_command_enable = no postscreen_non_smtp_command_ttl = 30d postscreen_pipelining_action = enforce postscreen_pipelining_enable = no postscreen_pipelining_ttl = 30d postscreen_post_queue_limit = $default_process_limit postscreen_pre_queue_limit = $default_process_limit postscreen_reject_footer = $smtpd_reject_footer postscreen_tls_security_level = $smtpd_tls_security_level postscreen_watchdog_timeout = 10s postscreen_whitelist_interfaces = static:all queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix3-3.7.2/README_FILES recipient_delimiter = + relay_domains = $mydestination, www.stovebolt.com, server1.stovebolt.com sample_directory = /usr/share/doc/postfix3-3.7.2/samples sendmail_path = /usr/sbin/sendmail setgid_group = postdrop shlib_directory = /usr/lib/postfix smtp_tls_loglevel = 0 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:$config_directory/helo_access smtpd_junk_command_limit = 5 smtpd_milters = inet:127.0.0.1:8891 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_client_access hash:$config_directory/rbl_override, reject_rbl_client, reject_rhsbl_reverse_client, reject_rhsbl_helo, reject_rhsbl_sender, reject_rbl_client sbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client b.barracudacentral.org reject_rbl_client combined.njabl.org, reject_rhsbl_reverse_client xbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org check_client_access hash:$config_directory/access, check_sender_access hash:$config_directory/sender_access, reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unverified_recipient, permit smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_mynetworks reject_unknown_sender_domain, check_sender_mx_access hash:$config_directory/access, warn_if_reject reject_unverified_sender smtpd_tls_CAfile = $config_directory/cacert.pem smtpd_tls_cert_file = $config_directory/mail.crt smtpd_tls_ciphers = high smtpd_tls_key_file = $config_directory/mail.key smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s soft_bounce = no tls_random_source = dev:/dev/urandom unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 550 unverified_sender_reject_reason = "Unverified sender address" I’m not sure if all these parameters are still in use or if I even need them. Here are the log warnings that I’m seeing: I’m seeing a lot of these, but I assume this is just a nefarious actor: Jun 13 13:16:18 ded602 postfix/smtpd[2438]: warning: non-SMTP command from unknown[80.244.11.148]: \026\003\001\000\342\001\000\000\336\003\003iRf+\246d\261&]\303\034&jn/;\315\213\372\t4\005L\253\250 These are the warnings that bother me. I’ve googled but that hasn’t been a lot of help. What I’m finding is that much of online docs are grossly outdated and pretty useless. Jun 13 13:10:34 ded602 postfix/master[31118]: warning: /usr/libexec/postfix/pipe: bad command startup -- throttling Jun 13 13:10:34 ded602 postfix/master[31118]: warning: process /usr/libexec/postfix/pipe pid 2404 exit status 1 Jun 13 13:10:34 ded602 postfix/qmgr[31120]: warning: private/spamassassin socket: malformed response Please be gentle. I’m far from a pro, and I’ve been out of the game for a decade. Paul Schmehl paul.schm...@gmail.com
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
