smtpd_milters and virtual_alias_maps

Sun, 17 May 2009 03:05:21 -0700 

hello

Postfix version 2.5.7
As I have some problems with proxy filters that are not transparent, I would like to test milter filters.
When I enable the smtpd_filters, the "virtual aliasing" is no more applied !
In other words, without the smtpd_milters, a mail send to m...@elec.ucl.ac.be is automatically send to m...@uclouvain.be because the following line is in a file within the virtual_alias_maps 

m...@elec.ucl.ac.be             m...@uclouvain.be

Here is the log corresponding to the transaction :
May 17 11:54:49 smtp-1 postfix/smtpd[29804]: connect from smtp-2.sipr- dc.ucl.ac.be[10.1.5.2] May 17 11:55:01 smtp-1 clamsmtpd: 10EFFF: accepted connection from: 127.0.0.1 May 17 11:55:01 smtp-1 postfix/smtpd[29855]: connect from localhost.localdomain[127.0.0.1] May 17 11:55:01 smtp-1 postfix/smtpd[29804]: NOQUEUE: client=smtp-2.sipr-dc.ucl.ac.be[10.1.5.2] May 17 11:55:02 smtp-1 postfix/smtpd[29855]: 069C8E8B14: client=smtp-2.sipr-dc.ucl.ac.be[10.1.5.2] May 17 11:55:10 smtp-1 postfix/cleanup[29856]: 069C8E8B14: hold: header Received: from smtp2.sgsi.ucl.ac.be (smtp-2.sipr-dc.ucl.ac.be [10.1.5.2])??by smtp1.sgsi.ucl.ac.be (Postfix) with ESMTP??for <m...@elec.ucl.ac.be >; Sun, 17 May 2009 11:54:58 +0200 (CEST) from smtp-2.sipr- dc.ucl.ac.be[10.1.5.2]; from=<m...@uclouvain.be> to=<m...@elec.ucl.ac.be> proto=ESMTP helo=<smtp2.sgsi.ucl.ac.be> May 17 11:55:10 smtp-1 postfix/cleanup[29856]: 069C8E8B14: message-id=<20090517095502.069c8e8...@smtp1.sgsi.ucl.ac.be > May 17 11:55:10 smtp-1 clamsmtpd: 10EFFF: from...@uclouvain.be, to...@elec.ucl.ac.be , status=CLEAN May 17 11:55:10 smtp-1 postfix/smtpd[29855]: disconnect from localhost.localdomain[127.0.0.1] May 17 11:55:12 smtp-1 postfix/smtpd[29804]: disconnect from smtp-2.sipr-dc.ucl.ac.be[10.1.5.2] May 17 11:55:12 smtp-1 MailScanner[28627]: New Batch: Scanning 1 messages, 1111 bytes 
May 17 11:55:12 smtp-1 MailScanner[28627]: Spam Checks: Starting
May 17 11:55:14 smtp-1 MailScanner[28627]: Message 069C8E8B14.00000 from 0.0.0.0 (m...@uclouvain.be) to elec.ucl.ac.be is n'est pas un polluriel, SpamAssassin (not cached, score=-2.399, requis 5, autolearn=not spam, ALL_TRUSTED -1.80, BAYES_00 -1.60, NO_REAL_NAME 1.00) May 17 11:55:14 smtp-1 MailScanner[28627]: Virus and Content Scanning: Starting May 17 11:55:16 smtp-1 MailScanner[28627]: Requeue: 069C8E8B14.00000 to 52AFDE8C38 May 17 11:55:16 smtp-1 postfix/qmgr[27709]: 52AFDE8C38: from=<m...@uclouvain.be >, size=440, nrcpt=1 (queue active) May 17 11:55:16 smtp-1 MailScanner[28627]: Uninfected: Delivered 1 messages May 17 11:55:16 smtp-1 postfix/smtp[29863]: 52AFDE8C38: to=<m...@uclouvain.be >, orig_to=<m...@elec.ucl.ac.be>, relay=10.1.5.192[10.1.5.192]:25, delay=15, delays=15/0.02/0.01/0.04, dsn=2.5.0, status=sent (250 2.5.0 Ok.) 
May 17 11:55:16 smtp-1 postfix/qmgr[27709]: 52AFDE8C38: removed
With the smtpd_milters, postfix says that the mail for m...@elec.ucl.ac.be loops back to himself.
May 17 11:42:28 smtp-1 postfix/smtpd[29239]: connect from unknown[10.1.5.252] May 17 11:42:28 smtp-1 postfix/smtpd[29239]: setting up TLS connection from unknown[10.1.5.252] May 17 11:15:16 smtp-1 milter-clamc[23572]: enter socketClient(1fa4c7e0, 120000) s.fd=1 May 17 11:15:16 smtp-1 milter-clamc[23572]: exit socketClient(1fa4c7e0, 120000) s.fd=1 errno=0 rc=0 
May 17 11:15:16 smtp-1 milter-clamc[23572]: 00004 NOQUEUE: > STREAM
May 17 11:15:16 smtp-1 milter-clamc[23572]: socketReadLine(1fa4c7e0, 630f40, 63) s.fd=1 bytes=9 
May 17 11:15:16 smtp-1 milter-clamc[23572]: 00004 NOQUEUE: < PORT 1770
May 17 11:15:16 smtp-1 milter-clamc[23572]: socketOpen(1fa4d880, 1) s=1fa4d900 s.fd=2 May 17 11:15:16 smtp-1 milter-clamc[23572]: enter socketClient(1fa4d900, 120000) s.fd=2 May 17 11:15:16 smtp-1 milter-clamc[23572]: socketCanSend(1fa4d900, 120000) s.fd=2 rc=1 May 17 11:15:16 smtp-1 milter-clamc[23572]: exit socketClient(1fa4d900, 120000) s.fd=2 errno=0 rc=0 May 17 11:15:16 smtp-1 milter-clamc[23572]: 00004 NOQUEUE: filterHeader(1fa47ea0, 'To', 'm...@elec.ucl...') May 17 11:15:16 smtp-1 milter-clamc[23572]: 00004 NOQUEUE: filterHeader(1fa47ea0, 'Subject', 'test 5...') May 17 11:15:16 smtp-1 milter-clamc[23572]: 00004 NOQUEUE: filterEndHeaders(1fa47ea0) May 17 11:15:16 smtp-1 milter-clamc[23572]: 00004 NOQUEUE: filterBody(1fa47ea0, 'test 5 suite ...', 14) maxChunks=0 chunksSent=0 May 17 11:15:16 smtp-1 milter-clamc[23572]: 00004 NOQUEUE: filterEndMessage(1fa47ea0) 
May 17 11:15:16 smtp-1 milter-clamc[23572]: socketClose(1fa4d900) s.fd=2
May 17 11:15:16 smtp-1 milter-clamc[23572]: socketReadLine(1fa4c7e0, 1fa497d0, 1000) s.fd=1 bytes=10 
May 17 11:15:16 smtp-1 milter-clamc[23572]: socketClose(1fa4c7e0) s.fd=1
May 17 11:15:16 smtp-1 milter-clamc[23572]: 00004 NOQUEUE: < stream: OK
May 17 11:15:16 smtp-1 MailScanner[21342]: New Batch: Scanning 1 messages, 1059 bytes 
May 17 11:15:16 smtp-1 MailScanner[21342]: Spam Checks: Starting
May 17 11:15:18 smtp-1 MailScanner[21342]: Message 38149E8CA2.00000 from 0.0.0.0 (m...@uclouvain.be) to elec.ucl.ac.be is n'est pas un polluriel, SpamAssassin (not cached, score=-2.397, requis 5, autolearn=not spam, ALL_TRUSTED -1.80, BAYES_00 -1.60, MISSING_DATE 0.00, MISSING_MID 0.00, NO_REAL_NAME 1.00) May 17 11:15:18 smtp-1 MailScanner[21342]: Virus and Content Scanning: Starting May 17 11:15:21 smtp-1 MailScanner[21342]: Requeue: 38149E8CA2.00000 to 58731E8CAE May 17 11:15:21 smtp-1 MailScanner[21342]: Uninfected: Delivered 1 messages May 17 11:15:21 smtp-1 postfix/qmgr[25804]: 58731E8CAE: from=<m...@uclouvain.be >, size=343, nrcpt=1 (queue active) May 17 11:15:21 smtp-1 postfix/smtp[25875]: 58731E8CAE: to=<m...@elec.ucl.ac.be >, relay=none, delay=25, delays=25/0.01/0/0, dsn=5.4.6, status=bounced (mail for 127.0.0.1 loops back to myself) 


What's wrong in my configuration ?
Thanks


# postconf -n
address_verify_sender = verify_addr...@uclouvain.be
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
bounce_size_limit = 50000
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
disable_vrfy_command = yes
empty_address_recipient = MAILER-DAEMON
hash_queue_depth = 1
hash_queue_names = deferred defer incoming hold
header_checks = regexp:/etc/postfix/rules/header_checks
html_directory = no
mail_owner = postfix
mailbox_size_limit = 250000000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 250000000
milter_protocol = 6
mydestination = $myhostname, localhost, localhost.$mydomain
mydomain = sipr-dc.ucl.ac.be
myhostname = smtp1.sgsi.ucl.ac.be
mynetworks = 130.104.0.0/16,127.0.0.0/8,192.168.128.0/17,193.190.89.0/24,10.0.0.0/8 
newaliases_path = /usr/bin/newaliases
parent_domain_matches_subdomains = debug_peer_list mynetworks
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = hash:/etc/postfix/relais/relay_domains
relay_recipient_maps =
        hash:/etc/postfix/relais/transport
        hash:/etc/postfix/relais/virtual_bal_uclouvain
        hash:/etc/postfix/relais/ucl_uclouvain
        hash:/etc/postfix/relais/virtual_aliases_uclouvain
        hash:/etc/postfix/relais/virtual_fonctions_uclouvain
        hash:/etc/postfix/relais/uclouvain.be
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP
smtpd_client_connection_rate_limit = 20
smtpd_client_message_rate_limit = 300
smtpd_client_recipient_rate_limit = 1000
smtpd_data_restrictions = check_sender_access hash:/etc/postfix/rules/ check_backscatterer smtpd_end_of_data_restrictions = check_policy_service inet: 127.0.0.1:10040 
smtpd_error_sleep_time = ${stress?20}${stress:2}
smtpd_hard_error_limit = ${stress?3}${stress:20}
smtpd_helo_required = yes
smtpd_helo_restrictions =
        check_client_access hash:/etc/postfix/rules/access
        check_recipient_access pcre:/etc/postfix/rules/listes_client_access
        permit_mynetworks
        permit_sasl_authenticated
        reject_invalid_hostname
        check_client_access hash:/etc/postfix/rules/helo_whitelist
        check_recipient_access hash:/etc/postfix/rules/roleaccount_exceptions
        reject_non_fqdn_hostname
        check_client_access hash:/etc/postfix/files_access/spammers
        check_helo_access pcre:/etc/postfix/rules/helo_checks
        check_sender_mx_access cidr:/etc/postfix/rules/bogus_mx_checks
        check_client_access hash:/etc/postfix/rules/client_whitelist
        check_client_access cidr:/etc/postfix/rules/all-dnswl-permit
        check_client_access regexp:/etc/postfix/rules/spam_ip_regex
        permit
smtpd_recipient_restrictions =
        reject_non_fqdn_recipient
        reject_non_fqdn_sender
        check_recipient_access hash:/etc/postfix/rules/ucllouvain
        check_recipient_access hash:/etc/postfix/rules/invalid
        check_recipient_access hash:/etc/postfix/rules/phishing_reply_adresses
        permit_sasl_authenticated
        reject_unlisted_recipient
        permit_mynetworks
        reject_unknown_recipient_domain reject_unauth_destination
        reject_multi_recipient_bounce
        check_recipient_access hash:/etc/postfix/rules/roleaccount_exceptions
        check_client_access cidr:/etc/postfix/rules/hi-med-dnswl-header
        check_client_access cidr:/etc/postfix/rules/hi-med-dnswl-permit
        check_sender_access hash:/etc/postfix/rules/sender_whitelist
        check_client_access hash:/etc/postfix/rules/client_whitelist
        check_sender_access pcre:/etc/postfix/rules/pcre_sender_whitelist
        check_recipient_access hash:/etc/postfix/rules/recipient_whitelist
        reject_rbl_client zen.dnsbl
        reject_rbl_client bl.spamcop.net
        reject_rbl_client safe.dnsbl.sorbs.net
        permit_auth_destination
        reject
smtpd_restriction_classes = greylist_policy
        must_be_valid_squirrel_sender
        restrict_list_client_access
        restrict_list_sender_access
        restrict_list_cluster_access
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions =
        check_recipient_access pcre:/etc/postfix/rules/listes_sender_access
        check_client_access hash:/etc/postfix/rules/squirrel_ip
        permit_sasl_authenticated
        permit_mynetworks
        reject_unknown_recipient_domain
        check_sender_access hash:/etc/postfix/rules/stluc
        check_sender_access hash:/etc/postfix/rules/access
        reject_unknown_sender_domain
smtpd_soft_error_limit = ${stress?1}${stress:10}
smtpd_tls_CAfile = /etc/postfix/ssl/ct_root.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtp.sgsi.ucl.ac.be-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtp.sgsi.ucl.ac.be-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/spool/postfix/.cache/ smtpd_scache 
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps =
        hash:/etc/postfix/relais/transport
        hash:/etc/postfix/relais/uclouvain.be
        hash:/etc/postfix/relais/virtual_bal_uclouvain
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
        hash:/etc/postfix/relais/ucl_uclouvain
        hash:/etc/postfix/relais/virtual_aliases_uclouvain
        hash:/etc/postfix/relais/virtual_fonctions_uclouvain



I add the following to activate the milter filter :

milter_protocol = 6
smtpd_milters = unix:/var/run/milter/milter-clamc.socket

--
Pascal

Reply via email to