empty subject, empty body, from: Postfix After-Queue Content Filter...

Mon, 18 May 2009 13:54:24 -0700 

A new email gateway I am building is sending email with empty subject, empty
body,
and the internal from starts with "Postfix After-Queue Content Filter:.
It is possible an external filter is the culprit, but it appears to me as if
postfix is actually
stripping the missing information, due to some misconfiguration, because
otherwise
it is working as it is supposed to.

My project is to move email gateways off of old hardware to new hardware.
The intent is to keep running all the currently used software on new
hardware.
New rhel-5.3-x86_64 installed.
Sendmail worked fine.
Postfix-2.3.3 replaced sendmail and worked fine.
All local changes used on older servers except on made to main.cf and
master.cf
and postfix still worked fine.
SpamAssassin version 3.2.5 running on Perl version 5.8.8 installed and
worked fine
in stand-alone tests.
ClamAV installed and worked fine in stand-alone tests.
Anomy sanitizer was added and past stand-alone tests.
The last change was made to master.cf.
It was to add this at end of file:
filter    unix    -       n       n       -       -       pipe
  flags=Rq user=filter argv=/u01/gluescript/filter.sh -f ${sender} --
${recipient}
Where the filter.sh is:
<begin script>
#!/bin/sh
#
# filter.sh
#
# Simple filter to plug Anomy Sanitizer and SpamAssassin
# into the Postfix MTA
#
# From http://advosys.ca/papers/postfix-filtering.html
# Advosys Consulting Inc., Ottawa
#
# For use with:
#    Postfix 20010228 or later
#    Anomy Sanitizer revision 1.49 or later
#    SpamAssassin 2.42 or later
#
# Note: Modify the file locations to match your particular
#       server and installation of SpamAssassin.

# File locations:
# (CHANGE AS REQUIRED TO MATCH YOUR SERVER)
INSPECT_DIR=/var/spool/filter

#SENDMAIL="/usr/lib/sendmail -i"
#above should be the same as following
SENDMAIL="/usr/sbin/sendmail.postfix -i"

ANOMY=/u01/anomy
SANITIZER=/u01/anomy/bin/sanitizer.pl
ANOMY_CONF=/u01/anomy/anomy.conf
ANOMY_LOG=/tmp/anomy.log
SPAMASSASSIN=/usr/bin/spamassassin
SPAMC=/usr/bin/spamc
SPAMC_LOG=/tmp/spamc.log

export ANOMY

# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69

cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }

# Clean up when done or when aborting.
trap "rm -f out.$$" 0 1 2 3 15

cat | $SPAMC 2>>$SPAMC_LOG | $SANITIZER \
   $ANOMY_CONF 2>>$ANOMY_LOG > out.$$ || \
   { echo Message content rejected; exit $EX_UNAVAILABLE; }

# Search header only for spam greater then or equal to spam threshold
DROPSPAM=`awk 'BEGIN{RS=""}{print;exit}' out.$$|grep '^X-Spam-Level:
\*\*\*\*\*\*'`
[ "$DROPSPAM" ] && {
rm -f out.$$
    #mv out.$$ spamdropped.$$
    exit 0
}

## return to postfix via postfix.sendmail
$SENDMAIL "$@" < out.$$

exit $?
<end script>

This is when sending email broke.
All email are sent and are delivered to final distinations.
The subject is stripped out.
The body is stripped out.
The From address seen by recepients email program becomes: Postfix
After-Queue Content Filter [<any account>@cnm.edu]

Maillog never has any warnin, error, fatal, or panic.
/usr/sbin/sendmail -bv ... always determines "deleverable"
/usr/sbin/sendmail -v ... sends with same (stripped out) results.
All debugging and tracing show nothing because Postfix is not encountering a
bug.

I replaced the glue script above with a number of scripts attempting
to run one filter at a time and the same results resulted.

This script that calls no filter was finally tried:
<begin script>
#!/bin/sh

# Simple shell-based filter. It is meant to be invoked as follows:
#       /path/to/script -f sender recipients...

# Localize these. The -G option does nothing before Postfix 2.3.
INSPECT_DIR=/var/spool/filter
SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here.

# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69

# Clean up when done or when aborting.
trap "rm -f in.$$" 0 1 2 3 15

# Start processing.
cd $INSPECT_DIR || {
    echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }

cat >in.$$ || {
    echo Cannot save mail to file; exit $EX_TEMPFAIL; }

#$SENDMAIL "$@" <in.$$
echo -n $SENDMAIL "$@">>out
cat in.$$ >>out

exit $?
<end script>

The results were the same.

This is the postfinger output (munged gateway names:
postfinger - postfix configuration on Mon May 18 14:36:45 MDT 2009
version: 1.30

Warning: postfinger output may show private configuration information,
such as ip addresses and/or domain names which you do not want to show
to the public.  If this is the case it is your responsibility to modify
the output to hide this private information.  [Remove this warning with
the --nowarn option.]

--System Parameters--
mail_version = 2.3.3
hostname = DDDD
uname = Linux DDDD 2.6.18-128.1.6.el5 #1 SMP Tue Mar 24 12:05:57 EDT 2009
x86_64 x86_64 x86_64 GNU/Linux

--Packaging information--
looks like this postfix comes from RPM package: postfix-2.3.3-2.1.el5_2

--main.cf non-default parameters--
bounce_size_limit = 1
default_process_limit = 400
header_checks = regexp:/etc/postfix/header_checks
local_recipient_maps =
local_transport = error
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_domains = $mydomain, cnm.edu, nmvc.org, nmvirtualcollege.org
message_size_limit = 16777216
mydestination = $myhostname, $mydomain, localhost.localdomain, cnm.edu,
mail.cnm.edu, AAAA.cnm.edu, BBBB.cnm.edu, CCCC.cnm.edu, DDDD.cnm.edu,
EEEE.cnm.edu, FFFF.cnm.edu,nmvc.org, mail.nmvc.org, AAAA.nmvc.org,
BBBB.nmvc.org, CCCC.nmvc.org, nmvirtualcollege.org,
mail.nmvirtualcollege.org, AAAA.nmvirtualcollege.org,
BBBB.nmvirtualcollege.org, CCCC.nmvirtualcollege.org,nmln.net, ideal-nm.org,
ideal-nm.net, idealnm.org, idealnm.net
mydomain = cnm.edu
myhostname = DDDD.cnm.edu
mynetworks = 198.133.182.0/24, 198.133.181.0/24, 198.133.180.0/24,
172.16.0.0/12, 192.168.0.0/16, 10.0.0.0/8, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
notify_classes = resource,software
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
smtpd_client_restrictions = permit_mynetworks
hash:/etc/postfix/whitelist    reject_rbl_client zen.spamhaus.org
reject_rbl_client blackholes.five-ten-sg.com=127.0.0.4    reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.5    reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.6    reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.7    reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.8    reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.9    reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.10    reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.11    reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.13 reject_rbl_client
bl.spamcop.netreject_rbl_client
dnsbl.njabl.org permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/overquota check_recipient_access
hash:/etc/postfix/filtered_domains permit_mynetworks
reject_unauth_destination check_client_access hash:/etc/postfix/access
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/greylist    check_sender_access
hash:/etc/postfix/sender_access    permit_mynetworks
reject_unknown_sender_domain
virtual_alias_maps = hash:/etc/postfix/virtualaliases

--master.cf--
smtp      inet   n       -       n       -       -       smtpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
    -o fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache      unix    -    -    n    -    1    scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension}
${user}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
filter    unix    -       n       n       -       -       pipe
  flags=Rq user=filter argv=/u01/gluescript/filter.sh -f ${sender} --
${recipient}

-- end of postfinger output --

tcpdump shows no problem.

-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106

Reply via email to