Hello all -
I've run Postfix for many years, and really is an excellent piece of work.
Whist rebuilding a server recently I decided to try integrating the
anti-virus and anti-SPAM filters via smtpd's milter interface. I've always
previously done so via a content filter (amavisd-new).
To be specific, my new configuration is:
OpenBSD 4.5 on i386 (Soekris net5501)
postfix 2.6.20091025-mysql (from the OpenBSD package collection)
- virtual mailboxes via dovecot (1.1.11p1) 'deliver' and MySQL
(5.0.77)
- SASL and TLS via dovecot auth
- relaying permitted for remote SASL authenticated clients
- pre-queue filtering via smtpd_milter 'smtp-vilter' (1.3.6p2)
- anti-virus via ClamAV (0.95.2)
- anti-SPAM via Spamassassin (3.5.2p1) spamd
(for info, most of the above apps are running chrooted)
Everything works fine :-) very pleased with this setup and in the process
of writing it up along the lines of Daniele Mazzoccio's excellent guide at
http://www.kernel-panic.it/openbsd/mail/index.html.
Just one slight issue, with which I would like to request a little help from
the list :-)
As noted above, I allow 'road warriors' to relay mail as long as they
authenticate via SASL (plain / login) and TLS. However I've had problems
with the server incorrectly tagging such mails as 'SPAM'.
I thought this would be easy to fix by adding an appropriate rule to
smapassassin, but to my surprise the milter is passing spamassassin (or, to
be more precise, spamd) a version of the 'Received:' header that does not
contain the 'Authenticated sender' information.
Unsurprisingly, Postfix is correctly flagging the authentication status in
the 'Received:' header (courtesy of smtpd_sasl_authenticated_header) in the
message that ends up in the recipient's inbox.
For example (in header of delivered message):
<snip>
Return-Path: <sen...@my.domain>
Delivered-To: recipi...@my.domain
Received: from CLIENT (client.my.domain [xx.xx.xx.xx])
(Authenticated sender: sen...@my.domain)
by server.my.domain (Postfix) with ESMTPSA id 28C0E19698
for recipi...@my.domain; xxx, xx Oct 2009 xx:xx:xx +0100 (BST)
Message-ID: xxxxx...@client
From: "sender" sen...@my.domain
To: "recipient" <recipi...@my.domain>
Subject: test auth
<snip>
Versus a capture (with tcpdump) of what the milter is sending to spamd:
<snip>
From <sen...@my.domain>
Received: from CLIENT (client.my.domain [xx.xx.xx.xx]) by server.my.domain
Message-ID: <xxxx...@client>
From: "sender" sen...@my.domain
To: "recipient" <recipi...@my.domain>
Subject: test auth
Date: xxx, xx Oct 2009 xx:xx:xx+0100
<snip>
Hmmmmm !!
So, I'd really appreciate any clues as to whether:
1) this is likely to be because I have mis-configured the milter interface
on the Postfix side (I hasten to admit I haven't yet explored any of the
params beyond smtpd_milters);
OR
2) this is more likely to be a problem with the milter itself.
All suggestions on diagnosis or workarounds very kindly appreciated.
Many kind regards, MARTIN
-----
$ postconf |grep milter
milter_command_timeout = 30s
milter_connect_macros = j {daemon_name} v _
milter_connect_timeout = 30s
milter_content_timeout = 300s
milter_data_macros = i
milter_default_action = tempfail
milter_end_of_data_macros = i
milter_end_of_header_macros = i
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject}
{cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
milter_protocol = 2
milter_rcpt_macros = i {rcpt_addr}
milter_unknown_command_macros =
non_smtpd_milters =
smtpd_milters = unix:smtp-vilter/run/smtp-vilter/smtp-vilter.sock
