On Nov 19, 2009, at 2:39 PM, Jay wrote:
> I had a user that has a 3G data dongle and we found that their messages were
> being discarded. SpamAssassin was identifying the sender IP as from a DUL and
> assigned a very high score. I realized that I had not set the content-filter
> to be excluded for submission users, so I went and did that in master.cf:
>
> submission inet n - n - - smtpd
> -o smtpd_enforce_tls=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
> -o content_filter=
>
> At this point, the user could now send mail via submission, but only to
> EXTERNAL users. Any mail set for local users was still getting tested by
> amavisd-new and thus SA, and thus getting rejected. Here is the mail.log:
>
> Nov 19 12:08:21 extranet postfix/smtpd[27677]: warning: 114.75.3.145:
> hostname 114.75.3.145.optusnet.com.au verification failed: Name or service
> not known
> Nov 19 12:08:21 extranet postfix/smtpd[27677]: connect from
> unknown[114.75.3.145]
> Nov 19 12:08:24 extranet postfix/smtpd[27677]: 384BF1E880EA:
> client=unknown[114.75.3.145], sasl_method=PLAIN,
> sasl_username=sen...@domain.com
> Nov 19 12:08:24 extranet postfix/cleanup[27681]: 384BF1E880EA:
> message-id=<981e4e91-c396-412f-8d55-6f93f26a3...@domain.com>
> Nov 19 12:08:25 extranet postfix/qmgr[15871]: 384BF1E880EA:
> from=<sen...@domain.com>, size=57892, nrcpt=1 (queue active)
> Nov 19 12:08:25 extranet postfix-local[27944]: postfix-local:
> from=sen...@domain.com, to=recipi...@domain.com, dirname=/var/qmail/mailnames
> Nov 19 12:08:25 extranet postfix-local[27944]: hook_dir =
> '/usr/local/psa/handlers/before-local'
> Nov 19 12:08:25 extranet postfix-local[27944]: recipient[3] =
> 'recipi...@domain.com'
> Nov 19 12:08:25 extranet postfix-local[27944]: handlers dir =
> '/usr/local/psa/handlers/before-local/recipient/recipi...@domain.com'
> Nov 19 01:08:26 extranet postfix/pickup[13775]: 216641E880EF: uid=110
> from=<sen...@domain.com>
> Nov 19 12:08:26 extranet postfix/cleanup[27681]: 216641E880EF:
> message-id=<981e4e91-c396-412f-8d55-6f93f26a3...@domain.com>
> Nov 19 12:08:26 extranet postfix/pipe[27698]: 384BF1E880EA:
> to=<recipi...@domain.com>, relay=plesk_virtual, delay=2, delays=1.8/0/0/0.17,
> dsn=2.0.0, status=sent (delivered via plesk_virtual service)
> Nov 19 12:08:26 extranet postfix/qmgr[15871]: 384BF1E880EA: removed
> Nov 19 12:08:26 extranet postfix/qmgr[15871]: 216641E880EF:
> from=<sen...@domain.com>, size=58088, nrcpt=1 (queue active)
> Nov 19 12:08:29 extranet postfix/smtpd[27719]: CD6EC1E880EA:
> client=unknown[114.75.3.145]
> Nov 19 12:08:29 extranet postfix/cleanup[27681]: CD6EC1E880EA:
> message-id=<981e4e91-c396-412f-8d55-6f93f26a3...@domain.com>
> Nov 19 12:08:29 extranet postfix/smtpd[27719]: disconnect from
> localhost.localdomain[127.0.0.1]
> Nov 19 12:08:29 extranet postfix/qmgr[15871]: CD6EC1E880EA:
> from=<sen...@domain.com>, size=58565, nrcpt=1 (queue active)
> Nov 19 12:08:29 extranet amavis[26386]: (26386-02) Passed SPAMMY,
> [114.75.3.145] [114.75.3.145] <sen...@domain.com> ->
> <recipi...@office.p3.com.au>, Message-ID:
> <981e4e91-c396-412f-8d55-6f93f26a3...@domain.com>, mail_id: 4NBOTooBA2EW,
> Hits: 9.651, size: 58074, queued_as: CD6EC1E880EA, 3714 ms
> Nov 19 12:08:29 extranet postfix/lmtp[27712]: 216641E880EF:
> to=<recipi...@office.p3.com.au>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.7,
> delays=0.01/0/0/3.7, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=26386-02, from
> MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as CD6EC1E880EA)
> Nov 19 12:08:29 extranet postfix/qmgr[15871]: 216641E880EF: removed
>
> It seems that 384BF1E880EA is the message coming in via submission and it is
> happily accepted without being content-filtered. But then it seems to be run
> through processes again, obviously following different parameters than the
> ones I set in submission, as message CD6EC1E880EA is run through SA.
>
> Can I & how do I stop these local emails sent via submission from getting run
> through the content-filter?
>
> -- Here is some of my non-default config --
>
> master.cf:
>
> amavisfeed unix - - n - 2 lmtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes
> -o max_use=20
>
> 127.0.0.1:10025 inet n - n - - smtpd
> -o content_filter=
> -o smtpd_delay_reject=no
> -o smtpd_client_restrictions=permit_mynetworks,reject
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o smtpd_data_restrictions=reject_unauth_pipelining
> -o smtpd_end_of_data_restrictions=
> -o smtpd_restriction_classes=
> -o mynetworks=127.0.0.0/8
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
> -o smtpd_client_connection_count_limit=0
> -o smtpd_client_connection_rate_limit=0
> -o
> receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
> -o local_header_rewrite_clients=
> -o smtpd_milters=
> -o local_recipient_maps=
> -o relay_recipient_maps=
>
> plesk_virtual unix - n n - - pipe flags=DORhu user=popuser:popuser
> argv=/usr/lib/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p
> /var/qmail/mailnames
>
> plesk_saslauthd unix y y y - 1 plesk_saslauthd status=5 listen=6
> dbpath=/plesk/passwd.db
>
> And here is the output of postconf -n:
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
> bounce_queue_lifetime = 18h
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = amavisfeed:[127.0.0.1]:10024
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> debug_peer_list = 122.110.171.251
> delay_warning_time = 2h
> html_directory = no
> inet_interfaces = all
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> maximal_queue_lifetime = 18h
> message_size_limit = 20480000
> mydestination = $myhostname, localhost.$mydomain, localhost
> mynetworks = 127.0.0.0/8, 122.201.102.31/32
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
> sample_directory = /usr/share/doc/postfix-2.3.3/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_send_xforward_command = yes
> smtp_tls_security_level = may
> smtp_use_tls = no
> smtpd_authorized_xforward_hosts = 127.0.0.0/8
> smtpd_client_restrictions =
> smtpd_recipient_restrictions = permit_mynetworks, check_client_access
> pcre:/var/spool/postfix/plesk/no_relay.re, permit_sasl_authenticated,
> reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sender_restrictions = check_sender_access
> hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated,
> check_client_access pcre:/var/spool/postfix/plesk/non_auth.re
> smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
> smtpd_tls_key_file = $smtpd_tls_cert_file
> smtpd_tls_security_level = may
> smtpd_use_tls = yes
> soft_bounce = yes
> transport_maps = hash:/var/spool/postfix/plesk/transport
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
> virtual_gid_maps = static:31
> virtual_mailbox_base = /var/qmail/mailnames
> virtual_mailbox_domains = $virtual_mailbox_maps,
> hash:/var/spool/postfix/plesk/virtual_domains
> virtual_mailbox_maps = hash:/var/spool/postfix/plesk/vmailbox
> virtual_transport = plesk_virtual
> virtual_uid_maps = static:110
>
> This is my first post, so please forgive me if I've done something wrong or
> stupidly. Thank you!
Actually, I think the message is delivered locally successfully. But there is a
redirect in place and it seems that the redirection is scanned on its way
outbound by amavisd-new and then discarded. How do I control what
content_filter directive is applied to redirects?
