integrate dspam into postfix

[Martijn de Munnik]

Hi list,

I'm trying to integrate dspam filtering into my postfix system. The  
way I have it now works for local users but when a user has an alias  
to an external domain the mail bounces. This server is for receiving  
mail only, so no submission is needed.

---

This is the mail system at host chuck.redknot.nl.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                 The mail system

<martijndemun...@chuck.redknot.nl> (expanded from <martijndemunnik>):  
unknown
  user: "martijndemunnik"
Reporting-MTA: dns; chuck.redknot.nl
X-Postfix-Queue-ID: 1C455D2A2
X-Postfix-Sender: rfc822; mart...@youngguns.nl
Arrival-Date: Thu,  2 Sep 2010 21:58:12 +0200 (CEST)

Final-Recipient: rfc822; martijndemun...@chuck.redknot.nl
Original-Recipient: rfc822;martijndemunnik
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Postfix; unknown user: "martijndemunnik"

---

The virtual file contains:
just...@suezkade.nl     martijndemun...@gmail.com

I'm sure this is because I pass "--user ${mailbox}" to the dspam  
command, but I'm not sure how to solve this. I want dspam to learn  
what is spam for my local user, so I guess dspam should be as close as  
possible to final delivery. There is also another problem. Dspam calls  
clamav to scan the message for viruses. When A virus is found dspam  
dies because the shell can't handle a negative error return code. The  
dspam list told me to use the server part of dspam to fix this and let  
postfix talk to dspam with lmtp. I'm not sure how to do this.  
virtual_transport doesn't seem to have any effect because I'm not  
using virtual_domains?

Any ideas?

Thanks,
Martijn


Output of postconf -n:

address_verify_map = btree:${data_directory}/verify
alias_maps = dbm:/etc/opt/redknot/postfix/aliases
config_directory = /etc/opt/redknot/postfix
content_filter = dspam:dpsam
disable_vrfy_command = yes
home_mailbox = Maildir/
mailbox_command = /opt/redknot/libexec/dovecot/deliver -a "$RECIPIENT"  
-m "$EXTENSION" -s
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = chuck.redknot.nl
myhostname = chuck.redknot.nl
recipient_delimiter = +
relay_domains = $mydestination, atdstramproy.nl
smtpd_banner = $myhostname ESMTP
smtpd_data_restrictions = reject_unauth_pipelining,  permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_proxy_filter = 127.0.0.1:10027
smtpd_proxy_options = speed_adjust
smtpd_recipient_restrictions = reject_non_fqdn_helo_hostname,   
reject_non_fqdn_sender,  reject_non_fqdn_recipient,   
reject_unknown_sender_domain,  reject_unknown_recipient_domain,  
reject_unauth_destination,  reject_rbl_client virbl.dnsbl.bit.nl,   
check_policy_service inet:localhost:10031,  check_policy_service  
inet:localhost:10030,  check_policy_service inet:localhost:10029,   
permit
smtpd_tls_cert_file = /etc/opt/redknot/ssl/chuck.redknot.nl.cer
smtpd_tls_key_file = /etc/opt/redknot/ssl/chuck.redknot.nl.key
smtpd_use_tls = yes
soft_bounce = yes
strict_rfc821_envelopes = yes
transport_maps = dbm:/etc/opt/redknot/postfix/transport
unknown_address_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = dbm:/etc/opt/redknot/postfix/virtual

and my master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
#  
= 
= 
========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
#  
= 
= 
========================================================================
smtp      inet  n       -       n       -       -       smtpd
#submission inet n       -       n       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX  
loops
relay     unix  -       -       n       -       -       smtp
       -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
### dspam content filter
dspam unix -       n       n       -       10      pipe
       flags=Rhqu user=dspam argv=/opt/redknot/bin/dspam --client -- 
deliver=innocent,spam --user ${mailbox} --mode=tum --mail-from=${sender}
### spf policy service
localhost:10029 inet n        n       n       -       0       spawn
       user=nobody argv=/usr/bin/policyd-spf
### mail returning from dspam
localhost:10026 inet  n       -       n       -       10      smtpd
       -o content_filter=
       -o smtpd_proxy_filter=
       -o  
receive_override_options 
=no_unknown_recipient_checks,no_header_body_checks,no_milters
       -o smtpd_helo_restrictions=
       -o smtpd_client_restrictions=
       -o smtpd_sender_restrictions=
       -o smtpd_recipient_restrictions=permit_mynetworks,reject
       -o mynetworks=127.0.0.0/8
       -o smtpd_authorized_xforward_hosts=127.0.0.0/8
### mail returning from dcc
localhost:10028 inet  n       -       n       -       10      smtpd
       -o smtpd_proxy_filter=
       -o  
receive_override_options 
=no_unknown_recipient_checks,no_header_body_checks,no_milters
       -o smtpd_helo_restrictions=
       -o smtpd_client_restrictions=
       -o smtpd_sender_restrictions=
       -o smtpd_recipient_restrictions=permit_mynetworks,reject
       -o mynetworks=127.0.0.0/8
       -o smtpd_authorized_xforward_hosts=127.0.0.0/8