Re: Trying to use different header_checks depending on TCP port for incoming mail

[mouss]

 Le 05/09/2010 21:32, Ralph Seichter a écrit :
On 05.09.10 20:55, Wietse Venema wrote:
As documented header_checks are not implemented in smtpd(8) but
in cleanup(8).
Yup, that's why I asked if I needed a second cleanup service.

If you are courageous you can implement different cleanup
services:

/etc/postfix/master.cf"
submission . . . . . . . . . . . smtpd
  -o cleanup_service=cleanup_for_submission
cleanup_for_submission . . . . . cleanup
  -o header_checks=pcre:/etc/postfix/submission_header_checks
I just tried this, but the mail log still returns "GOTCHA-header_checks"
instead of "GOTCHA-submission_header_checks".

   postfix/cleanup[16068]: DD8413343CD: warning: header Received: from
     server.domain.tld (p57A8518F.dip.t-dialin.net [87.168.81.143])??by
     seth.horus-it.com (Postfix) with ESMTPSA id DD8413343CD??for
     <j...@somewhere.net>; Sun, 5 Sep 2010 21:12:42 +02 from
     p57A8518F.dip.t-dialin.net[87.168.81.143]; from=<r...@domain.tld>
     to=<j...@somewhere.net>  proto=ESMTP helo=<server.domain.tld>:
     GOTCHA-header_checks
   postfix/cleanup[16068]: DD8413343CD: warning: header Received: from
     server.domain.tld (localhost [127.0.0.1])??by server.domain.tld
     (Postfix) with ESMTPS id 3424923A10??for<j...@somewhere.net>; Sun, 5 Sep
     2010 21:12:42 +0200 (CEST) from
     p57A8518F.dip.t-dialin.net[87.168.81.143]; from=<r...@domain.tld>
     to=<j...@somewhere.net>  proto=ESMTP helo=<server.domain.tld>:
     GOTCHA-header_checks

Could this have anything to do with the messages passing through
amavisd-new and returning via 127.0.0.1:10025 ?

   # cat master.cf
   smtp inet n - n - - smtpd
    -o content_filter=amavis:[127.0.0.1]:10024
   submission inet n - n - - smtpd
   # POS1
    -o cleanup_service=cleanup_submission
    -o content_filter=amavis:[127.0.0.1]:10124
    -o 
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_sasl_type=dovecot
    -o smtpd_sasl_path=private/dovecot-auth
    -o smtpd_sasl_security_options=noanonymous
   cleanup unix n - n - 0 cleanup
   cleanup_submission unix n - n - 0 cleanup
    -o header_checks=pcre:/etc/postfix/submission_header_checks
   # Mail returning from AMaViS
   127.0.0.1:10025 inet n - n - - smtpd
    -o content_filter=
    -o local_header_rewrite_clients=
    -o local_recipient_maps=
    -o mynetworks=127.0.0.0/8
    -o 
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
    -o relay_recipient_maps=
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_restriction_classes=
    -o smtpd_sender_restrictions=
    -o strict_rfc821_envelopes=yes
   # POS2
   # This does not work when placed here, either.
   # -o cleanup_service=cleanup_submission

I also tried moving "-o cleanup_service=cleanup_submission" from the
submission section (POS1) to the returning-from-AMaViS section (POS2) in
master.cf, but it did no good. I always see "GOTCHA-header_checks" in
the mail log.

-Ralph


add "-o syslog_name=postsubmission" to both your submission and 
cleanup_submission and see if it appears in your logs.

make sure your amavis:[127.0.0.1]:10124 doesn't forward mail to port 25...