Re: Trying to use different header_checks depending on TCP port for incoming mail

[Ralph Seichter]

On 05.09.10 22:07, Wietse Venema wrote:

> Are you running header_checks BEFORE or AFTER the external content
> filter, or both? See the receive_override_options discussion in
> the Postfix FILTER_README documentation.

Sorry, I re-read the FILTER_README multiple times, but I am not sure how
to answer your question. I'll include my master.cf and "postconf -n"
output so you can see for yourself:


# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases hash:/usr/local/mailman/data/aliases
authorized_flush_users = hash:$config_directory/admins-flush
authorized_mailq_users = hash:$config_directory/admins-mailq
biff = no
body_checks = pcre:$config_directory/body_checks
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
defer_transports =
header_checks = pcre:$config_directory/header_checks
home_mailbox = .maildir/
html_directory = /usr/share/doc/postfix/html
mail_owner = postfix
mailbox_transport = lmtp:unix:private/dovecot-lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 31457280
mydestination = $myhostname localhost.$mydomain localhost [12.34.56.78]
myhostname = server.somedomain.tld
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/readme
recipient_delimiter = +
sample_directory = /etc/postfix
sender_canonical_maps = pcre:$config_directory/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:$config_directory/saslpass
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/somecafile.pem
smtp_tls_cert_file = $config_directory/tls/server.crt
smtp_tls_key_file = $config_directory/tls/server.key
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = check_client_access 
cidr:$config_directory/client_access reject_rbl_client ix.dnsbl.manitu.net 
reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net 
warn_if_reject reject_rbl_client dnsbl.sorbs.net warn_if_reject 
reject_unknown_reverse_client_hostname permit
smtpd_helo_required = yes
smtpd_helo_restrictions = check_helo_access pcre:$config_directory/helo_access 
reject_invalid_helo_hostname reject_non_fqdn_helo_hostname warn_if_reject 
reject_unknown_helo_hostname permit
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated 
check_recipient_access pcre:$config_directory/recipient_access 
check_policy_service inet:[127.0.0.1]:10023 reject_unauth_destination 
reject_non_fqdn_recipient reject_unlisted_recipient 
reject_unknown_recipient_domain reject_unauth_pipelining permit
smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated 
check_sender_access pcre:$config_directory/sender_access reject_non_fqdn_sender 
reject_unknown_sender_domain permit
smtpd_tls_CAfile = $smtp_tls_CAfile
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = $smtp_tls_cert_file
smtpd_tls_key_file = $smtp_tls_key_file
smtpd_tls_loglevel = $smtp_tls_loglevel
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550


# cat master.cf
smtp      inet  n       -       n       -       -       smtpd
 -o content_filter=amavis:[127.0.0.1]:10024

cleanup_submission  unix  n  -  n  -  0  cleanup
 -o header_checks=pcre:/etc/postfix/submission_header_checks

submission  inet  n  -  n  -  -  smtpd
 -o content_filter=amavis:[127.0.0.1]:10124
 -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/dovecot-auth
 -o smtpd_sasl_security_options=noanonymous
 -o cleanup_service=cleanup_submission

pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

amavis  unix  -  -  n  -  2  smtp
 -o smtp_send_xforward_command=yes

127.0.0.1:10025  inet  n  -  n  -  -  smtpd
 -o content_filter=
 -o local_header_rewrite_clients=
 -o local_recipient_maps=
 -o mynetworks=127.0.0.0/8
 -o 
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
 -o relay_recipient_maps=
 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
 -o smtpd_client_restrictions=
 -o smtpd_helo_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o smtpd_restriction_classes=
 -o smtpd_sender_restrictions=
 -o strict_rfc821_envelopes=yes