Re: integrate dspam into postfix

[Martijn de Munnik]

Is there a way to use virtual_tranport with virtual_alias for this case?

On Sep 3, 2010, at 1:35 AM, Martijn de Munnik wrote:

Hi list,

I'm trying to integrate dspam filtering into my postfix system. The way I have it now works for local users but when a user has an alias to an external domain the mail bounces. This server is for receiving mail only, so no submission is needed.

---

This is the mail system at host chuck.redknot.nl.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

               The mail system

<martijndemun...@chuck.redknot.nl> (expanded from <martijndemunnik>): unknown

user: "martijndemunnik"
Reporting-MTA: dns; chuck.redknot.nl
X-Postfix-Queue-ID: 1C455D2A2
X-Postfix-Sender: rfc822; mart...@youngguns.nl
Arrival-Date: Thu,  2 Sep 2010 21:58:12 +0200 (CEST)

Final-Recipient: rfc822; martijndemun...@chuck.redknot.nl
Original-Recipient: rfc822;martijndemunnik
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Postfix; unknown user: "martijndemunnik"

---

The virtual file contains:
just...@suezkade.nl     martijndemun...@gmail.com

I'm sure this is because I pass "--user ${mailbox}" to the dspam command, but I'm not sure how to solve this. I want dspam to learn what is spam for my local user, so I guess dspam should be as close as possible to final delivery. There is also another problem. Dspam calls clamav to scan the message for viruses. When A virus is found dspam dies because the shell can't handle a negative error return code. The dspam list told me to use the server part of dspam to fix this and let postfix talk to dspam with lmtp. I'm not sure how to do this. virtual_transport doesn't seem to have any effect because I'm not using virtual_domains?

Any ideas?

Thanks,
Martijn


Output of postconf -n:

address_verify_map = btree:${data_directory}/verify
alias_maps = dbm:/etc/opt/redknot/postfix/aliases
config_directory = /etc/opt/redknot/postfix
content_filter = dspam:dpsam
disable_vrfy_command = yes
home_mailbox = Maildir/

mailbox_command = /opt/redknot/libexec/dovecot/deliver -a "$RECIPIENT" -m "$EXTENSION" -s

mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = chuck.redknot.nl
myhostname = chuck.redknot.nl
recipient_delimiter = +
relay_domains = $mydestination, atdstramproy.nl
smtpd_banner = $myhostname ESMTP
smtpd_data_restrictions = reject_unauth_pipelining,  permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_proxy_filter = 127.0.0.1:10027
smtpd_proxy_options = speed_adjust

smtpd_recipient_restrictions = reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client virbl.dnsbl.bit.nl, check_policy_service inet:localhost:10031, check_policy_service inet:localhost:10030, check_policy_service inet:localhost:10029, permit

smtpd_tls_cert_file = /etc/opt/redknot/ssl/chuck.redknot.nl.cer
smtpd_tls_key_file = /etc/opt/redknot/ssl/chuck.redknot.nl.key
smtpd_use_tls = yes
soft_bounce = yes
strict_rfc821_envelopes = yes
transport_maps = dbm:/etc/opt/redknot/postfix/transport
unknown_address_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = dbm:/etc/opt/redknot/postfix/virtual

and my master.cf

#

# Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master").

#
# Do not forget to execute "postfix reload" after editing this file.
#

# = = = = ======================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)

# = = = = ======================================================================

smtp      inet  n       -       n       -       -       smtpd
#submission inet n       -       n       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite unix - - n - - trivial- rewrite

bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops

relay     unix  -       -       n       -       -       smtp
     -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
### dspam content filter
dspam unix -       n       n       -       10      pipe

flags=Rhqu user=dspam argv=/opt/redknot/bin/dspam --client -- deliver=innocent,spam --user ${mailbox} --mode=tum --mail-from=$ {sender}

### spf policy service
localhost:10029 inet n        n       n       -       0       spawn
     user=nobody argv=/usr/bin/policyd-spf
### mail returning from dspam
localhost:10026 inet  n       -       n       -       10      smtpd
     -o content_filter=
     -o smtpd_proxy_filter=

-o receive_override_options =no_unknown_recipient_checks,no_header_body_checks,no_milters

     -o smtpd_helo_restrictions=
     -o smtpd_client_restrictions=
     -o smtpd_sender_restrictions=
     -o smtpd_recipient_restrictions=permit_mynetworks,reject
     -o mynetworks=127.0.0.0/8
     -o smtpd_authorized_xforward_hosts=127.0.0.0/8
### mail returning from dcc
localhost:10028 inet  n       -       n       -       10      smtpd
     -o smtpd_proxy_filter=

-o receive_override_options =no_unknown_recipient_checks,no_header_body_checks,no_milters

     -o smtpd_helo_restrictions=
     -o smtpd_client_restrictions=
     -o smtpd_sender_restrictions=
     -o smtpd_recipient_restrictions=permit_mynetworks,reject
     -o mynetworks=127.0.0.0/8
     -o smtpd_authorized_xforward_hosts=127.0.0.0/8