On Thu, Feb 23, 2012, at 02:28 PM, /dev/rob0 wrote:
> sendmail(1) writes mail to a file which is enqueued by the pickup(8)
> daemon. smtpd(8) is not used. smtpd-specific settings such as
> smtpd_sender_restrictions are irrelevant in this mode of submission.
Yes, it does that locally. I am sending from one machine to another.
@ my desktop,
sendmail -i -t <<EOF
From: ro...@presence-group.com
To: ro...@mail.rogermail.lan,s...@mail.rogermail.lan
Subject: test
testing
EOF
This clearly invokes postfix on the desktop machine, and sends it to the
server,
@ my desktop's log,
tail -f /var/log/mail
Feb 23 11:51:52 desk postfix/pickup[19611]: 986C040083: uid=1000
from=<roger>
Feb 23 11:51:52 desk postfix/cleanup[20619]: 986C040083:
message-id=<20120223195152.986c040...@desk.rogermail.lan>
Feb 23 11:51:52 desk postfix/qmgr[5927]: 986C040083:
from=<ro...@desk.rogermail.lan>, size=371, nrcpt=2 (queue
active)
Feb 23 11:51:52 desk postfix/smtp[20627]: connect to
mail.rogermail.lan[192.168.1.10]:25: Connection refused
Feb 23 11:51:52 desk postfix/smtp[20627]: 986C040083:
to=<s...@mail.rogermail.lan>,
relay=mail.rogermail.lan[192.168.1.10]:25, delay=0.3,
delays=0.21/0/0.03/0.06, dsn=5.1.1, status=bounced (host
mail.rogermail.lan[192.168.1.10] said: 550 5.1.1
<s...@mail.rogermail.lan>: Recipient address rejected: User
unknown in virtual mailbox table (in reply to RCPT TO command))
Feb 23 11:51:54 desk postfix/smtp[20627]: 986C040083:
to=<ro...@mail.rogermail.lan>,
relay=mail.rogermail.lan[192.168.1.10]:25, delay=1.5,
delays=0.21/0/0.03/1.2, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as 2CF8320337)
Feb 23 11:51:54 desk postfix/cleanup[20619]: 01AC540084:
message-id=<20120223195154.01ac540...@desk.rogermail.lan>
Feb 23 11:51:54 desk postfix/qmgr[5927]: 01AC540084: from=<>,
size=2601, nrcpt=1 (queue active)
Feb 23 11:51:54 desk postfix/bounce[20628]: 986C040083: sender
non-delivery notification: 01AC540084
Feb 23 11:51:54 desk postfix/qmgr[5927]: 986C040083: removed
Feb 23 11:51:54 desk postfix/local[20633]: 01AC540084:
to=<ro...@desk.rogermail.lan>, relay=local, delay=0.12,
delays=0.08/0/0/0.03, dsn=2.0.0, status=sent (delivered to
mailbox)
Feb 23 11:51:54 desk postfix/qmgr[5927]: 01AC540084: removed
which then receives it at port:25
@ my server's log,
tail -f /var/log/mail
Feb 23 11:51:49 mail postfix/postscreen[20700]: CONNECT from
[192.168.1.13]:44173
Feb 23 11:51:49 mail postfix/postscreen[20700]: PASS OLD
[192.168.1.13]:44173
Feb 23 11:51:49 mail postfix/smtpd[20618]: connect from
desk.rogermail.lan[192.168.1.13]
Feb 23 11:51:49 mail postfix/smtpd[20618]: NOQUEUE:
client=desk.rogermail.lan[192.168.1.13]
Feb 23 11:51:49 mail postfix/smtpd[20618]: NOQUEUE: reject: RCPT
from desk.rogermail.lan[192.168.1.13]: 550 5.1.1
<s...@mail.rogermail.lan>: Recipient address rejected: User
unknown in virtual mailbox table;
from=<ro...@desk.rogermail.lan> to=<s...@mail.rogermail.lan>
proto=ESMTP helo=<desk.rogermail.lan>
Feb 23 11:51:49 mail postfix/smtpd[20625]: connect from
localhost[127.0.0.1]
Feb 23 11:51:49 mail postfix/smtpd[20625]: 2CF8320337:
client=localhost[127.0.0.1],
orig_client=desk.rogermail.lan[192.168.1.13]
Feb 23 11:51:49 mail spampd[32019]: processing message
<20120223195152.986c040...@desk.rogermail.lan> for
<ro...@mail.rogermail.lan> ORCPT=rfc822;ro...@mail.rogermail.lan
Feb 23 11:51:50 mail spampd[32019]: clean message
<20120223195152.986c040...@desk.rogermail.lan> (0.00/4.00) from
<ro...@desk.rogermail.lan> for <ro...@mail.rogermail.lan>
ORCPT=rfc822;ro...@mail.rogermail.lan in 1.02s, 603 bytes.
Feb 23 11:51:50 mail postfix/cleanup[20628]: 2CF8320337:
message-id=<20120223195152.986c040...@desk.rogermail.lan>
Feb 23 11:51:50 mail postfix/qmgr[16440]: 2CF8320337:
from=<ro...@desk.rogermail.lan>, size=991, nrcpt=1 (queue
active)
Feb 23 11:51:50 mail postfix/smtpd[20618]: proxy-accept:
END-OF-MESSAGE: 250 2.0.0 Ok: queued as 2CF8320337;
from=<ro...@desk.rogermail.lan> to=<ro...@mail.rogermail.lan>
proto=ESMTP helo=<desk.rogermail.lan>
Feb 23 11:51:50 mail postfix/smtpd[20618]: disconnect from
desk.rogermail.lan[192.168.1.13]
Feb 23 11:51:50 mail postfix/smtpd[20625]: disconnect from
localhost[127.0.0.1]
Feb 23 11:51:50 mail postfix/lmtp[20654]: 2CF8320337:
to=<ro...@mail.rogermail.lan>,
relay=mail.rogermail.lan[private/dovecot-lmtp], delay=1.5,
delays=1.2/0/0.02/0.28, dsn=2.0.0, status=sent (250 2.0.0
<ro...@mail.rogermail.lan> x/CQFtaYRk/gUAAAwJ+ohQ Saved)
Feb 23 11:51:50 mail postfix/qmgr[16440]: 2CF8320337: removed
Both @desktop and @server, that certainly looks like an SMTP transaction
to me.
> > With Postfix still configured at the reinjection listener with,
>
> Why do you have this on reinjection? It will be rejected as an
> unknown user before reinjection can occur.
Because I was advised to.
I reference this specific example,
Configuring the Postfix SMTP pass-through proxy feature
http://www.postfix.org/ SMTPD_PROXY_README.html#config
Based on that, my current understanding of my config is that email is
received by postscreen, passed to the before-queue filter, then
reinjected back to a local smtpd,
(1) "POSTSCREEN"
192.168.1.10:25 |--> postscreen
192.168.1.11:25 | 'private' smtpd
-o
smtpd_proxy_filter=inet:127.0.0.1:10025
---->----
(2) "SPAMPD - BeforeQueueFilter"
--> 127.0.0.1:10025 | spampd
--host=127.0.0.1:10025
--relayhost=127.0.0.1:10026 ---->----
(3) "Reinjection Listener"
--> 127.0.0.1:10026 | smtpd
-o
smtpd_sender_restrictions=check_recipient_access,hash:/etc/postfix/spamtrap
Earlier in this thread I was *specifically* advised,
> On 02/23/2012 05:57 AM, Noel Jones wrote:
>> You can use an access map in the reinjection listener:
>>
>> # master.cf
>> 127.0.0.1:10026 inet n - n - - smtpd
>> ...
>> -o
>>
smtpd_sender_restrictions=check_recipient_access,hash:/etc/postfix/spamtrap
Which, as you can see, I've done.
> > cat /etc/postfix/spamtrap
> > s...@mail.rogermail.lan
> > postmap /etc/postfix/spamtrap
>
> This should have caused an error, because a hash: map format is "key
> whitespace value":
>
You're correct. But that was simply a copy & paste typo on my part.
This
> s...@mail.rogermail.lan DISCARD
is exactly what I have.
> Here's another thought, which I think someone else mentioned
> upthread: you could PREPEND a special header, then handle that in
> your content filter.
>
> s...@mail.rogermail.lan PREPEND X-spamtrap-garbage: YES
Will such a header be added for ALL recipients? or just for the matched
address?
Also, I assume that's still done with the check_recipient_access
restriction? If yes, then at which stage?
> > IIUC, that's a legitimate SMTP session, and that's "mail submitted
> > via SMTP", no?
>
> But it does not get to the content filter and reinjection smtpd.
That may well be the case. If so, then I'm receiving contradictory
advice. But that's a different issue than had been raised, dismissed
the test because it's not "via SMTP"
I've pored over the site, the mailing lists, and the books, and have
shared that which I've done to date, based on the understanding I've
gleaned ...
I've been asked to state my goals. Check.
I've been instructed to add the check_recipient_access constraint to my
localhost, reinjection listener. Check.
I've been told to test the mail sending via SMTP. Check.
I've been requested to send copied & pasted logs. Check.
I've been directed to post relevant configuration information, using
postfinger. Check.
I've communicated that I'm not at all wedded to a particular method of
check/discard, and that only the functional outcome is of interest to
me.
Naively, I'd assume 'this' is best done @postscreen time. Iiuc, though,
that's not currently possible, and/or would require 'additional
development'.
I'm still hoping to get some specific advice, in layman's terms, how to
specifically get done what i've set out to do.
Two pending questions for me, atm,
(1) is the PREPEND header option an all-recipient solution, or just for
the matched recipient address?
(2) at what stage should this restriction check be added? i've got both
a 'yes' and a 'no' for @ the reinjection listener.
Roger
