On 18/05/2012 21:19, Noel Jones wrote:
On 5/18/2012 1:06 PM, Chris wrote:
Hi Noel,
The email from gmail.com in my example log comes in on port 25 - the
1st line in master.cf. If I leave the "-o
content_filter=lmtp:unix:/tmp/dspam.sock" in instead of removing it,
then authenticating users who choose to use port 25 in their email
clients will also go through dspam as well as non-authenticating
users. That is why I need to have this:
[Please don't top post. Thanks.]
Hi Noel,
OK all points taken - thanks.
I won't re-include the log because its all there in the original post.
OK, you didn't mention that you have users that MUST use port 25.
Typically mail submission and incoming mail are separated so that
you can easily apply proper policy to each function. You should
seriously consider getting authenticated users off of port 25, but
that's another discussion.
caught by the check_client_access line at the end, which puts them
through dspam, but _unfortunately_ before queue.
dspam is not running before queue, get that idea out of your head.
Well if it's running after queue, then all my before-queue worries (cpu
usage, port 25 traffic buildup, performance, reliability) are gone - but....
Log:
May 15 18:30:25 s1 postfix/smtpd[19422]: connect from
mail-pb0-f46.google.com[209.85.160.46]
May 15 18:30:25 s1 postfix/smtpd[19422]: NOQUEUE: filter: RCPT from
mail-pb0-f46.google.com[209.85.160.46]: <mail-pb0-f46.google.com[
Plus:
postfix-users "Postfix rejecting e-mail without providing reason..." Wed
Oct 31, 2007
http://tech.groups.yahoo.com/group/postfix-users/message/229132
Wietse Venema says "NOQUEUE means that either Postfix has not yet
created a queue file, or that it is giving the mail to a before-queue
content filter."
When I came across this post I assumed (given what I saw in the log)
that the second half of Wietse's and/or statement was what was
happening. But if it's the first half then.... well I have created my
own little storm in own little teacup - sorry to involve you and others.
As for why mail is going through dspam when you don't intend, you
have a configuration error. To get help finding the error, please see:
http://www.postfix.org/DEBUG_README.html#mail
Mail not is going through dspam when I don't intend, if by "when" you
mean when a non sasl_authenticated connection is received. If you mean
before-queue as opposed to after-queue, then yes I don't intend
before-queue.
In particular, show "postconf -n" rather than random main.cf
snippings; show contents of relevant lookup tables; show unmodified
non-verbose logs showing the unwanted behavior (mail addresses may
be redacted, but please don't alter anything else).
-- Noel Jones
!DSPAM:4fb6a0cf193091083363532!
Lastly, before appending my postconf -n and master.cf, let me say that I
got a strong impression from googling all postfix howtos addressing my
requirements that this combination of
"permit_sasl_authenticated / check_client_access
pcre:/etc/postfix/dspam_filter_access"
is preferred (and seemingly successfully) by several guides to setting
up Postfix with a content-filter such as dspam:
https://help.ubuntu.com/community/Postfix/Dspam
http://diymacserver.com/installing-the-mailserver/the-mailserver-on-snow-leopard/configure-postfix-to-use-dspam-on-snow-leopard/
http://switch.richard5.net/isp-in-a-box-v2/setting-up-dspam/configure-postfix-for-the-dspam-content-filter/
http://www.owlfish.com/thoughts/dovecot-antispam-2011-03-21.html
http://dspamwiki.expass.de/Installation/Postfix/NealesSetup
It avoids having to configure and maintain separate IP addresses and is
tolerant of real-world users who may use port 25 or port 587 (because
their ISP has its own mail server proxy on port 25).
# main.cf: postconf -n
-------------
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
inet_interfaces = all
mail_owner = postfix
mailbox_size_limit = 0
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = ispan.net
myhostname = s1.ispan.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104
mynetworks_style = host
myorigin = $myhostname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, check_sender_access
hash:/etc/postfix/whitelist_sende
r_access, check_client_access
hash:/etc/postfix/whitelist_host_access, reject_rbl_client
sbl.spamhaus.org, reject_rbl_client bl.spamcop.net,
reject_unknown_client_hostname, check_client_access
pcre:/etc/postfix/dspam_filter_access
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth-client
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = pcre:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/valias
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail
virtual_mailbox_domains = /etc/postfix/vdomains
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
# master.cf:
-----------
smtp inet n - - - - smtpd
127.0.0.1:10024 inet n - n - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
submission inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
dspam-retrain unix - n n - 10 pipe
flags=Ru user=dspam argv=/etc/dspam/dspam-retrain $nexthop $sender
$recipient
dspam_filter_access
--------------------
/^(spam|notspam|ham)@.*$/ OK
/./ FILTER lmtp:[127.0.0.1]:11124
transport:
-------------
/^spam@.*$/ dspam-retrain:spam
/^(notspam|ham)@.*$/ dspam-retrain:innocent
Cheers,
Chris
