Hi
I have a problem with setting up a combination of Postfix, dspam, clamav
and dovecot.
What I want to achieve is to get the mail scanned by dspam and clamav
before dovecot(sieve) delivers the mail.
I don't know if this is the best setup but I think that this should give
me the spam and virus filter that I need.
My setup look like this.
*** main.cf ***
# --------------- local settings ------------------
myhostname = agile.dk
inet_interfaces = all
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104
[::1]/128,192.1.1.64/26,192.1.1.1
mydestination = localhost
relayhost = mail.telenor.dk
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
mailbox_size_limit = 0
recipient_delimiter = +
alias_maps = hash:/etc/aliases
dspam_destination_recipient_limit = 1
content_filter = scan:127.0.0.1:2424
# ---------------------- VIRTUAL DOMAINS START ----------------------
local_transport=virtual;
virtual_mailbox_domains = mysql:/etc/postfix/mysql/domains.cf
virtual_mailbox_base = /var/spool/postfix/virtual
virtual_mailbox_maps = mysql:/etc/postfix/mysql/aliases.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/remote_aliases.cf
virtual_mailbox_limit = 102400000
virtual_minimum_uid = 101
virtual_uid_maps = mysql:/etc/postfix/mysql/vuids.cf
virtual_gid_maps = mysql:/etc/postfix/mysql/vgids.cf
virtual_alias_domains =
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
# ---------------------- VIRTUAL DOMAINS END ----------------------
# ---------------------- SASL PART START ----------------------
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# ---------------------- SASL PART END ----------------------
# ---------------------- TLS PART START ----------------------
#smtp_tls_CAfile = /etc/pki/tls/certs/cert.pem
smtp_tls_cert_file = /etc/postfix/smtpd.cert
smtp_tls_key_file = /etc/postfix/smtpd.key
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
# ---------------------- TLS PART END ----------------------
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
disable_vrfy_command = yes
non_fqdn_reject_code = 450
invalid_hostname_reject_code = 450
maps_rbl_reject_code = 450
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_invalid_helo_hostname
warn_if_reject reject_non_fqdn_helo_hostname
warn_if_reject reject_unknown_helo_hostname
warn_if_reject reject_unknown_client
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client dnsbl.sorbs.net=127.0.0.2
reject_rbl_client dnsbl.sorbs.net=127.0.0.3
reject_rbl_client dnsbl.sorbs.net=127.0.0.4
reject_rbl_client dnsbl.sorbs.net=127.0.0.5
reject_rbl_client dnsbl.sorbs.net=127.0.0.7
reject_rbl_client dnsbl.sorbs.net=127.0.0.9
reject_rbl_client dnsbl.sorbs.net=127.0.0.11
reject_rbl_client dnsbl.sorbs.net=127.0.0.12
warn_if_reject reject_rhsbl_sender dsn.rfc-ignorant.org
warn_if_reject reject_rhsbl_sender abuse.rfc-ignorant.org
warn_if_reject reject_rhsbl_sender whois.rfc-ignorant.org
warn_if_reject reject_rhsbl_sender bogusmx.rfc-ignorant.org
warn_if_reject reject_rhsbl_sender postmaster.rfc-ignorant.org
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
*** master.cf ***
smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
dspam unix - n n - 10 pipe
flags=DRhu user=dspam argv=/usr/bin/dspam --deliver=innocent,spam
--user ${user}@${nexthop} -i -f $sender -- $recipient
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender}
-d ${user}@${nexthop} -a ${recipient}
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
*** dspam.conf ***
Home /var/spool/dspam
StorageDriver /usr/lib/dspam/libhash_drv.so
TrustedDeliveryAgent "/usr/lib/dovecot/deliver -d %u"
UntrustedDeliveryAgent "/usr/lib/dovecot/deliver -d %u"
DeliveryHost 127.0.0.1
DeliveryPort 10026
DeliveryIdent localhost
DeliveryProto SMTP
QuarantineAgent "/usr/lib/dovecot/deliver -d %u -m SPAM"
OnFail error
Trust root
Trust dspam
Trust www-data
Trust mail
Trust postfix
Debug *
TrainingMode teft
TestConditionalTraining on
Feature whitelist
Algorithm graham burton
Tokenizer chain
PValue bcr
WebStats on
Preference "trainingMode=TEFT" # { TOE | TUM | TEFT | NOTRAIN }
-> default:teft
Preference "spamAction=tag" # { quarantine | tag | deliver }
-> default:quarantine
Preference "spamSubject=[SPAM]" # { string } -> default:[SPAM]
Preference "statisticalSedation=5" # { 0 - 10 } -> default:0
Preference "enableBNR=on" # { on | off } -> default:off
Preference "enableWhitelist=on" # { on | off } -> default:on
Preference "signatureLocation=message" # { message | headers } ->
default:message
Preference "tagSpam=off" # { on | off }
Preference "tagNonspam=off" # { on | off }
Preference "showFactors=off" # { on | off } -> default:off
Preference "optIn=off" # { on | off }
Preference "optOut=off" # { on | off }
Preference "whitelistThreshold=10" # { Integer } -> default:10
Preference "makeCorpus=off" # { on | off } -> default:off
Preference "storeFragments=off" # { on | off } -> default:off
Preference "localStore=" # { on | off } -> default:username
Preference "processorBias=on" # { on | off } -> default:on
Preference "fallbackDomain=off" # { on | off } -> default:off
Preference "trainPristine=off" # { on | off } -> default:off
Preference "optOutClamAV=off" # { on | off } -> default:off
Preference "ignoreRBLLookups=off" # { on | off } -> default:off
Preference "RBLInoculate=off" # { on | off } -> default:off
Preference "notifications=off" # { on | off } -> default:off
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride fallbackDomain
AllowOverride ignoreGroups
AllowOverride ignoreRBLLookups
AllowOverride localStore
AllowOverride makeCorpus
AllowOverride optIn
AllowOverride optOut
AllowOverride optOutClamAV
AllowOverride processorBias
AllowOverride RBLInoculate
AllowOverride showFactors
AllowOverride signatureLocation
AllowOverride spamAction
AllowOverride spamSubject
AllowOverride statisticalSedation
AllowOverride storeFragments
AllowOverride tagNonspam
AllowOverride tagSpam
AllowOverride trainPristine
AllowOverride trainingMode
AllowOverride whitelistThreshold
AllowOverride dailyQuarantineSummary
AllowOverride notifications
Notifications off
PurgeSignatures 14 # Stale signatures
PurgeNeutral 90 # Tokens with neutralish probabilities
PurgeUnused 90 # Unused tokens
PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes)
PurgeHits1S 15 # Tokens with only 1 spam hit
PurgeHits1I 15 # Tokens with only 1 innocent hit
LocalMX 127.0.0.1
SystemLog on
UserLog on
Opt out
ClamAVPort 3310
ClamAVHost 127.0.0.1
ClamAVResponse accept
ServerHost 127.0.0.1
ServerPort 2424
ServerQueueSize 32
ServerPID /var/run/dspam/dspam.pid
ServerMode standard
ServerParameters "--deliver=innocent -d %u"
ProcessorURLContext on
ProcessorBias on
StripRcptDomain off
Include /etc/dspam/dspam.d/
When I get mail I get the following error when postfix tries to deliver
to dspam.
Sep 22 15:46:24 NoiceControl postfix/smtp[11989]: A25A84A2072:
to=<j...@agile.dk>, relay=127.0.0.1[127.0.0.1]:2424, delay=0.8,
delays=0.69/0.02/0.08/0, dsn=5.0.0, status=bounced (host
127.0.0.1[127.0.0.1] refused to talk to me: 503 5.0.0 Need LHLO here.)
I have no idea where to look in the setup for the error and what to fix.
I hope someone know what to do and what I done wrong.
Kind Regards
Jan
