On Sun, Jun 21, 2015, at 03:15 PM, PGNd wrote:
> The link references will surely provide the solution; just not obvious quite
> yet.
Attempting to design a config for mail sent from backend valid user
(us...@dddd1.com) to 'spam@' address on frontend, specifically to
"spam.1...@mail.dddd.com" to be piped to a script.
On the frontend
/main.cf
myhostname = mailhost.DDDD.com
mydomain = mail.DDDD.com
myorigin = $mydomain
mydestination = $myhostname localhost.$mydomain localhost
$mydomain
relay_domains = DDDD.com
DDDD1.com
...
DDDDn.com
parent_domain_matches_subdomains =
local transport is enabled
local_transport = local:$myhostname
for the recipients 'known' as local
local_recipient_maps =
lmdb:/usr/local/etc/postfix/local_recipient_map
/local_recipient_map
spam.1...@mail.dddd.com IGNORED_VALUE
ham.1...@mail.dddd.com IGNORED_VALUE
In this frontend/backend setup, all outbound mail from the backend is sent
to/via a SMARTHOST service on the frontend.
I need to conditionally intercept sent-to/via-smarthost email to either
(1) accept/pipe mail to "spam.1...@mail.dddd.com" or "ham.1...@mail.dddd.com"
to a local SA learn script
or
(2) forward all the rest to an amavisd 'feed' content-filter for DKIM signing
and subsequent outbound relay
Step (2) already works as intended.
Reading
http://www.postfix.org/postconf.5.html#content_filter
This setting has lower precedence than a FILTER action that is
specified
in an access(5), header_checks(5) or body_checks(5) table.
As higher precedence operations execute before lower precedence ones, adding an
access/check containing a FILTER for the spam@/ham@ addresses should override
the amavisd-feed content_filter, redirecting instead to the pipe
I attempt that here
/master.cf
...
local unix - n n - -
local
amavisfeed unix - - n - 2
smtp
-o syslog_name=postfix/amavis-feed
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
sa-spam unix - n n - -
pipe
user=amavisd:amavisd
argv=/usr/local/etc/spamassassin/salearn-wrapper.pl spam ${sender}
sa-ham unix - n n - -
pipe
user=amavisd:amavisd
argv=/usr/local/etc/spamassassin/salearn-wrapper.pl ham ${sender}
[internal.mail.DDDD.com]:587 inet n - n - - smtpd
-o syslog_name=postfix/smarthost
-o content_filter=amavisfeed:[127.0.0.1]:10003
-o
relay_clientcerts=lmdb:/usr/local/etc/postfix/smarthost_clientcerts
{ ... TLS config ... }
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
- -o smtpd_relay_restrictions=permit_tls_clientcerts,reject
+ -o
smtpd_relay_restrictions=check_sender_access,lmdb:/usr/local/etc/postfix/salearn_filter_map,permit_tls_clientcerts,reject
-o smtpd_recipient_restrictions=
-o smtpd_data_restrictions=
-o smtpd_end_of_data_restrictions=
-o smtpd_etrn_restrictions=
/salearn_filter_map
spam.1...@mail.dddd.com FILTER sa-spam
ham.1...@mail.dddd.com FILTER sa-ham
On test send from us...@dddd1.com -> spam.1...@mail.dddd.com, the message send
is
connected, trusted & received received by the frontend smarthost service,
Jun 21 16:38:25 mailhost postfix/smarthost/smtpd[23966]: connect from
internal.mail-backend.DDDD.com[10.2.0.100]
Jun 21 16:38:25 mailhost postfix/smarthost/smtpd[23966]: Trusted TLS
connection established from internal.mail-backend.DDDD.com[10.2.0.100]: TLSv1.2
with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jun 21 16:38:26 mailhost postfix/smarthost/smtpd[23966]: 0964A66792:
client=internal.mail-backend.DDDD.com[10.2.0.100]
Jun 21 16:38:26 mailhost postfix/cleanup[23969]: 0964A66792:
message-id=<55874af0.6060...@dddd1.com>
Jun 21 16:38:26 mailhost postfix/qmgr[23928]: 0964A66792:
from=<us...@dddd1.com>, size=2418, nrcpt=1 (queue active)
Jun 21 16:38:26 mailhost postfix/smarthost/smtpd[23966]: disconnect
from internal.mail-backend.DDDD.com[10.2.0.100] ehlo=2 starttls=1 mail=1 rcpt=1
data=1 quit=1 commands=7
but then incorrectly handed off to the amavisd-feed, rather than the pipe
Jun 21 16:38:26 mailhost postfix/smtpd[23973]: connect from
localhost[127.0.0.1]
Jun 21 16:38:27 mailhost postfix/smtpd[23973]: 31C1A66793:
client=localhost[127.0.0.1]
Jun 21 16:38:27 mailhost postfix/cleanup[23969]: 31C1A66793:
message-id=<55874af0.6060...@dddd1.com>
Jun 21 16:38:27 mailhost postfix/qmgr[23928]: 31C1A66793:
from=<us...@dddd1.com>, size=3756, nrcpt=1 (queue active)
Jun 21 16:38:27 mailhost postfix/smtpd[23973]: disconnect from
localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun 21 16:38:27 mailhost postfix/amavis-feed/smtp[23970]: 0964A66792:
to=<spam.1...@mail.dddd.com>, relay=127.0.0.1[127.0.0.1]:10003, delay=1.2,
delays=0.05/0.01/0/1.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:11032): 250 2.0.0 Ok: queued as 31C1A66793)
Jun 21 16:38:27 mailhost postfix/qmgr[23928]: 0964A66792: removed
and subsequently bounced (loops back to myself)
Jun 21 16:38:27 mailhost postfix/smtp-out-ext/smtp[23974]: 31C1A66793:
to=<spam.1...@mail.dddd.com>, relay=none, delay=0.01, delays=0/0.01/0/0,
dsn=5.4.6, status=bounced (mail for mail.DDDD.com loops back to myself)
The intention is that this step
Jun 21 16:38:26 mailhost postfix/qmgr[23928]: 0964A66792:
from=<us...@dddd1.com>, size=2418, nrcpt=1 (queue active)
should, instead, follow with a connect to the FILTER target, the 'sa-spam' pipe
service.
Clearly, it's not.
Is the overall logical flow here flawed? Or just some config within it?
