On 7/18/2015 1:50 PM, Robert Morton wrote: > After-Queue Content Filter, Injecting Mail Back Into Postfix — > Mail Loop Problem > > I created a stand-alone after-queue content filter, which > listens on port 10025. The stand-alone content filter > receives e-mail messages and processes them and injects them > back into Postfix via localhost (127.0.0.1) on port 10026. > When the e-mail is injected back into postfix, the mail loops. > The mail is sent back to the content filter and an infinite > loop occurs —> E-mail —> Content Filter (10025) —> Injection > (10026) I think there is a misconfiguration in either my > main.cf or master.cf, but I don’t know what it is. Yes, I > have put in -o content_filter= to prevent mail from looping in > my master.cf, see below. I am not sure what the configuration > error is and need help.
I don't see any obvious looping errors in the config below, and no logging demonstrating the problem, so I'll offer some general advice... Turn off verbose logging. It is rarely needed, and the important stuff will get lost in the flood of unrelated entries. I don't see any content_filter directive to send mail to the filter. Are you using the FILTER directive in an access map or header/body checks? If so, you'll need to bypass that map in the post-filter smtpd. See master.cf docs or ask a specific question. Are you using a transport_maps entry to send mail to the filter? That requires multiple postfix instances. Set a different syslog_name for each of your master.cf smtp and smtpd services so you can easily distinguish them in the logs. This insures that mail is really entering on the port you intend. For example, add to the 127.0.0.01:10026 entry: -o syslog_name=postfix/after-filter or whatever name makes sense to you. HTH. -- Noel Jones > > > postconf -n postconf: warning: /etc/postfix/main.cf, line 112: > overriding earlier entry: myorigin=$myhostname > command_directory = /usr/sbin config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix data_directory = > /Library/Server/Mail/Data/mta debug_peer_level = 2 > debugger_command = > PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb > $daemon_directory/$process_name $process_id & sleep 5 > dovecot_destination_recipient_limit = 1 html_directory = > /usr/share/doc/postfix/html inet_interfaces = all mail_owner = > _postfix mailbox_size_limit = 0 mailq_path = /usr/bin/mailq > manpage_directory = /usr/share/man mydestination = $myhostname, > localhost.$mydomain, localhost, $mydomain mydomain = > docremover.com myhostname = docremover.com myorigin = > $mydomain newaliases_path = /usr/bin/newaliases > proxy_interfaces = 192.168.1.1 queue_directory = > /Library/Server/Mail/Data/spool readme_directory = > /usr/share/doc/postfix sample_directory = > /usr/share/doc/postfix/examples sendmail_path = > /usr/sbin/sendmail setgid_group = _postdrop smtpd_tls_auth_only > = yes smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL > smtpd_tls_req_ccert = yes smtpd_tls_security_level = encrypt > tls_random_source = dev:/dev/urandom > unknown_local_recipient_reject_code = 550 postconf: warning: > /etc/postfix/main.cf: unused parameter: use_sacl_cache=yes > postconf: warning: /etc/postfix/main.cf: unused parameter: > imap_submit_cred_file=/Library/Server/Mail/Config/postfix/submit.cred > > main.cf mydomain_fallback = 127.0.0.1 message_size_limit = > 10485760 biff = no mynetworks = 127.0.0.0/8, [::1]/128 > smtpd_client_restrictions = permit_mynetworks > permit_sasl_authenticated permit recipient_delimiter = + > smtpd_tls_ciphers = medium inet_protocols = all inet_interfaces > = all content_filter = scan:127.0.0.1:10025 config_directory = > /Library/Server/Mail/Config/postfix smtpd_helo_restrictions = > permit_mynetworks permit_sasl_authenticated > reject_non_fqdn_helo_hostname reject_invalid_helo_hostname > receive_override_options = no_address_mappings > smtp_tls_security_level = may smtpd_tls_cert_file = > /etc/certificates/Server Fallback SSL > Certificate.981DC6CDAC250660D860F3E75C7011909380495A.cert.pem > smtpd_enforce_tls = no smtpd_use_tls = yes smtpd_tls_CAfile = > /etc/certificates/Server Fallback SSL > Certificate.981DC6CDAC250660D860F3E75C7011909380495A.chain.pem > smtp_tls_loglevel = 1 smtpd_tls_key_file = > /etc/certificates/Server Fallback SSL > Certificate.981DC6CDAC250660D860F3E75C7011909380495A.key.pem > smtp_tls_cert_file = /etc/certificates/Server Fallback SSL > Certificate.981DC6CDAC250660D860F3E75C7011909380495A.cert.pem > smtp_tls_CAfile = /etc/certificates/Server Fallback SSL > Certificate.981DC6CDAC250660D860F3E75C7011909380495A.chain.pem > smtp_tls_key_file = /etc/certificates/Server Fallback SSL > Certificate.981DC6CDAC250660D860F3E75C7011909380495A.key.pem > > > > master.cf # # Postfix master process configuration file. For > details on the format # of the file, see the master(5) manual > page (command: "man 5 master"). # # Do not forget to execute > "postfix reload" after editing this file. # # > ========================================================================== > > # service type private unpriv chroot wakeup maxproc command + args > # (yes) (yes) (yes) (never) (100) # > ========================================================================== > > # ==== Begin auto-generated section ======================================== > # This section of the master.cf file is auto-generated by the > Server Admin # Mail backend plugin whenever mails settings are > modified. smtpd pass - - n - - > smtpd -v dnsblog unix - - n - 0 > dnsblog tlsproxy unix - - n - 0 > tlsproxy submission inet n - n - - > smtpd -o smtpd_tls_security_level=may smtp unix - - > n - - smtp -v smtp inet n - > n - 1 postscreen # === End auto-generated > section =========================================== proxywrite > unix - - n - 1 proxymap # Postfix > 2.7 and later performance feature. # -o > smtpd_proxy_options=speed_adjust > > # Modern SMTP clients communicate securely over port 25 using > the STARTTLS command. # Some older clients, such as Outlook > 2000 and its predecessors, do not properly # support this > command and instead assume a preconfigured secure connection # > on port 465. This was sometimes called "smtps", but such usage > was never # approved by the IANA and therefore conflicts with > another, legitimate assignment. # For more details about > managing secure SMTP connections with postfix, please see: # > http://www.postfix.org/TLS_README.html # To read more about > configuring secure connections with Outlook 2000, please read: > # > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307772 > > # Apple does not support the use of port 465 for this purpose. > # After determining that connecting clients do require this > behavior, you may choose # to manually enable support for these > older clients by uncommenting the following # four lines. #465 > inet n - n - - smtpd # -o > smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # > -o smtpd_client_restrictions=permit_sasl_authenticated,reject # > -o milter_macro_daemon_name=ORIGINATING #628 inet n > - n - - qmqpd pickup fifo n - > n 60 1 pickup -o content_filter= cleanup > unix n - n - 0 cleanup qmgr > fifo n - n 300 1 qmgr #qmgr > fifo n - n 300 1 oqmgr tlsmgr > unix - - n 1000? 1 tlsmgr rewrite > unix - - n - - trivial-rewrite > bounce unix - - n - 0 bounce > defer unix - - n - 0 bounce > trace unix - - n - 0 bounce > verify unix - - n - 1 verify > sacl-cache unix - - n - 1 > sacl-cache flush unix n - n 1000? 0 > flush proxymap unix - - n - - > proxymap # When relaying mail as backup MX, disable > fallback_relay to avoid MX loops relay unix - - > n - - smtp -v -o smtp_fallback_relay= # > -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix > n - n - - showq error unix - > - n - - error retry unix - - > n - - error discard unix - - n > - - discard local unix - n n > - - local virtual unix - n n - > - virtual lmtp unix - - n - > - lmtp anvil unix - - n - 1 > anvil scache unix - - n - 1 > scache > > policy unix - n n - - spawn > user=nobody:mail argv=/usr/bin/perl > /Applications/Server.app/Contents/ServerRoot/usr/libexec/postfix/greylist.pl > > scan unix - - n - 10 smtp > -o smtp_send_xforward_command=yes -o > disable_mime_output_conversion=yes -o smtp_generic_maps= > > 127.0.0.1:10026 inet n - n - 10 > smtpd -o content_filter= -o > receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters,no_address_mappings > > -o smtpd_helo_restrictions= > -o smtpd_client_restrictions= -o smtpd_sender_restrictions= # > Postfix 2.10 and later: specify empty > smtpd_relay_restrictions. -o smtpd_relay_restrictions= -o > smtpd_recipient_restrictions=permit_mynetworks,reject -o > mynetworks=127.0.0.0/8 -o > smtpd_authorized_xforward_hosts=127.0.0.0/8 > > >
0xF93A1EA0.asc
Description: application/pgp-keys
