Re: how to correctly pass 'real-ip' to/through milters?

Sat, 13 Oct 2018 09:47:07 -0700 

On 12.10.18 17:24, pg...@dev-mail.net wrote:

I'm experimenting with setting up & using various milters in my inbound
processing.

Atm, I have an internal postfix instance that receives mail from a pre-Q
instance of amavisd, which then submits the mail to a chain of milters,
then subsequently passes it onto a post-Q amavisd instance for further
processing.



In effect,

        (postscreen) -> (postfix internal smtpd) -> (amavisd preQ) -> (milters)


this is useless. milter is designed to be run directly at messsage
receiving, not during further processing.


That 'milters' instance has a config of
        ...

        [127.0.0.1]:10010 inet n        -        n        -        -       smtpd
          -o smtpd_banner=localhost.10010
          -o syslog_name=postfix/in-preQ
          -o milter_protocol=6
          -o 
smtpd_milters=unix:/var/run/clamav/clamav-milter.socket,unix:/var/run/auth-milter/auth-milter.sock,unix:/var/run/milter-regex/milter-regex.sock
          -o content_filter=amavisfeed:[127.0.0.1]:20010
          -o mynetworks=127.0.0.0/8
        ...


move the milter to port 25.


The 'auth-milter' authenticates SPF, DKIM, DMARC & ARC, and generates a unified 
header.

Atm, it's not returning an SPF result.

Speaking with the milter author, he comments

        "The issue is that postfix can't pass the correct IP to the milter
       when it is not the instance which accepted the original connection.  I
       don't think there is an easy fix for this given the current 
architecture."

and that one option is to

        "Move the milter calls to authentication_milter to the instance of
       postfix which accepts the original connection."

       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


I'm unfamiliar with the passing of 'real-IP' information through milters.


move the milter to port 25.


*IS* there an "x-forward" or equivalent that preserves this?


no.


I've (re)read

        Postfix before-queue Milter support
         http://www.postfix.org/MILTER_README.html

and if that's telling me how to deal with this, I'm missing it.


It's just above. Move the milter to the port 25.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.

Reply via email to