Re: check policy service postfwd

[Admin Beckspaced]

Admin Beckspaced:
anyway I was thinking that every incoming message postfix receives will
get send to postfwd for further inspections?
That depends on where in smtpd_mumble_restrictions
the 'check_policy_service' appears.
Hint: show "postconf -n" instead of main.cf cut and paste.
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040
According to this, Postfix invokes check_policy_service at end-of-data.
This requires that Postfix did not block the client, ehlo/helo, sender,
at least one recipient, and the data command.
Also, check_policy_service/postfwd does not inspect email content.
It reports that the end-of-data state was reached, plus some SMTP
session properties.

        Wietse

Hello Wietse,
thanks again for your time & help to look at this!

my postfwd setup looks at the rate of emails send in a timeperiod by the 
sasl auth users
postfwd also checks on the number of recipients per sasl auth user based 
on recipient_count by postfix

recipient_count is non zero only in "DATA" and "END-OF-MESSAGE" -> 
http://www.postfix.org/SMTPD_POLICY_README.html
therefore I went with smtpd_end_of_data_restrictions = 
check_policy_service inet:127.0.0.1:10040

But still, I I look at the logs I see postfwd sometimes not being called 
by postfix?
Or is it simply not logged by postfwd? verbose logging is enabled in 
postfwd.

I'm also not exactly sure what you mean by 'postfix and the data command.' ?

But please have a look at the logs below. Sometimes there's postfwd and 
sometimes not.

I was thinking that every incoming message postfix receives will get 
send to postfwd for further inspections?

Thanks again for your time & help. Sorry for my long email, but how can 
I explain shorter?
Greetings
Becki

here's an email from facebook with postfix & postfwd

Mar 01 05:33:52 cx20 postfix/smtpd[14490]: E50101A2042: 
client=66-220-155-145.mail-mail.facebook.com[66.220.155.145]
Mar 01 05:33:53 cx20 postfix/cleanup[14494]: E50101A2042: 
message-id=<5faab165ff43795f33fdbe09d340ac51@c2eca9eea82fcb8a76fe1f543047de03dca48bdb9d61d2a196fb14e344d2a155>
Mar 01 05:33:53 cx20 postfwd[27680]: 2019/03/01-05:33:53 CONNECT TCP 
Peer: "[127.0.0.1]:47902" Local: "[127.0.0.1]:10040"
Mar 01 05:33:53 cx20 postfix/qmgr[21922]: E50101A2042: 
from=<notificat...@facebookmail.com>, size=71957, nrcpt=1 (queue active)
Mar 01 05:33:55 cx20 postfix/smtpd[14497]: connect from 
localhost.beckspaced.com[127.0.0.1]
Mar 01 05:33:55 cx20 postfix/smtpd[14497]: AE8EF1A2143: 
client=localhost.beckspaced.com[127.0.0.1]
Mar 01 05:33:55 cx20 postfix/cleanup[14494]: AE8EF1A2143: 
message-id=<5faab165ff43795f33fdbe09d340ac51@c2eca9eea82fcb8a76fe1f543047de03dca48bdb9d61d2a196fb14e344d2a155>
Mar 01 05:33:55 cx20 postfix/qmgr[21922]: AE8EF1A2143: 
from=<notificat...@facebookmail.com>, size=72492, nrcpt=1 (queue active)
Mar 01 05:33:55 cx20 postfix/smtpd[14497]: disconnect from 
localhost.beckspaced.com[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 
commands=5
Mar 01 05:33:55 cx20 amavis[11441]: (11441-19) Passed CLEAN 
{RelayedInbound}, EXTERNAL [66.220.155.145]:41357 [66.220.155.145] 
<notificat...@facebookmail.com> -> <he...@haadyaodivers.com>, Queue-ID: 
E50101A2042, Message-ID: <5faab165ff43795f33fdbe09d340ac51@c2eca9eea82f
Mar 01 05:33:55 cx20 postfix/smtp[14495]: E50101A2042: 
to=<he...@haadyaodivers.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=3, 
delays=0.74/0.01/0.01/2.2, dsn=2.0.0, status=sent (250 2.0.0 from 
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as AE8EF1A2143)
Mar 01 05:33:55 cx20 postfix/qmgr[21922]: E50101A2042: removed

here's another email without postfwd

Mar 01 05:34:54 cx20 postfix/smtpd[14490]: connect from 
69-171-232-144.mail-mail.facebook.com[69.171.232.144]
Mar 01 05:34:55 cx20 postfix/smtpd[14490]: E31AC1A2042: 
client=69-171-232-144.mail-mail.facebook.com[69.171.232.144]
Mar 01 05:34:56 cx20 postfix/cleanup[14494]: E31AC1A2042: 
message-id=<62585cc057c8816884a1f7f5d7382d4b@c2eca9eea82fcb8a76fe1f543047de03dca48bdb9d61d2a196fb14e344d2a155>
Mar 01 05:34:56 cx20 postfix/qmgr[21922]: E31AC1A2042: 
from=<notificat...@facebookmail.com>, size=72699, nrcpt=1 (queue active)
Mar 01 05:34:57 cx20 postfix/smtpd[14468]: connect from 
localhost.beckspaced.com[127.0.0.1]
Mar 01 05:34:57 cx20 postfix/smtpd[14468]: D241B1A211B: 
client=localhost.beckspaced.com[127.0.0.1]
Mar 01 05:34:57 cx20 postfix/cleanup[14494]: D241B1A211B: 
message-id=<62585cc057c8816884a1f7f5d7382d4b@c2eca9eea82fcb8a76fe1f543047de03dca48bdb9d61d2a196fb14e344d2a155>
Mar 01 05:34:57 cx20 postfix/qmgr[21922]: D241B1A211B: 
from=<notificat...@facebookmail.com>, size=73234, nrcpt=1 (queue active)
Mar 01 05:34:57 cx20 postfix/smtpd[14468]: disconnect from 
localhost.beckspaced.com[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 
commands=5
Mar 01 05:34:57 cx20 postfix/lmtp[14499]: connect to localhost[::1]:24: 
Connection refused
Mar 01 05:34:57 cx20 amavis[14279]: (14279-03) Passed CLEAN 
{RelayedInbound}, EXTERNAL [69.171.232.144]:39017 [69.171.232.144] 
<notificat...@facebookmail.com> -> <he...@haadyaodivers.com>, Queue-ID: 
E31AC1A2042, Message-ID: <62585cc057c8816884a1f7f5d7382d4b@c2eca9eea82f
Mar 01 05:34:57 cx20 postfix/smtp[14495]: E31AC1A2042: 
to=<he...@haadyaodivers.com>, relay=127.0.0.1[127.0.0.1]:10024, 
delay=2.1, delays=0.66/0/0/1.5, dsn=2.0.0, status=sent (250 2.0.0 from 
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as D241B1A211B)
Mar 01 05:34:57 cx20 postfix/qmgr[21922]: E31AC1A2042: removed
Mar 01 05:34:58 cx20 postfix/lmtp[14499]: D241B1A211B: 
to=<he...@haadyaodivers.com>, relay=localhost[127.0.0.1]:24, delay=0.47, 
delays=0.05/0/0/0.42, dsn=2.0.0, status=sent (215 Recipient 
<he...@haadyaodivers.com> OK)
Mar 01 05:34:58 cx20 postfix/qmgr[21922]: D241B1A211B: removed

here's a sasl auth user with postfwd

Mar 01 07:00:04 cx20 postfix/submission/smtpd[15708]: connect from 
cx40.beckspaced.com[138.201.91.195]
Mar 01 07:00:04 cx20 postfix/submission/smtpd[15708]: E6F741A20F7: 
client=cx40.beckspaced.com[138.201.91.195], sasl_method=LOGIN, 
sasl_username=relay-cli...@beckspaced.com
Mar 01 07:00:04 cx20 postfwd[27680]: 2019/03/01-07:00:04 CONNECT TCP 
Peer: "[127.0.0.1]:48696" Local: "[127.0.0.1]:10040"
Mar 01 07:00:04 cx20 postfix/cleanup[16228]: E6F741A20F7: 
message-id=<20190301060004.ab3652e0...@cx40.beckspaced.com>
Mar 01 07:00:04 cx20 postfwd[27680]: [CLEANUP] clearing dnsbl timeout 
counters
Mar 01 07:00:04 cx20 postfix/qmgr[21922]: E6F741A20F7: 
from=<r...@beckspaced.com>, size=24401, nrcpt=1 (queue active)
Mar 01 07:00:05 cx20 postfix/submission/smtpd[15708]: disconnect from 
cx40.beckspaced.com[138.201.91.195] ehlo=2 starttls=1 auth=1 mail=1 
rcpt=1 data=1 quit=1 commands=8
Mar 01 07:00:05 cx20 postfix/smtpd[16231]: connect from 
localhost.beckspaced.com[127.0.0.1]
Mar 01 07:00:05 cx20 postfix/smtpd[16231]: 204F11A2117: 
client=localhost.beckspaced.com[127.0.0.1]
Mar 01 07:00:05 cx20 postfix/cleanup[16228]: 204F11A2117: 
message-id=<20190301060004.ab3652e0...@cx40.beckspaced.com>
Mar 01 07:00:05 cx20 postfix/qmgr[21922]: 204F11A2117: 
from=<r...@beckspaced.com>, size=25635, nrcpt=1 (queue active)
Mar 01 07:00:05 cx20 postfix/smtpd[16231]: disconnect from 
localhost.beckspaced.com[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 
commands=5
Mar 01 07:00:05 cx20 amavis[14503]: (14503-15) Passed CLEAN 
{RelayedInternal}, ORIGINATING/MYNETS LOCAL [138.201.91.195]:51636 
[138.201.91.195] <r...@beckspaced.com> -> <ad...@beckspaced.com>, 
Queue-ID: E6F741A20F7, Message-ID: 
<20190301060004.AB3652E0D22@cx40.beckspace
Mar 01 07:00:05 cx20 postfix/smtp[16229]: E6F741A20F7: 
to=<ad...@beckspaced.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.22, 
delays=0.05/0.01/0/0.15, dsn=2.0.0, status=sent (250 2.0.0 from 
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 204F11A2117)
Mar 01 07:00:05 cx20 postfix/qmgr[21922]: E6F741A20F7: removed
Mar 01 07:00:05 cx20 postfix/lmtp[16233]: 204F11A2117: 
to=<ad...@beckspaced.com>, relay=localhost[127.0.0.1]:24, delay=0.55, 
delays=0.02/0.01/0/0.51, dsn=2.0.0, status=sent (215 Recipient 
<ad...@beckspaced.com> OK)
Mar 01 07:00:05 cx20 postfix/qmgr[21922]: 204F11A2117: removed

here's another sasl auth user without postfwd

Mar 01 07:43:01 cx20 postfix/submission/smtpd[16545]: connect from 
p2E55E28D.dip0.t-ipconnect.de[46.85.226.141]
Mar 01 07:43:01 cx20 postfix/submission/smtpd[16545]: CCDFF1A2079: 
client=p2E55E28D.dip0.t-ipconnect.de[46.85.226.141], sasl_method=LOGIN, 
sasl_username=a.te...@temizbau.de
Mar 01 07:43:02 cx20 postfix/cleanup[17046]: CCDFF1A2079: 
message-id=<!&!AAAAAAAAAAAYAAAAAAAAAEnhNOn03i9GoForv9mz8wbCgAAAEAAAABqoEGYi/CdIq9Q81KCjT8QBAAAAAA==@temizbau.de>
Mar 01 07:43:02 cx20 postfix/qmgr[21922]: CCDFF1A2079: 
from=<a.te...@temizbau.de>, size=27978, nrcpt=2 (queue active)
Mar 01 07:43:02 cx20 postfix/smtpd[17091]: connect from 
localhost.beckspaced.com[127.0.0.1]
Mar 01 07:43:02 cx20 postfix/smtpd[17091]: EFF571A2141: 
client=localhost.beckspaced.com[127.0.0.1]
Mar 01 07:43:02 cx20 postfix/cleanup[17068]: EFF571A2141: 
message-id=<!&!AAAAAAAAAAAYAAAAAAAAAEnhNOn03i9GoForv9mz8wbCgAAAEAAAABqoEGYi/CdIq9Q81KCjT8QBAAAAAA==@temizbau.de>
Mar 01 07:43:02 cx20 postfix/qmgr[21922]: EFF571A2141: 
from=<a.te...@temizbau.de>, size=28338, nrcpt=2 (queue active)
Mar 01 07:43:02 cx20 postfix/smtpd[17091]: disconnect from 
localhost.beckspaced.com[127.0.0.1] ehlo=1 mail=1 rcpt=2 data=1 quit=1 
commands=6
Mar 01 07:43:03 cx20 amavis[16421]: (16421-11) Passed CLEAN 
{RelayedOutbound}, ORIGINATING LOCAL [46.85.226.141]:51557 
[46.85.226.141] <a.te...@temizbau.de> -> 
<dgte...@hotmail.de>,<i...@praxis-dres-dietrich.de>, Queue-ID: 
CCDFF1A2079, Message-ID: <!&!AAAAAAAAAAAYAAAAAA
Mar 01 07:43:03 cx20 postfix/smtp[17053]: CCDFF1A2079: 
to=<dgte...@hotmail.de>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.2, 
delays=0.28/0/0/0.91, dsn=2.0.0, status=sent (250 2.0.0 from 
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as EFF571A2141)
Mar 01 07:43:03 cx20 postfix/smtp[17053]: CCDFF1A2079: 
to=<i...@praxis-dres-dietrich.de>, relay=127.0.0.1[127.0.0.1]:10026, 
delay=1.2, delays=0.28/0/0/0.91, dsn=2.0.0, status=sent (250 2.0.0 from 
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as EFF571A2141)
Mar 01 07:43:03 cx20 postfix/qmgr[21922]: CCDFF1A2079: removed
Mar 01 07:43:03 cx20 postfix/submission/smtpd[16265]: connect from 
unknown[190.7.60.123]
Mar 01 07:43:03 cx20 postfix/smtp[17078]: EFF571A2141: 
to=<i...@praxis-dres-dietrich.de>, 
relay=mx00.kundenserver.de[212.227.15.41]:25, delay=0.23, 
delays=0.01/0/0.1/0.12, dsn=2.0.0, status=sent (250 Requested mail 
action okay, completed: id=1Mjjrf-1hOXhU0YCx-00lGxV)
Mar 01 07:43:03 cx20 postfix/submission/smtpd[16263]: connect from 
unknown[176.124.96.197]
Mar 01 07:43:03 cx20 postfix/submission/smtpd[16547]: lost connection 
after EHLO from unknown[182.16.179.82]
Mar 01 07:43:03 cx20 postfix/submission/smtpd[16547]: disconnect from 
unknown[182.16.179.82] ehlo=1 mail=0/2 rset=0/2 commands=1/5
Mar 01 07:43:03 cx20 postfix/submission/smtpd[16263]: lost connection 
after EHLO from unknown[176.124.96.197]
Mar 01 07:43:03 cx20 postfix/submission/smtpd[16263]: disconnect from 
unknown[176.124.96.197] ehlo=1 mail=0/1 rset=0/1 commands=1/3
Mar 01 07:43:04 cx20 postfix/smtp[17069]: EFF571A2141: 
to=<dgte...@hotmail.de>, 
relay=eur.olc.protection.outlook.com[104.47.13.33]:25, delay=1.1, 
delays=0.01/0/0.41/0.66, dsn=2.6.0, status=sent (250 2.6.0 
<!&!AAAAAAAAAAAYAAAAAAAAAEnhNOn03i9GoForv9mz8wbCgAAAEAAAABqoEGYi/
Mar 01 07:43:04 cx20 postfix/qmgr[21922]: EFF571A2141: removed