On Jun 6, 2019, at 3:40 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
>> On Jun 6, 2019, at 5:07 PM, @lbutlr <krem...@kreme.com> wrote:
>>
>>> This is unequivocal evidence of use of "sendmail -bv". You're reporting
>>> non-use of "sendmail -v", but "-bv" != "-v". Perhaps you have a content
>>> filter that is misconfigured to use "sendmail -bv".
>>
>> As I have said twice now, there is no instance of an uncommented sendmail in
>> /etc/postfix/
>
> You can keep saying it till the cows come home, but the fact
> remains that you're running "sendmail -bv", perhaps via a
> content_filter script, or a procmail config. These need
> not be in main.cf or master.cf (which you've not posted).
Believe me, I’d love nothing more than “You idiot, you missed <thing>", but
I’ve checked for invocations of sendmail -bv everywhere on my system that I can
think of, it’s simply not there or it’s hidden in some way like
$sm=/path/tp/sendmail and then $sm -bv which I will never find.
Is there a way to log in more detail where this might be coming from? The
actual DSN is generated by bounce, but I doubt that is where I would find what
is causing the DSN. qmgr? pipe? Anything else I can do?
I have posted the output of greps showing there is no sendmail invocation in
postfix. The root user does not have a procmailrc and I am not running a filter
like amavis and I grepped all of /etc/ and /usr/local/etc (which would account
for anything like a global procmailrc). I have now also grepped all of
/usr/home and have found instances only in mail messages. Heck, I even checked
all of /usr/local and /bin and /sbin and /tmp and /var/tmp. If there is an
instance of sendmail -bv somewhere it is *very* well hidden.
Mail comes in. If it passes postscreen then when it is delivered to the user a
BCC is generated by rbcc.pcre which delivers to the backup account and for
inexplicable reasons, a DSN is generated for that BCC to root (which is aliased
to one of my accounts with a +root extension).
rbcc.pcre:
if !/backup.*@/
/^([^+_]*).*@([^.]*)/ backup+157.${1}-${2}@southgaylord.com
endif
postconf -n
alias_database = hash:$config_directory/aliases
alias_maps = hash:$config_directory/aliases
allow_percent_hack = no
broken_sasl_auth_clients = yes
compatibility_level = 2
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_long_queue_ids = yes
header_checks = pcre:/etc/postfix/header_checks.pcre
home_mailbox = Maildir/
inet_interfaces = 127.0.0.1, 65.121.55.42
inet_protocols = ipv4
mailbox_command = /usr/local/bin/procmail -t -a $EXTENSION
maps_rbl_reject_code = 521
message_size_limit = 26214400
milter_connect_macros = j {daemon_name} v {if_name} _
milter_default_action = accept
mime_header_checks = pcre:$config_directory/mime_headers.pcre
mydestination = $myhostname, localhost.$mydomain, $mydomain, localhost,
ns1.$mydomain, ns2.$mydomain, mail.$mydomain, www.$mydomain,
webmail.$mydomain
mynetworks_style = subnet
myorigin = $mydomain
policyd-spf_time_limit = 3600
postscreen_access_list = cidr:$config_directory/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[4..11]*5
zen.spamhaus.org=127.0.0.[2..3]*1 list.dnswl.org=127.0.[0..255].0*-2
list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].2*-4
list.dnswl.org=127.0.[0..255].3*-5
postscreen_dnsbl_threshold = 5
postscreen_dnsbl_ttl = 3d
postscreen_dnsbl_whitelist_threshold = -1
postscreen_greet_action = enforce
postscreen_greet_banner = mail.covisp.net ESTMP -- Please wait
postscreen_greet_ttl = 7d
recipient_bcc_maps = pcre:$config_directory/rbcc.pcre
recipient_delimiter = +_
show_user_unknown_table_name = no
smtp_tls_exclude_ciphers = MD5, aDSS, kECDH, kDH, SEED, IDEA, RC2, RC5
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name $mail_version
smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce, permit
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname, check_helo_access
pcre:/etc/postfix/helo_checks.pcre permit
smtpd_log_access_permit_actions = static:all
smtpd_milters = unix:/var/run/spamass-milter.sock,
smtpd_recipient_restrictions = reject_unauth_destination,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unknown_sender_domain, reject_invalid_hostname,
reject_unlisted_recipient, reject_unlisted_sender,
reject_unknown_reverse_client_hostname, warn_if_reject
reject_unknown_client_hostname, check_recipient_access
hash:$config_directory/recipient_access, check_sender_access
pcre:$config_directory/sender_access.pcre, permit
smtpd_relay_restrictions = reject_unauth_destination
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_starttls_timeout = 20s
smtpd_tls_cert_file = /usr/local/etc/dehydrated/certs/covisp.net/fullchain.pem
smtpd_tls_key_file = /usr/local/etc/dehydrated/certs/covisp.net/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtputf8_enable = no
swap_bangpath = no
tls_preempt_cipherlist = yes
tls_ssl_options = no_compression
undisclosed_recipients_header = To: List of Bcc addresses:;
unknown_client_reject_code = 550
unknown_local_recipient_reject_code = 550
virtual_alias_domains = kreme.com
virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
hash:$config_directory/virtual
virtual_gid_maps = static:89
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains =
proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 89
virtual_transport = dovecot
virtual_uid_maps = static:89
master.cf:
smtp unix - - n - - smtp
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_path=private/auth
-o syslog_name=postfix/submit
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=
-o
smtpd_relay_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o smtpd_helo_restrictions=
-o
smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_path=private/auth
-o smtpd_data_restrictions=
-o
smtpd_relay_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o smtpd_helo_restrictions=
-o
smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
pickup fifo n - n 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
dovecot unix - n n - - pipe flags=DRhu
user=vpopmail:vchkpw argv=/usr/local/libexec/dovecot/dovecot-lda -f
${sender} -d ${user}@${nexthop} -m ${extension} -a ${original_recipient}
policyd-spf unix - n n - 0 spawn user=nobody
argv=/usr/local/bin/policyd-spf
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
discard unix - - n - - discard
tlsmgr unix - - n 1000? 1 tlsmgr
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
postlog unix-dgram n - n - 1 postlogd
