I applied the recommendations from this thread (for which, many thanks!)
with some help from the spamassassin forum. Almost all of it works now
with the following exception. On postfix restart the following message
is logged.
"Could not retrieve sendmail macro "i"!. Please add it to
confMILTER_MACROS_ENVFROM"
I added a few lines found elsewhere, specifically
mua_recipient_restrictions, milter_connect_macros, mua_milters in
main.cf and modified master.cf accordingly but still get that error in
the logs.
The postfix document MILTER_README.html, under the workarounds section,
states...
"Some Milter applications use the "{if_addr}" macro to recognize local
mail; this macro does not exist in Postfix. Workaround: use the
"{daemon_addr}" (Postfix ≥ 3.2) or "{client_addr}" macro instead."
My setup for the relevant parameters is:
==========
main.cf:
mua_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_sasl_authenticated,
reject
milter_default_action = accept
milter_protocol = 6
milter_connect_macros="i j {daemon_name} v {if_name} _"
smtpd_milters = unix:/var/run/opendkim/opendkim.sock,
unix:/var/run/opendmarc/opendmarc.sock,
unix:/var/run/spamass/spamass.sock, unix:/var/run/clamav/clamav-milter.ctl
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
mua_milters = unix:/var/run/opendkim/opendkim.sock,
unix:/var/run/clamav/clamav-milter.ctl
master.cf:
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_wrappermode=no
-o smtpd_tls_security_level=encrypt
-o smtpd_recipient_restrictions=$mua_recipient_restrictions
-o smtpd_sasl_auth_enable=yes
-o receive_override_options=no_header_body_checks
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_milters=$mua_milters
pickup fifo n - n 60 1 pickup
-o content_filter=
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks
==========
Spamassasin now adds the token UNPARSEABLE_RELAY to every email.
Research online suggests this is due to an incorrect setting in
milter_connect_macros.
I have removed the "i" from milter-connect-macros (most online texts
omit it anyway) with the result that dkim authentication in emails shows
"unknown-host", although it correctly passes the authentication...
DKIM-Filter: OpenDKIM Filter v2.10.3 unknown-host 5A44B320316
Authentication-Results: unknown-host; dkim=pass (etc)
I tried removing {if_name} but with no positive result. I've also tried
changing if_name to daemon_addr and client_addr, still with no success.
What should milter_connect_macros actually be? Is there something else
I'm missing?
I know I can disable UNPARSEABLE_RELAY in spamassassin but I would
rather get this right.
Software Versions:
Postfix:
postconf -d | grep mail_version
mail_version = 3.1.0
Spamassassin:
spamassassin -V
SpamAssassin version 3.4.2
running on Perl version 5.22.1
Opendkim
opendkim -V
opendkim: OpenDKIM Filter v2.10.3
Compiled with OpenSSL 1.0.2g 1 Mar 2016
Opendmarc
opendmarc -V
opendmarc: OpenDMARC Filter v1.3.1
