On Sun, Nov 08, 2020 at 12:11:16PM -0500, Alex wrote:
> > The default_transport is a last-resort, it is preƫmpted both by the
> > transport table, and the address-class-specific transports. It handles
> > "other people's domains". Mail for your own domains (local, virtual
> > mailbox, relay, ...) uses local_transport, virtual_transport or
> > relay_transport. And all those are secondary to any transport(5)
> > table you have configured.
>
> I still don't understand the link between postfix and amavis.
Amavis is an SMTP server to which you can route mail for filtering.
That routing can happen via a content_filter (required in a single
instance configuration) or just making amavis the destination for all
mail in a multi-instance configuration.
Unfiltered Mail ---> Amavis SMTP ---> Filtered Mail
1-inst smtpd A content_filter smtpd B
2-inst Postfix A ditto or transport Postfix B
> No mail
> is delivered locally, except for system messages, so I don't need a
> local_transport, right?
> postfix-117:
> mydestination =
> local_recipient_maps =
> local_transport = error:5.1.1 Mailbox unavailable
With "mydestination" empty, indeed you don't need to arrange
for local_transport to send mail via amavis, leaving it as
"error:" is fine.
> default_transport = smtp:[127.0.0.1]:10025
> relay_transport = $default_transport
> virtual_transport = $default_transport
> transport_maps = ${indexed}transport
> local_transport = error:5.1.1 Mailbox unavailable
> transport_maps = ${indexed}transport
> relay_domains = $mydestination, $transport_maps
>
> /etc/postfix-117/transport:
> mydomain.org smtp-amavis:[127.0.0.1]:10025
I don't recommend overloading the transport table as $relay_domains, but
with care to not forget that you're doing it, it can work.
> master.cf:
> smtp-amavis unix - - n - - smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
OK, or you can just use "smtp" rather than "smtp-amavis", after all
all mail goes there, so there's no need for a custom transport with
master.cf overrides, just put the settings in main.cf and use "smtp".
> I'm really not sure what to do next. I've previously used
> virtual_alias_maps with mydestination, but not virtual_transport. I'm
> just unsure how all the pieces fit together. This is all based on
> following the multi-instance doc as explicitly as possible, but I
> think it leaves a lot to be desired in terms of how to produce a
> functional system.
I am perplexed by your struggles. In a multi-instance system each
instance is an independent Postfix which takes mail in on some IP:port,
and delivers it to some IP:port (or at the end of the pipeline finally
to some storage location). If there's any confusion, it is perhaps
that you're expecting more complexity than it is actually involved.
> > > -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
> > > D9DE7200B23F3 2516 Tue Nov 3 20:34:30 [email protected]
> > > (lost connection with 127.0.0.1[127.0.0.1] while receiving the initial
> > > server greeting)
> > > [email protected]
Well, that need that there's a problem connecting to that service,
connections are dropped without a 220 banner. Either Amavis or
its downstream port are not up and running. Fix that.
> > The downstream amavis or Postfix is not configured correctly and is
> > dropping connections. The reason is in your logs.
>
> This also generates the following amavis error:
> Nov 8 00:01:57 xavier amavis[812131]: (!)DENIED ACCESS from IP
> 209.216.11.117, policy bank ''
Well, that's certainly an obstacle.
> I've read that enabling smtp_bind_address=127.0.0.1 is necessary, but
> that just creates a mail loop.
Setting smtp_bind_address cannot create a mail loop, but it can
make delivery possible, that exposes a looping configuration.
Don't configure loops in the forwarding pipeline.
--
Viktor.
