Communication between postfix - amavis issues

Mon, 08 Feb 2021 02:48:34 -0800 

Hello,
We have a mail gateway server (for incoming email) with postfix 3.5.8, amavisd, clamd on CentOS 8.3.2011. 

Postfix sends incoming mail to amavisd via (in main.cf):

   smtpd_milters =
            unix:/run/amavisd/amavisd-milter.sock

After checking, amavisd delivers mail directly using amavisd-milter daemon.


My problem is that under our current setup it seems that amavisd will 
not receive mail to port 10028 (used as a bypass, to disable all 
scanning), although it is listening.



How should I modify postfix config so that it sends successfully mail to 
port 10028 as configured?



I am trying the following mechanism to bypass amavisd scans for 
particular senders:


smtpd_recipient_restrictions =
        check_sender_access hash:/etc/postfix/amavis_bypass_senders
        ...

/etc/postfix/amavis_bypass_senders:

   us...@example.com         FILTER smtp:[127.0.0.1]:10028
   us...@example.com         FILTER smtp:[127.0.0.1]:10028


However, the amavis policy bank listening at 10028 is never triggered. 
The log states:


...

Feb  8 01:54:55 mailgw1 postfix/smtpd[202464]: NOQUEUE: filter: RCPT 
from hedgehog.birch.relay.mailchannels.net[23.83.209.81]: 
<us...@example.com>: Sender address triggers FILTER 
smtp:[127.0.0.1]:10028; from=<us...@example.com> to=<geo...@example.net> 
proto=ESMTP helo=<hedgehog.birch.relay.mailchannels.net>
Feb  8 01:54:55 mailgw1 postfix/smtpd[202464]: 4DYmH36X5JzLlrw: 
client=hedgehog.birch.relay.mailchannels.net[23.83.209.81]
Feb  8 01:54:56 mailgw1 postfix/cleanup[202468]: 4DYmH36X5JzLlrw: 
message-id=<464576df-43d0-ecac-5647-99c91a95c...@example.com>

...

I also tried with:

   us...@example.com         FILTER smtp-amavis:[127.0.0.1]:10028
   us...@example.com         FILTER smtp-amavis:[127.0.0.1]:10028

which produced the same results.

What am I doing wrong?

My master.cf is as follows:

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
#smtp     inet  n       -       n       -       -       smtpd -v
smtp      inet  n       -       n       -       1 postscreen
smtpd     pass  -       -       n       -       -       smtpd
dnsblog   unix  -       -       n       -       0       dnsblog
tlsproxy  unix  -       -       n       -       0       tlsproxy
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       - trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
retry     unix  -       -       n       -       -       error
proxywrite unix -       -       n       -       1       proxymap

smtp-amavis unix -      -       n       -       2       lmtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n  -       n       -       -       smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0

    -o 
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters



# 
==========================================================================================



You can notice that earlier we were using postfix for final delivery 
(accepting from amavisd at 10025). In the current setup mail is 
delivered by amavisd-milter. (I might return to the earlier setup, after 
a test period.)


I appreciate your advice and any feedback!

Thanks,
Nick
























					Reply via email to