Hello,
We have a mail gateway server (for incoming email) with postfix 3.5.8,
amavisd, clamd on CentOS 8.3.2011.
Postfix sends incoming mail to amavisd via (in main.cf):
smtpd_milters =
unix:/run/amavisd/amavisd-milter.sock
After checking, amavisd delivers mail directly using amavisd-milter daemon.
My problem is that under our current setup it seems that amavisd will
not receive mail to port 10028 (used as a bypass, to disable all
scanning), although it is listening.
How should I modify postfix config so that it sends successfully mail to
port 10028 as configured?
I am trying the following mechanism to bypass amavisd scans for
particular senders:
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/amavis_bypass_senders
...
/etc/postfix/amavis_bypass_senders:
us...@example.com FILTER smtp:[127.0.0.1]:10028
us...@example.com FILTER smtp:[127.0.0.1]:10028
However, the amavis policy bank listening at 10028 is never triggered.
The log states:
...
Feb 8 01:54:55 mailgw1 postfix/smtpd[202464]: NOQUEUE: filter: RCPT
from hedgehog.birch.relay.mailchannels.net[23.83.209.81]:
<us...@example.com>: Sender address triggers FILTER
smtp:[127.0.0.1]:10028; from=<us...@example.com> to=<geo...@example.net>
proto=ESMTP helo=<hedgehog.birch.relay.mailchannels.net>
Feb 8 01:54:55 mailgw1 postfix/smtpd[202464]: 4DYmH36X5JzLlrw:
client=hedgehog.birch.relay.mailchannels.net[23.83.209.81]
Feb 8 01:54:56 mailgw1 postfix/cleanup[202468]: 4DYmH36X5JzLlrw:
message-id=<464576df-43d0-ecac-5647-99c91a95c...@example.com>
...
I also tried with:
us...@example.com FILTER smtp-amavis:[127.0.0.1]:10028
us...@example.com FILTER smtp-amavis:[127.0.0.1]:10028
which produced the same results.
What am I doing wrong?
My master.cf is as follows:
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
#smtp inet n - n - - smtpd -v
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
smtp-amavis unix - - n - 2 lmtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
#
==========================================================================================
You can notice that earlier we were using postfix for final delivery
(accepting from amavisd at 10025). In the current setup mail is
delivered by amavisd-milter. (I might return to the earlier setup, after
a test period.)
I appreciate your advice and any feedback!
Thanks,
Nick