Hello,

We have a mail gateway server (for incoming email) with postfix 3.5.8, amavisd, clamd on CentOS 8.3.2011.

Postfix sends incoming mail to amavisd via (in main.cf):

   smtpd_milters =
            unix:/run/amavisd/amavisd-milter.sock

After checking, amavisd delivers mail directly using amavisd-milter daemon.

My problem is that under our current setup it seems that amavisd will not receive mail to port 10028 (used as a bypass, to disable all scanning), although it is listening.

How should I modify postfix config so that it sends successfully mail to port 10028 as configured?

I am trying the following mechanism to bypass amavisd scans for particular senders:

smtpd_recipient_restrictions =
        check_sender_access hash:/etc/postfix/amavis_bypass_senders
        ...

/etc/postfix/amavis_bypass_senders:

   us...@example.com         FILTER smtp:[127.0.0.1]:10028
   us...@example.com         FILTER smtp:[127.0.0.1]:10028

However, the amavis policy bank listening at 10028 is never triggered. The log states:

...
Feb  8 01:54:55 mailgw1 postfix/smtpd[202464]: NOQUEUE: filter: RCPT from hedgehog.birch.relay.mailchannels.net[23.83.209.81]: <us...@example.com>: Sender address triggers FILTER smtp:[127.0.0.1]:10028; from=<us...@example.com> to=<geo...@example.net> proto=ESMTP helo=<hedgehog.birch.relay.mailchannels.net> Feb  8 01:54:55 mailgw1 postfix/smtpd[202464]: 4DYmH36X5JzLlrw: client=hedgehog.birch.relay.mailchannels.net[23.83.209.81] Feb  8 01:54:56 mailgw1 postfix/cleanup[202468]: 4DYmH36X5JzLlrw: message-id=<464576df-43d0-ecac-5647-99c91a95c...@example.com>
...

I also tried with:

   us...@example.com         FILTER smtp-amavis:[127.0.0.1]:10028
   us...@example.com         FILTER smtp-amavis:[127.0.0.1]:10028

which produced the same results.

What am I doing wrong?

My master.cf is as follows:

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
#smtp     inet  n       -       n       -       -       smtpd -v
smtp      inet  n       -       n       -       1 postscreen
smtpd     pass  -       -       n       -       -       smtpd
dnsblog   unix  -       -       n       -       0       dnsblog
tlsproxy  unix  -       -       n       -       0       tlsproxy
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       - trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
retry     unix  -       -       n       -       -       error
proxywrite unix -       -       n       -       1       proxymap

smtp-amavis unix -      -       n       -       2       lmtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n  -       n       -       -       smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

# ==========================================================================================

You can notice that earlier we were using postfix for final delivery (accepting from amavisd at 10025). In the current setup mail is delivered by amavisd-milter. (I might return to the earlier setup, after a test period.)

I appreciate your advice and any feedback!

Thanks,
Nick


Reply via email to