I reconfigured everything by default (using "smtp = postscreen") in
order to start from the beginning. I would like to keep this spambots
protection or change it to "smtp = smtpd" with another spambots
protection (if possible).
Before starting I checked configuration (main.cf & master.cf). In
main.cf I see that:
content_filter = smtp-amavis:[127.0.0.1]:10024 ==> It seems that this
filter directive override disclaimer filter directive if I put it in
master.cf.
Without disclaimer configured:
# postconf -nf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
delay_warning_time = 2h
dovecot_destination_recipient_limit = 1
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 100000000
message_size_limit = 100000000
milter_default_action = accept
milter_protocol = 6
mydomain = mehl-family.fr
myhostname = fr-srvmail.$mydomain
mynetworks = 82.64.119.110 127.0.0.0/8 192.168.1.0/24
mynetworks_style = subnet
non_smtpd_milters = ${smtpd_milters}
notify_classes = delay, resource, software
policyd-spf_time_limit = 3600
postscreen_access_list = permit_mynetworks
cidr:${config_directory}/access/postscreen_access.cidr
postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*3 ix.dnsbl.manitu.net=127.0.0.2*3
b.barracudacentral.org*2 bl.spamcop.net*1 dnsbl-1.uceprotect.net*1
dnsbl-2-uceprotect.net*1 list.dnswl.org=127.0.[0..255].[1..3]*-3
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_whitelist_threshold = -2
postscreen_forbidden_commands = yes
postscreen_greet_action = enforce
postscreen_greet_banner = Bienvenue et merci d'attendre qu'on vous
assigne une
place
postscreen_non_smtp_command_action = enforce
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = yes
readme_directory = no
recipient_delimiter = +
relayhost = [smtp.free.fr]:587
sender_canonical_maps = hash:${config_directory}/access/sender_canonical
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options =
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Raspbian)
smtpd_client_restrictions = permit_mynetworks check_client_access
hash:${config_directory}/access/client_check_access warn_if_reject
reject_unknown_client_hostname reject_rhsbl_client dbl.spamhaus.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname reject_rhsbl_helo dbl.spamhaus.org
smtpd_milters = inet:localhost:12345
smtpd_recipient_restrictions = check_policy_service unix:private/policyd-spf
smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = hash:${config_directory}/sasl/sasl_senders
smtpd_sender_restrictions = check_sender_access
hash:${config_directory}/access/rejected-recipient reject_rhsbl_sender
dbl.spamhaus.org
smtpd_tls_auth_only = yes
smtpd_tls_cert_file =
/NFS_Mounts/SSL_KEYS/letsencrypt/live/mehl-family.fr/fullchain.pem
smtpd_tls_key_file =
/NFS_Mounts/SSL_KEYS/letsencrypt/live/mehl-family.fr/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
strict_rfc821_envelopes = yes
strict_smtputf8 = yes
virtual_alias_maps = mysql:${config_directory}/mysql-virtual-alias-maps.cf
virtual_mailbox_domains =
mysql:${config_directory}/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps =
mysql:${config_directory}/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
# postconf -Mf
smtp inet n - y - 1 postscreen
smtpd pass - - y - - smtpd
-o smtpd_client_connection_count_limit=10
dnsblog unix - - y - 0 dnsblog
tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o broken_sasl_auth_clients=yes
-o receive_override_options=no_address_mappings
-o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o
smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sender_restrictions=reject_authenticated_sender_login_mismatch
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_restrictions=reject_sender_login_mismatch
-o
smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
policyd-spf unix - n n - 0 spawn user=nobody
argv=/usr/bin/python3 /usr/bin/policyd-spf
/etc/postfix-policyd-spf-python/policyd-spf.conf
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
2525 inet n - n - - smtpd
-o syslog_name=postfix/webmail
-o smtpd_tls_security_level=encrypt
-o receive_override_options=no_address_mappings
-o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe flags=DRhu
user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe flags=Fqhu
user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F
user=ftn
argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq.
user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R
user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailman unix - n n - - pipe flags=FR
user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
${user}
dovecot unix - n n - - pipe flags=DRhu
user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d
${recipient}
Le 04/02/2022 à 18:21, Matus UHLAR - fantomas a écrit :
On 4 Feb 2022, at 9:05 am, Forums <for...@mehl-family.fr> wrote:
Using "smtpd" instead of "postscreen" doesn't change issue.
On 04.02.22 09:09, Viktor Dukhovni wrote:
You'll have to back up that claim with:
# postfix reload
... submission of a new message via TCP port 25 ...
... logs showing that message entering and leaving the queue ...
... unmangled (verbatim whitespace and newlines) output of:
$ postconf -nf
$ postconf -Mf
When a content_filter is set for smtpd(8), it is used.
it may be overriden by other FILTER: directive in any of access lists.
also, it may misbehave.
Any observations to the contrary are user errors.
