I run postfix 3.4.14 (Debian Buster) with Amavisd-new as a pre-queue
filter.
I would now like to add DMARC validation, done by the opendmarc milter
in the after-Amavis smtpd instance.
This basically works: opendmarc inserts an "Authentication-Results" header.
I would now like to do something (e.g., reject) depending on that header.
My first attempt was to add milter_header_checks to the after-Amavis
smtpd stanza in master.cf. That did not work, probably because
milter_header_checks is evaluated by cleanup, not smtpd.
I then tried to add
milter_header_checks = pcre:/etc/postfix/pcre_milter_header_checks
to main.cf. This gave the surprising result:
Mar 18 11:42:53 nuser postfix/cleanup[8931]: warning: unsupported
dictionary type: pcre (/usr/lib/postfix/postfix-pcre.so: No such file or
directory)
Mar 18 11:42:53 nuser postfix/cleanup[8931]: warning:
pcre:/etc/postfix/pcre_milter_header_checks is unavailable. unsupported
dictionary type: pcre
Surprising, because I have a well-working pcre table used by smtpd:
check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre,
And:
root@nuser:~# postconf -m | grep pcre
pcre
smtpd and cleanup are both running chroot, so I can't quite understand
why smtpd can use pcre and cleanup cannot.
/usr/lib/postfix/postfix-pcre.so exists, but not in the chroot jail. Do
I need to run cleanup without chroot? (Or use regexp instead)
An additional question:
Is it correctly understood that even though
receive_override_options=no_header_body_checks
can be specified as smtpd argument, the individual header checks
parameters cannot be turned on or off in smtpd, but only globally in
cleanup? So that I cannot turn off, e.g., header_checks in a single
master.cf smtpd stanza while still having a milter_header_checks
parameter active for mail received by that stanza?
--
Jesper Dybdal
https://www.dybdal.dk
