I have a relatively new installation of postfix with clamav and
spamassassin milters. In general it seems to work fine.
The debian server sends a variety of notifications from localhost
through postfix to a domain mailbox ad...@example.co.uk. On the way it's
filtered by spamassassin, which is pointless. Could someone suggest a
way to bypass SA for localhost, please?
postconf -n
2bounce_notice_recipient = boun...@example.co.uk
address_verify_map = proxy:btree:/var/lib/postfix/verify_cache
address_verify_sender_ttl = 237m
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
bounce_notice_recipient = ad...@example.co.uk
bounce_queue_lifetime = 5d
broken_sasl_auth_clients = yes
compatibility_level = 2
confirm_delay_cleared = no
delay_notice_recipient = ad...@example.co.uk
delay_warning_time = 2h
disable_vrfy_command = yes
error_notice_recipient = serv...@example.co.uk
header_checks = pcre:/etc/postfix/header_checks.pcre
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix/html
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY
DISPLAY LANG=C RESOLV_MULTI=on
inet_interfaces = all
inet_protocols = ipv4
internal_mail_filter_classes = bounce
mailbox_size_limit = 0
maximal_queue_lifetime = 5d
message_size_limit = 40960000
milter_connect_macros = j {daemon_name} {daemon_addr} v _
milter_default_action = accept
milter_mail_macros = i b
milter_protocol = 6
milter_rcpt_macros = i b
mime_header_checks = pcre:/etc/postfix/mime_header_checks.pcre
mua_client_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_pipelining reject_non_fqdn_recipient, permit
mua_milters = unix:/var/run/opendkim/opendkim.sock,
unix:/var/run/clamav/clamav-milter.ctl
mua_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
permit
mydestination = $myhostname, localhost
mydomain = example.co.uk.net
myhostname = mail.example.co.uk
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 (and my own IPs)
mynetworks_style = host
myorigin = $myhostname
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
notify_classes = software, delay, bounce, 2bounce, resource, protocol, data
policy-spf_time_limit = 3600s
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-relay-domains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql_relay_recipients.cf
relayhost =
smtp_header_checks = pcre:/etc/postfix/smtp_header_checks.pcre
smtp_host_lookup = dns,native
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unknown_client_hostname reject_unauth_pipelining
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_hard_error_limit = 6
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated
check_helo_access pcre:/etc/postfix/white_bypass.pcre check_helo_access
cidr:/etc/postfix/ip_check_whitelist reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname reject_unknown_helo_hostname
check_helo_access cidr:/etc/postfix/ip_check_blacklist check_helo_access
pcre:/etc/postfix/helo_checks.pcre reject_unauth_pipelining
reject_rhsbl_helo dbl.spamhaus.org permit
smtpd_milters = unix:/var/run/opendkim/opendkim.sock,
unix:/var/run/opendmarc/opendmarc.sock,
unix:/var/run/spamass/spamass.sock, unix:/var/run/clamav/clamav-milter.ctl
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated reject_unauth_destination
reject_non_fqdn_hostname reject_non_fqdn_recipient
reject_unknown_recipient_domain reject_invalid_hostname
reject_unauth_pipelining reject_unverified_recipient
reject_unlisted_recipient check_recipient_access
pcre:/etc/postfix/recipient_checks.pcre check_policy_service
unix:private/policy-spf permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous nodictionary
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_pipelining check_sender_mx_access
cidr:/etc/postfix/sender_mx_access check_sender_access
pcre:/etc/postfix/sender_whitelist.pcre reject_non_fqdn_sender
reject_unknown_sender_domain reject_unlisted_sender check_sender_access
pcre:/etc/postfix/sender_checks.pcre reject_rhsbl_sender dbl.spamhaus.org
smtpd_soft_error_limit = 4
smtpd_tls_chain_files =
/etc/letsencrypt/live/mail.example.co.uk/privkey.pem
/etc/letsencrypt/live/mail.example.co.uk/fullchain.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtputf8_enable = no
strict_rfc821_envelopes = yes
transport_maps = mysql:/etc/postfix/mysql_transport.cf
unknown_address_reject_code = 553
unknown_client_reject_code = 571
unknown_hostname_reject_code = 571
unverified_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
postconf -M
smtp inet n - n - - smtpd
submission inet n - n - - smtpd -o
syslog_name=postfix/submission -o smtpd_tls_wrappermode=no -o
smtpd_tls_security_level=encrypt -o smtpd_tls_auth_only=yes -o
smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o
smtpd_sasl_path=private/auth -o
receive_override_options=no_header_body_checks -o
smtpd_client_restrictions=$mua_client_restrictions -o
smtpd_recipient_restrictions=$mua_recipient_restrictions -o
smtpd_relay_restrictions=permit_sasl_authenticated,reject -o
milter_macro_daemon_name=ORIGINATING -o smtpd_milters=$mua_milters
pickup fifo n - n 60 1 pickup -o
content_filter= -o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp -o
syslog_name=postfix/$service_name
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe flags=DRhu
user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe flags=Fqhu
user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F
user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq.
user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R
user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailman unix - n n - - pipe flags=FR
user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
policy-spf unix - n n - 0 spawn
user=nobody argv=/usr/bin/policyd-spf
clamsmtp unix - - n - 16 smtp -o
smtp_send_xforward_command=yes -o smtp_generic_maps= -o
disable_dns_lookups=yes -o smtp_enforce_tls=no
