bluethundr
Technical User
Hi again, folks
I have decided to have a fresh start using Ubuntu Server 9.10 created by RightScale on the AWS cloud.
I have gotten farther than I did under CentOS due to the dearth of Red Hat-based packages for the components I need. Prior to my attempt to integrate Amavis with Postfix I was sending *AND* receiving e-mail with impunity!
However, f I do a telnet test with Amavis enabled...
This is the result in my postfix logs:
I have added the amavis user and group:
First as with the Amavis I am including my main.cf and master.cf config files for your consideration.
master.cf
This would appear to be the one line of configuration in main.cf which breaks the entire postfix environment on this machine.
main.cf
15_content_filter_mode
I would love to continue this project with Amavis integration intact with a bit of skillful help and very much appreciate any input you could provide!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Apollo: “I will not serve under a man who questions my integrity.”
Adama: “And I won’t have an officer under my command who doesn’t have any.”
This is my public RSA key: 5A4873A9
Key fingerprint = 0C0F 1769 83C3 8318 7424 73B1 55C5 4B3E 5A48 73A9
GPG me!!!
I have decided to have a fresh start using Ubuntu Server 9.10 created by RightScale on the AWS cloud.
I have gotten farther than I did under CentOS due to the dearth of Red Hat-based packages for the components I need. Prior to my attempt to integrate Amavis with Postfix I was sending *AND* receiving e-mail with impunity!
However, f I do a telnet test with Amavis enabled...
Code:
root@cloud1:~# telnet cloud1 25
Trying 127.0.0.1...
Connected to cloud1.
Escape character is '^]'.
220 cloud1 ESMTP Postfix (Ubuntu) This is JiffyCloud!
ehlo cloud1
250-cloud1
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: <bluethundr@externaldom.com>
250 2.1.0 Ok
RCPT TO: <bluethundr@newdom.com>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
this is a test during meet the press
.
250 2.0.0 Ok: queued as 2B4E78C1DB
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@cloud1:~# telnet cloud1 25
Trying 127.0.0.1...
Connected to cloud1.
Escape character is '^]'.
220 cloud1 ESMTP Postfix (Ubuntu) This is JiffyCloud!
EHLO cloud1
250-cloud1
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: <bluethundr@externaldom.com>
250 2.1.0 Ok
RCPT TO: <bluethundr@newdom.com>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
hello hello hello test blah
blah blah blah
.
250 2.0.0 Ok: queued as 013CF8C1DF
quit
221 2.0.0 Bye
Connection closed by foreign host.
This is the result in my postfix logs:
Code:
Apr 18 11:47:16 domU-AB-CD-EF-GH-A1-A2 postfix/smtpd[8391]: 2B4E78C1DB: client=cloud1[127.0.0.1]
Apr 18 11:47:24 domU-AB-CD-EF-GH-A1-A2 postfix/cleanup[8395]: 2B4E78C1DB: message-id=<20100418154716.2B4E78C1DB@cloud1>
Apr 18 11:47:24 domU-AB-CD-EF-GH-A1-A2 postfix/qmgr[8389]: 2B4E78C1DB: from=<bluethundr@xxxxx.com>, size=355, nrcpt=1 (queue active)
Apr 18 11:47:24 domU-AB-CD-EF-GH-A1-A2 postfix/qmgr[8389]: warning: connect to transport private/amavis: Connection refused
Apr 18 11:47:24 domU-AB-CD-EF-GH-A1-A2 postfix/error[8396]: 2B4E78C1DB: to=<bluethundr@newdomain.com>, relay=none, delay=21, delays=21/0/0/0, dsn=4.3.0, status=deferred (mail transport unavailable)
Apr 18 11:47:27 domU-AB-CD-EF-GH-A1-A2 postfix/smtpd[8391]: disconnect from cloud1[127.0.0.1]
I have added the amavis user and group:
Code:
root@cloud1:~# groups amavis
amavis : amavis
First as with the Amavis I am including my main.cf and master.cf config files for your consideration.
master.cf
Code:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
#Amavis
#amavis unix - - - - 2 smtp
# -o smtp_data_done_timeout=1200
# -o smtp_send_xforward_command=yes
# -o disable_dns_lookups=yes
# -o max_use=20
#127.0.0.1:10025 inet n - - - - smtpd
# -o content_filter=
# -o local_recipient_maps=
# -o relay_recipient_maps=
# -o smtpd_restriction_classes=
# -o smtpd_delay_reject=no
# -o smtpd_client_restrictions=permit_mynetworks,reject
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_recipient_restrictions=permit_mynetworks,reject
# -o smtpd_data_restrictions=reject_unauth_pipelining
# -o smtpd_end_of_data_restrictions=
# -o mynetworks=127.0.0.0/8
# -o smtpd_error_sleep_time=0
# -o smtpd_soft_error_limit=1001
# -o smtpd_hard_error_limit=1000
# -o smtpd_client_connection_count_limit=0
# -o smtpd_client_connection_rate_limit=0
# -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
This would appear to be the one line of configuration in main.cf which breaks the entire postfix environment on this machine.
Code:
content_filter = amavis:[127.0.0.1]:10024
main.cf
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) This is JiffyCloud!
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = cloud1
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = cloud1.newdom.com, cloud1, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host
masquerade_domains = cloud1.newdom.com [URL unfurl="true"]www.newdom.com[/URL] !sub.dyndomain.com
masquerade_exceptions = root
local_recipient_maps =
mydestination =
# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12
# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
# Requirements for the sender details
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
# Requirement for the recipient address
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit smtpd_data_restrictions = reject_unauth_pipelining
# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes
# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and their user id
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
# and group id
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf
#content_filter = amavis:[127.0.0.1]:10024
# Postgrey Configuration
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination,
check_policy_service inet:127.0.0.1:10023, permit
15_content_filter_mode
Code:
use strict;
# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.
#
# Default antivirus checking mode
# Please note, that anti-virus checking is DISABLED by
# default.
# If You wish to enable it, please uncomment the following lines:
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
#
# Default SPAM checking mode
# Please note, that anti-spam checking is DISABLED by
# default.
# If You wish to enable it, please uncomment the following lines:
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1; # ensure a defined return
I would love to continue this project with Amavis integration intact with a bit of skillful help and very much appreciate any input you could provide!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Apollo: “I will not serve under a man who questions my integrity.”
Adama: “And I won’t have an officer under my command who doesn’t have any.”
This is my public RSA key: 5A4873A9
Key fingerprint = 0C0F 1769 83C3 8318 7424 73B1 55C5 4B3E 5A48 73A9
GPG me!!!