Hello,
I'm trying to configure multiple mail paths as described on
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim-amavisd-path
except instead of TCP, I want to use unix sockets.
I'm using Ubuntu 14.04, originally with maintaner-provided amavisd-new
2.7.1-2ubuntu3, but I'm getting the same result also with vanilla 2.10.1
>From this part of code in allow_deny_hook (line numbers as in 2.10.1) I
assume it's possible to define policies per-socket in similar way as
per-port
12974 my($prop, $sock, $is_ux, @bank_names);
12975 $prop = $self->{server}; $sock = $prop->{client};
12976 $is_ux = $sock && $sock->UNIVERSAL::can('NS_proto') &&
12977 $sock->NS_proto eq 'UNIX';
12978 if ($is_ux) {
12979 push(@bank_names, $interface_policy{"SOCK"});
12980 my $path = Net::Server->VERSION >= 2 ? $sock->NS_port
12981 : $sock->NS_unix_path;
12982 push(@bank_names, $interface_policy{$path}) if defined $path;
I have following part of configuration in amavisd.conf:
$inet_socket_port = undef;
$unix_socketname = ['/var/spool/postfix/amavis/amavis-incoming',
'/var/spool/postfix/amavis/amavis-outgoing'];
$unix_socket_mode = 0660;
$forward_method = 'smtp:/var/spool/postfix/amavis/amavis-forward';
$notify_method = 'smtp:/var/spool/postfix/amavis/amavis-forward';
$interface_policy{'/var/spool/postfix/amavis/amavis-incoming'} =
'incoming';
$interface_policy{'/var/spool/postfix/amavis/amavis-outgoing'} =
'outgoing';
$policy_bank{'incoming'} = { # Used for spam and AV checks
protocol => 'LMTP',
auth_required_release => 0,
};
$policy_bank{'outgoing'} = { # Used for spam and AV checks and for DKIM
signing
protocol => 'LMTP',
auth_required_release => 0,
originating => 1,
smtpd_discard_ehlo_keywords => ['8BITMIME'],
spam_admin_maps => ['postmaster'],
virus_admin_maps => ['postmaster'],
};
And following in main.cf/master.cf of postfix
smtp inet n - - - - smtpd
-o
content_filter=amavis-feed:unix:/var/spool/postfix/amavis/amavis-incoming
submission inet n - - - - smtpd
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o
content_filter=amavis-feed:unix:/var/spool/postfix/amavis/amavis-outgoing
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o
content_filter=amavis-feed:unix:/var/spool/postfix/amavis/amavis-outgoing
amavis-feed unix - - - - 4 lmtp
-o disable_dns_lookups=yes
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o lmtp_tls_note_starttls_offer=no
The configuration happily runs, sockets are created, but whenever I connect
to a socket, I get following lines to syslog:
Apr 6 08:09:30 devbuntu2 amavis[99217]: Net::Server: 2015/04/06-08:09:30
CONNECT UNIX Socket: ""
Apr 6 08:09:30 devbuntu2 amavis[99217]: loaded base policy bank
Apr 6 08:09:30 devbuntu2 amavis[99217]: loaded policy bank "AM.PDP-SOCK"
which effectively means that the connection to the socket was registered,
but amavis cannot determine _which_ socket it was.
Dump of the socket object shows only
$VAR1 = bless( \\*Symbol::GEN35, 'Net::Server::Proto::UNIX' );\n
or
$VAR1 = 'Ref = "Net::Server::Proto::UNIX" (*||UNIX|*)\n';\n
depending on how I ask.. nevertheless it's visible, that the object is
empty, thus it's not possible to get the correct socket path on line 12980
of the code above.
If I switch everything to TCP, configuration works as intended
Apr 6 07:32:03 devbuntu2 amavis[98333]: Net::Server: 2015/04/06-07:32:03
CONNECT TCP Peer: "[127.0.0.1]:43264" Local: "[127.0.0.1]:10026"
Apr 6 07:32:03 devbuntu2 amavis[98333]: () loaded base policy bank
Apr 6 07:32:03 devbuntu2 amavis[98333]: () loaded policy bank "outgoing"
Am I missing something obvious or is it really a bug? If the inability to
select the policy based on socket name would be intentional (and bypassed by
hardcoded 'SOCK' string), why is there even that part of code seemingly
allowing it?
