nik600 wrote:
> master.cf:
>
> smtp inet n - n - - smtpd
> -o content_filter=filter:dummy
> 9009 inet n - n - - smtpd
> -o content_filter=filter:dummy
> filter unix - n n - 20 pipe
> flags=Rq user=filter argv=/var/antispam/myscript -f ${sender}
> -- ${recipient}
>
> policy unix - n n - 0 spawn
> user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
>
You do not specify how the content_filter returns to postfix.
With the current config, you would need 'receive_override_options =
no_address_mappings' in main.cf *and*
'-o receive_override_options=' in master.cf on the return of the filter
to Postfix.
If the filter was not meant to return to Postfix, then it cannot be
accomplished.
Also, I've commented on your postconf too.
One area is of critical importance to check.
> postconf -n:
>
> mydestination = $transport_maps
>
This could seriously break things if you ever set transport_maps.
Anything in transport_maps should just be that.
If you want to disable local delivery, set 'mydestination = '.
Note: this breaks cron and possibly other notifications if myorigin is
not defined in a different address class.
> mydomain = foo.com
> myhostname = server.foo.com
> myorigin = $mydomain
[...]
> relay_domains =
> proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf,hash:/etc/postfix/relay
>
relay_domains with no relay_recipient_maps can make you a Backscatter
source.
> smtpd_client_restrictions =
> permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender,
> reject_rbl_client list.dsbl.org,reject_rbl_client
> sbl-xbl.spamhaus.org,reject_non_fqdn_hostname,reject_non_fqdn_recipient
dsbl.org is dead. Best to remove it to avoid future false positives.
reject_non_fqdn_(sender|recipient) have no effect here since you don't
know them yet.
You don't specify which Postfix version you have.
reject_non_fqdn_hostname was renamed in 2.3+ to
reject_non_fqdn_helo_hostname (probably to clarify it's meaning)
It only has meaning in helo restrictions or later (helo, sender,
recipient, etc.)
> smtpd_recipient_restrictions =
> permit_mynetworks,permit_sasl_authenticated,check_sender_access
> hash:/etc/postfix/whitelist/whitelist_reject_non_fqdn_sender,reject_non_fqdn_sender,reject_non_fqdn_sender,reject_unauth_destination,reject_unauth_pipelining,reject_rbl_client
> list.dsbl.org,reject_rbl_client
> sbl-xbl.spamhaus.org,reject_non_fqdn_hostname,reject_non_fqdn_recipient
>
Why query rbls twice? You already covered them in client restrictions.
You must really not want non fqdn sender to check twice here, once in
sender_restrictions and once in client_restrictions
*WARNING*: an OK in whitelist_reject_non_fqdn_sender will make you an
open relay if a spammer can guess an address in there.
If you have OK in there, *fix it now*!
At minimum, put permit_auth_destination *OR* (suggested) remove it,
along with the reject_non_fqdn_sender's, and let sender_restrictions
take care of it.
> smtpd_sender_restrictions =
> permit_sasl_authenticated,permit_mynetworks,check_sender_access
> hash:/etc/postfix/whitelist/whitelist_reject_non_fqdn_sender,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_non_fqdn_hostname,reject_non_fqdn_recipient
>
>
non_fqdn_recipient is unknown at this stage.
Brian
> On Thu, Nov 13, 2008 at 5:08 PM, mouss <[EMAIL PROTECTED]> wrote:
>
>> nik600 wrote:
>>
>>> Hi to all.
>>>
>>> I've go a problem:
>>> i've set up postfix to call a script in master.cf:
>>>
>>> smtp inet n - n - - smtpd
>>> -o content_filter=filter:dummy
>>> filter unix - n n - 20 pipe
>>> flags=Rq user=filter argv=/var/antispam/myscript -f ${sender}
>>> -- ${recipient}
>>>
>>> /var/antispam/myscript
>>>
>>> is a script shell that submit the mail using spamc to spamd.
>>>
>>> Spamc is invoked using spamc -u $4 where $4 is the destination user.
>>>
>>> Now, suppose that $4 is [EMAIL PROTECTED] and [EMAIL PROTECTED] is an alias
>>> to
>>> [EMAIL PROTECTED]
>>>
>>> [EMAIL PROTECTED] has a spam score of 4 in the spampref table.
>>>
>>> with these configuration, [EMAIL PROTECTED] receives the email, but these
>>> email has been checked with a default spam score, and not with the
>>> spam score of 4.
>>>
>>> I'd like to scan the email with the preference of the real user that
>>> receives the email, is it possibile?
>>>
>>> Is it possible to scan the email AFTER postfix has determined the real
>>> user/users associated to the email? (even if this can imply to re-scan
>>> the email multiple times one for each user associated to the alias).
>>>
>>>
>> unless you disable address rewrite, the filter should get the address after
>> it was expanded. so your problem doesn't match your description.
>>
>> show your master.cf and the output of 'psoctonf -n'.
>>
>>
>
>
>
>
