I had a user that has a 3G data dongle and we found that their messages were
being discarded. SpamAssassin was identifying the sender IP as from a DUL and
assigned a very high score. I realized that I had not set the content-filter to
be excluded for submission users, so I went and did that in master.cf:
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o content_filter=
At this point, the user could now send mail via submission, but only to
EXTERNAL users. Any mail set for local users was still getting tested by
amavisd-new and thus SA, and thus getting rejected. Here is the mail.log:
Nov 19 12:08:21 extranet postfix/smtpd[27677]: warning: 114.75.3.145: hostname
114.75.3.145.optusnet.com.au verification failed: Name or service not known
Nov 19 12:08:21 extranet postfix/smtpd[27677]: connect from
unknown[114.75.3.145]
Nov 19 12:08:24 extranet postfix/smtpd[27677]: 384BF1E880EA:
client=unknown[114.75.3.145], sasl_method=PLAIN, sasl_username=sen...@domain.com
Nov 19 12:08:24 extranet postfix/cleanup[27681]: 384BF1E880EA:
message-id=<981e4e91-c396-412f-8d55-6f93f26a3...@domain.com>
Nov 19 12:08:25 extranet postfix/qmgr[15871]: 384BF1E880EA:
from=<sen...@domain.com>, size=57892, nrcpt=1 (queue active)
Nov 19 12:08:25 extranet postfix-local[27944]: postfix-local:
from=sen...@domain.com, to=recipi...@domain.com, dirname=/var/qmail/mailnames
Nov 19 12:08:25 extranet postfix-local[27944]: hook_dir =
'/usr/local/psa/handlers/before-local'
Nov 19 12:08:25 extranet postfix-local[27944]: recipient[3] =
'recipi...@domain.com'
Nov 19 12:08:25 extranet postfix-local[27944]: handlers dir =
'/usr/local/psa/handlers/before-local/recipient/recipi...@domain.com'
Nov 19 01:08:26 extranet postfix/pickup[13775]: 216641E880EF: uid=110
from=<sen...@domain.com>
Nov 19 12:08:26 extranet postfix/cleanup[27681]: 216641E880EF:
message-id=<981e4e91-c396-412f-8d55-6f93f26a3...@domain.com>
Nov 19 12:08:26 extranet postfix/pipe[27698]: 384BF1E880EA:
to=<recipi...@domain.com>, relay=plesk_virtual, delay=2, delays=1.8/0/0/0.17,
dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Nov 19 12:08:26 extranet postfix/qmgr[15871]: 384BF1E880EA: removed
Nov 19 12:08:26 extranet postfix/qmgr[15871]: 216641E880EF:
from=<sen...@domain.com>, size=58088, nrcpt=1 (queue active)
Nov 19 12:08:29 extranet postfix/smtpd[27719]: CD6EC1E880EA:
client=unknown[114.75.3.145]
Nov 19 12:08:29 extranet postfix/cleanup[27681]: CD6EC1E880EA:
message-id=<981e4e91-c396-412f-8d55-6f93f26a3...@domain.com>
Nov 19 12:08:29 extranet postfix/smtpd[27719]: disconnect from
localhost.localdomain[127.0.0.1]
Nov 19 12:08:29 extranet postfix/qmgr[15871]: CD6EC1E880EA:
from=<sen...@domain.com>, size=58565, nrcpt=1 (queue active)
Nov 19 12:08:29 extranet amavis[26386]: (26386-02) Passed SPAMMY,
[114.75.3.145] [114.75.3.145] <sen...@domain.com> ->
<recipi...@office.p3.com.au>, Message-ID:
<981e4e91-c396-412f-8d55-6f93f26a3...@domain.com>, mail_id: 4NBOTooBA2EW, Hits:
9.651, size: 58074, queued_as: CD6EC1E880EA, 3714 ms
Nov 19 12:08:29 extranet postfix/lmtp[27712]: 216641E880EF:
to=<recipi...@office.p3.com.au>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.7,
delays=0.01/0/0/3.7, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=26386-02, from
MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as CD6EC1E880EA)
Nov 19 12:08:29 extranet postfix/qmgr[15871]: 216641E880EF: removed
It seems that 384BF1E880EA is the message coming in via submission and it is
happily accepted without being content-filtered. But then it seems to be run
through processes again, obviously following different parameters than the ones
I set in submission, as message CD6EC1E880EA is run through SA.
Can I & how do I stop these local emails sent via submission from getting run
through the content-filter?
-- Here is some of my non-default config --
master.cf:
amavisfeed unix - - n - 2 lmtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
plesk_virtual unix - n n - - pipe flags=DORhu user=popuser:popuser
argv=/usr/lib/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p
/var/qmail/mailnames
plesk_saslauthd unix y y y - 1 plesk_saslauthd status=5 listen=6
dbpath=/plesk/passwd.db
And here is the output of postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
bounce_queue_lifetime = 18h
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
debug_peer_list = 122.110.171.251
delay_warning_time = 2h
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 18h
message_size_limit = 20480000
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8, 122.201.102.31/32
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_send_xforward_command = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_authorized_xforward_hosts = 127.0.0.0/8
smtpd_client_restrictions =
smtpd_recipient_restrictions = permit_mynetworks, check_client_access
pcre:/var/spool/postfix/plesk/no_relay.re, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = check_sender_access
hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated,
check_client_access pcre:/var/spool/postfix/plesk/non_auth.re
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
soft_bounce = yes
transport_maps = hash:/var/spool/postfix/plesk/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_gid_maps = static:31
virtual_mailbox_base = /var/qmail/mailnames
virtual_mailbox_domains = $virtual_mailbox_maps,
hash:/var/spool/postfix/plesk/virtual_domains
virtual_mailbox_maps = hash:/var/spool/postfix/plesk/vmailbox
virtual_transport = plesk_virtual
virtual_uid_maps = static:110
This is my first post, so please forgive me if I've done something wrong or
stupidly. Thank you!
