Gmail-teopro a écrit :
> *> Gmail-teopro a écrit :
>>> Hello guys,
> *
> *>> I have made a simple filter, following the example
>>> here http://www.postfix.org/FILTER_README.html in order to insert a
>>> number in the subject line of every message been sent.
>>> The script of this filter is very similar with the example, in uses sed
>>> to replace "Subject: " with "Subject: #$number" and autoincrements
>>> $number every time it is triggered.
> *
> *>> The filter is defined in master.cf:
>>> #
> ==========================================================================
>>> # service type private unpriv chroot wakeup maxproc command + args
>>> # (yes) (yes) (yes) (never) (100)
>>> #
> ==========================================================================
>>> smtp inet n - n - - smtpd
>>> # -o receive_override_options=no_address_mappings
>>> 10025 inet n - n - - smtpd
>>> # -o receive_override_options=no_address_mappings
>>> #
>>> .............
>>> nrfilter unix - n n - 10 pipe
>>> flags=Rq user=filter null_sender=
>>> argv=/var/spool/filter/countscript -f ${sender} -- ${recipient}
>>> dovecot unix - n n - - pipe
>>> flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -d
>>> $(recipient)
> *
> *>> And is triggered from main.cf:
>>> ......
>>> sender_bcc_maps = hash:/etc/postfix/maps/sender_bcc
>>> smtpd_recipient_restrictions =
>>> check_sender_access hash:/etc/postfix/maps/sender_nrfilter,
>>>>>(mydomain.tld FILTER nrfilter:)
>>> permit_mynetworks,
>>> permit_sasl_authenticated,
>>> reject_unlisted_recipient,
>>> reject_unauth_destination,
>>> reject_unknown_recipient_domain,
>>> reject_rbl_client sbl-xbl.spamhaus.org,
>>> reject_rbl_client cbl.abuseat.org,
>>> reject_rbl_client bl.spamcop.net,
>>> reject_rbl_client zen.spamhaus.org
> *
> *>> Every "filtered" message have to be bcc-ed into a local accout.
>>> This Postfix serves one single virtual domain with virtual users defined
>>> in mysql database.
> *
> *>> Now I am asking your advice because:
> *
> *>> 1. With the above configuration, the filter works ok but in the bcc
>>> account I get 2 messages for each sent message(backscatter I guess).
>>> 2. If I enable -o statement for the smtp services, I get only one
>>> message in the bcc but the virtual aliasses are no more recognized by
>>> Postfix
> *
> *>> So, it will be great if you can give a suggetion on how can I have only
>>> 1 message in bcc account keeping active the virtual aliasses.
> *
> *>> 3. This problem is caused by [email protected]
> <mailto:[email protected]>
>>> <mailto:[email protected]>, claimig to be a mydomain.tld user, wich
>>> triggers the filter but are finnaly rejected by cbl/rbl checks.
> *
> *>> NOQUEUE: filter: RCPT from
>>> host216-58-dynamic.1-79-r.retail.telecomitalia.it[79.1.58.216]:
>>> <[email protected] <mailto:[email protected]>>: Sender address
>>> triggers FILTER nrfilter:; from=<[email protected]
> <mailto:[email protected]>>
>>> to=<[email protected] <mailto:[email protected]>> proto=ESMTP
> helo=<uomo754a9bd9e5>
>>> NOQUEUE: reject: RCPT from
>>> host216-58-dynamic.1-79-r.retail.telecomitalia.it[79.1.58.216]: 450
>>> 4.7.1 Service unavailable; Client host [79.1.58.216] blocked using
>>> sbl-xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=79.1.58.216;
>>> from=<[email protected]
> <mailto:[email protected]>> to=<[email protected]
> <mailto:[email protected]>> proto=ESMTP
>>> helo=<uomo754a9bd9e5>
> *
> *>> If I move check_sender_access statement after cbl/rbl checks, the filter
>>> is no more triggered by anyone.
> *
> *>> Hoping I was clear enough, I am awaiting for your kind
>>> suggestions/questions.
> *
>
> *> unfortunately, it's not clear.
>> - check_rbl_* is checked before the content_fileter, wherever you put
>> you FILTER statement.
>> - in general, you use -o ... to disable address rewrite before the
>> filter. this way, alias, bcc, ... are only interpreted after your filter.
> *
> *> if things work differently, then you have something else and you'll need
>> to provide more information (config and logs).
> *
>
>
> @mouss, thanks for kind reply.
> I'll be glad to provide any additional info in order to make me
> understand better how Postfix works, and or course to solve the issues
> presented above.
>
> My config files are followings:
>
> master.cf
> # ==========================================================================
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> # ==========================================================================
> smtp inet n - n - - smtpd
> # -o receive_override_options=no_address_mappings
> 10025 inet n - n - - smtpd
> # -o receive_override_options=no_address_mappings
-o received_... is commented out in both smtpd listeners. you MUST
disable address rewwrite in all but one smtpd in a chain. in short, you
need to uncomment the -o receive_override_options in one of the smtpd
listsers above. and taking into account your problem, you should do this
for the first one "smtp" (not "10025").
The
-o receive_override_options=no_address_mappings
option disables rewrite in a an smtpd listener. you generally want this
before filtering, so that the filter sees the "original recipients". In
any case, you don't want rewrite to apply multiple times to the same
message (otherwise, an alias like "foo -> foo, bar" become "foo -> foo,
foo, bar". so foo gets multiple copies).
take a look at
http://www.postfix.org/FILTER_README.html
it's concise but if you take the time to reread when it's not clear,
you'll find that it's very helpful.
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - - smtp
> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
> relay unix - - n - - smtp
> # -o fallback_relay=
> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - n - - showq
> error unix - - n - - error
> retry unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
> nrfilter unix - n n - 10 pipe
> flags=Rq user=filter null_sender=
> argv=/var/spool/filter/countscript -f ${sender} -- ${recipient}
> dovecot unix - n n - - pipe
> flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -d
> $(recipient)
>
> main.cf
>
> queue_directory = /var/spool/postfix
> command_directory = /usr/sbin
> daemon_directory = /usr/libexec/postfix
> mail_owner = postfix
> setgid_group = postdrop
> myhostname = test.server.ns
> mydestination = localhost, $myhostname, $mydomain
> mynetworks = /etc/postfix/maps/mynetworks_table
> local_recipient_maps = unix:passwd.byname $alias_maps
> $virtual_mailbox_maps $virtual_alias_list
> unknown_local_recipient_reject_code = 550
> home_mailbox =
> mail_spool_directory = /var/spool/mail
> debug_peer_level = 2
> debugger_command =
> PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
> xxgdb $daemon_directory/$process_name $process_id & sleep 5
> sendmail_path = /usr/sbin/sendmail
> newaliases_path = /usr/bin/newaliases
> mailq_path = /usr/bin/mailq
> html_directory = /usr/doc/postfix/html
> manpage_directory = /usr/man
> sample_directory = /etc/postfix
> readme_directory = /usr/doc/postfix
> alias_maps = hash:/etc/postfix/maps/aliases
> alias_database = hash:/etc/postfix/maps/aliases
> #_________ Virtual settings start _______________________
> #
> virtual_mailbox_domains =
> proxy:mysql:$config_directory/mysql/virtual_domains_maps.cf
> virtual_mailbox_base = /var/spool/vmail
> virtual_mailbox_maps =
> proxy:mysql:$config_directory/mysql/virtual_mailbox_maps.cf
> virtual_alias_maps = mysql:$config_directory/mysql/virtual_alias_maps.cf
> virtual_minimum_uid = 1100
> virtual_uid_maps = static:1100
> virtual_gid_maps = static:1100
> virtual_transport = dovecot
> dovecot_destination_recipient_limit = 1
> procmail_destination_recipient_limit = 1
> transport_maps = hash:/etc/postfix/transport
> virtual_mailbox_limit = 1024000000
> local_transport=virtual
> #
> #_________ Virtual settings end ____________________________
> #
> #_______ SASL settings start _____________________________
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_exceptions_networks = $mynetworks
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_authenticated_header = yes
> broken_sasl_auth_clients = yes
> smtpd_sasl_type = dovecot
> #_______ SASL settings end _____________________________
> #
> header_checks = regexp:/etc/postfix/header_checks
> #
> sender_bcc_maps = hash:/etc/postfix/maps/sender_bcc
> mailbox_size_limit = 1024000000
> bounce_queue_lifetime = 3h
> maximal_queue_lifetime = 3h
> smtpd_helo_required = yes
> disable_vrfy_command = yes
> non_fqdn_reject_code = 450
> invalid_hostname_reject_code = 450
> maps_rbl_reject_code = 450
> smtpd_client_restrictions =
> permit_mynetworks,
>
> smtpd_recipient_restrictions =
> check_sender_access hash:/etc/postfix/maps/sender_nrfilter,
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_unlisted_recipient,
> reject_unauth_destination,
> reject_unknown_recipient_domain,
> reject_rbl_client sbl-xbl.spamhaus.org,
> reject_rbl_client cbl.abuseat.org,
> reject_rbl_client bl.spamcop.net,
> reject_rbl_client zen.spamhaus.org
>
>
> For anything else you think makes problems cear, just ask!
> /--
> Best regards,
> Gmail-teopro mailto:[email protected]/
