Hello,
I'm running Postfix 2.8 and virtual mailbox domains with a mysql
database. I've also got spf and dkim signatures going as well as
clamsmtp as an smtp proxy for virus checking. I'd now like to add in
dspam antispam capability so that user's can forward emails that are
spam or not. My problem is the multiple content filters are mixing me
up and I'm not sure I've got the most efficient setup.
In master.cf if the smtpd process has a content_filter option on it
does that go first in the chain before any content_filter directives
in main.cf? My working main.cf and master.cf files are below this
message, dspam addon lines are still commented out. If anyone has this
setup going I'd appreciate a sanity check. Also, if there are any
configuration errors that I've missed please let me know, this is the
most complex configuration I've set up to date.
Thanks.
Dave.
main.cf:
vsoft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
inet_protocols = all
inet_interfaces = all
mydestination = localhost
mynetworks = 127.0.0.0/8, xxx.xxx.xxx.xxx/32, [::1]/128, [fe80::]/10,
[IPV6ADdress]/64
local_recipient_maps =
unknown_local_recipient_reject_code = 550
in_flow_delay = 1s
biff = no
append_dot_mydomain = no
recipient_delimiter = +
smtpd_banner = $myhostname ESMTP
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix/sample
readme_directory = no
bounce_template_file = /etc/postfix/bounce.cf.default
delay_warning_time = 4h
smtp_helo_timeout = 60s
smtpd_soft_error_limit = 3
dovecot_destination_recipient_limit = 1
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
proxy:mysql:/etc/postfix/mysql-email2email.cf
virtual_mailbox_base = /var/mail/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_minimum_uid = 5000
# Increase the virtual mailbox limit from 51 mb to 250 mb (Not sure if
needed since dovecot is handling quotas)^
virtual_mailbox_limit = 262144000
virtual_transport = dovecot
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_authenticated_header = yes
strict_rfc821_envelopes = yes
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_reject_unlisted_sender = yes
show_user_unknown_table_name = no
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_sender_access hash:/etc/postfix/auto-whtlst
permit_dnswl_client list.dnswl.org=127.0.[2..14].[1..3]
check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre
reject_unknown_reverse_client_hostname
reject_non_fqdn_sender
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
reject_unknown_helo_hostname
reject_unlisted_recipient
reject_rbl_client zen.spamhaus.org
reject_rhsbl_client dbl.spamhaus.org
reject_rhsbl_sender dbl.spamhaus.org
reject_rhsbl_helo dbl.spamhaus.org
check_policy_service unix:private/policy-spf
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/ssl/certs/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
spf-policyd_time_limit = 3600s
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters
content_filter = scan:[127.0.0.1]:10026
receive_override_options = no_address_mappings
master.cf:
smtp inet n - n - - smtpd
#-o content_filter = lmtp:unix:/var/run/dspam/dspam.sock
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f
${sender} -d ${recipient}
policy-spf unix - n n - - spawn
user=nobody argv=/usr/bin/policyd-spf
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
-o smtp_enforce_tls=no
# For injecting mail back into postfix from the filter
127.0.0.1:10025 inet n - n - 16 smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
# Local SMTP port for reinjection from dspam after scanning
#localhost:10026 inet n - n - - smtpd
#-o content_filter=
#-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
#-o smtpd_helo_restrictions=
#-o smtpd_client_restrictions=
#-o smtpd_sender_restrictions=
#-o smtpd_recipient_restrictions=permit_mynetworks,reject
#-o mynetworks=127.0.0.0/8
#-o smtpd_authorized_xforward_hosts=127.0.0.0/8
