Hi everyone,
I am having a problem trying to run dspam as an _after-queue_ content
filter on postfix with the
restriction that sasl authenticated users bypass dspam. All my users and
domains are virtual.
When I first installed postfix/dspam/dovecot I did not worry about
excluding my authenticating
users from dspam filtering, with the result that all mail was tagged by
dspam which ran as an
after-queue content filter.
Then I decided to bypass the dspam filter if the connection was
authenticated,
i.e. a user with a virtual account on the server. This seemed to be a
straightforward case of
inserting a check_client_access lookup into a dspam_filter_access table
as a catch-all for non-local,
non-authenticating connections. I modified master.cf, main.cf and
dspam.conf accordingly and added
the dspam_filter_access table.
The result was nice in that now only non-authenticated emails are
tagged, but nasty in that it seems
that dspam is getting called immediately after smtpd gets the email and
before it puts it into the queue;
i.e. it has turned into a before-queue content filter. And whatever I
try and however many weeks and
googled posts I go through I can't change that.
I am assuming that dspam is acting before-queue because the log shows
"smtpd ... NOQUEUE: filter: RCPT from ..."
immediately after getting the connection and before cleanup and qmgr.
Before I made these changes there
were no "NOQUEUE: filter" log entries at all, and the dspam entry only
appeared after the qmgr "(queue active)"
and qmgr "removed" entries.
I am also assuming that "FILTER" and "content_filter" mean the same
thing, i.e. that an access table entry
"FILTER lmtp:unix:/tmp/dspam.sock" implies an after-queue content filter
exactly the same as a master.cf
smtpd arg "-o content_filter=lmtp:unix:/tmp/dspam.sock". I have allowed
for postfix's chrooting.
Platform details:
uname -a Linux s1 2.6.32-33-generic-pae #72-Ubuntu SMP Fri Jul 29
22:06:29 UTC 2011 i686 GNU/Linux
postconf mail_version mail_version = 2.7.0
dspam --version DSPAM Anti-Spam Suite 3.6.8 (agent/library)
==========================================================
Config and a log entry from when it worked OK after-queue with no auth
user bypass:
==========================================================
master.cf
---------
smtp inet n - - - - smtpd
-o content_filter=lmtp:unix:/tmp/dspam.sock
submission inet n - - - - smtpd
-o content_filter=lmtp:unix:/tmp/dspam.sock
127.0.0.1:10026 inet n - n - - smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
main.cf
---------
smtpd_client_restrictions =
permit_mynetworks,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_unknown_client_hostname,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination
dspam_destination_recipient_limit = 1
dspam.conf (dspam runs in client/server mode)
----------
StorageDriver /usr/lib/dspam/libhash_drv.so
TrustedDeliveryAgent "/usr/sbin/sendmail"
DeliveryHost 127.0.0.1
DeliveryPort 10026
DeliveryIdent localhost
DeliveryProto SMTP
Trust root dspam mail mailnull smmsp daemon postfix (separate lines)
TrainingMode teft
ServerMode auto
ServerParameters "--deliver=innocent,spam –d %u"
ServerIdent "localhost.localdomain"
ServerDomainSocketPath "/var/spool/postfix/tmp/dspam.sock"
/var/log/mail.log
-----------------
Apr 24 07:05:01 p2434445 postfix/smtpd[5765]: connect from
mail-pb0-f46.google.com[209.85.160.46]
Apr 24 07:05:02 p2434445 postfix/smtpd[5765]: 7EE4C6EC459:
client=mail-pb0-f46.google.com[209.85.160.46]
Apr 24 07:05:02 p2434445 postfix/cleanup[5769]: 7EE4C6EC459:
message-id=<caa_8x_dd0dogygef0keudpyvtd1ra5dfzzmtmk01jbunlnm...@mail.gmail.com>
Apr 24 07:05:02 p2434445 postfix/qmgr[29710]: 7EE4C6EC459:
from=<username at gmail.com>, size=1712, nrcpt=1 (queue active)
Apr 24 07:05:02 p2434445 postfix/smtpd[5772]: connect from
localhost[127.0.0.1]
Apr 24 07:05:02 p2434445 postfix/smtpd[5772]: BD92A6EC45A:
client=localhost[127.0.0.1]
Apr 24 07:05:02 p2434445 postfix/cleanup[5769]: BD92A6EC45A:
message-id=<caa_8x_dd0dogygef0keudpyvtd1ra5dfzzmtmk01jbunlnm...@mail.gmail.com>
Apr 24 07:05:02 p2434445 postfix/qmgr[29710]: BD92A6EC45A:
from=<username at gmail.com>, size=2136, nrcpt=1 (queue active)
Apr 24 07:05:02 p2434445 postfix/virtual[5773]: BD92A6EC45A:
to=<username at example.com>, relay=virtual, delay=0.13,
delays=0.12/0/0/0, dsn=2.0.0, :qstatus=sent (delivered to maildir)
Apr 24 07:05:02 p2434445 postfix/qmgr[29710]: BD92A6EC45A: removed
Apr 24 07:05:02 p2434445 postfix/smtpd[5772]: disconnect from
localhost[127.0.0.1]
Apr 24 07:05:02 p2434445 postfix/lmtp[5770]: 7EE4C6EC459: to=<username
at example.com>, relay=s1.ispan.net[/tmp/dspam.sock], delay=0.46,
delays=0.25/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0 <username at
example.com> Message accepted for delivery)
Apr 24 07:05:02 p2434445 postfix/qmgr[29710]: 7EE4C6EC459: removed
==========================================================
Config and a log entry from now with auth user bypass, resulting in
before-queue:
==========================================================
master.cf
---------
smtp inet n - - - - smtpd
submission inet n - - - - smtpd
127.0.0.1:10024 inet n - n - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
main.cf
---------
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_unknown_client_hostname,
check_client_access pcre:/etc/postfix/dspam_filter_access
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
dspam_destination_recipient_limit = 1
dspam_filter_access
--------------------
/^(spam|notspam|ham)@.*$/ OK
/./ FILTER lmtp:[127.0.0.1]:11124
dspam.conf (dspam runs in client/server mode)
----------
StorageDriver /usr/lib/dspam/libhash_drv.so
TrustedDeliveryAgent "/usr/sbin/sendmail"
DeliveryHost 127.0.0.1
DeliveryPort 10024
DeliveryIdent localhost
DeliveryProto SMTP
Trust root dspam mail mailnull smmsp daemon postfix
TrainingMode teft
ServerHost 127.0.0.1
ServerPort 11124
ServerQueueSize 32
ServerPID /var/run/dspam/dspam.pid
ServerMode auto
ServerParameters "--deliver=innocent –d %u"
ServerIdent "localhost.localdomain"
ClientHost 127.0.0.1
ClientPort 11124
ClientIdent "secret@Relay1"
/var/log/mail.log
-----------------
May 15 18:30:25 s1 postfix/smtpd[19422]: connect from
mail-pb0-f46.google.com[209.85.160.46]
May 15 18:30:25 s1 postfix/smtpd[19422]: NOQUEUE: filter: RCPT from
mail-pb0-f46.google.com[209.85.160.46]: <mail-pb0-f46.google.com[
209.85.160.46]>: Client host triggers FILTER lmtp:[127.0.0.1]:11124;
from=<username at gmail.com> to=<username at example.com> proto=ESMT
P helo=<mail-pb0-f46.google.com>
May 15 18:30:25 s1 postfix/smtpd[19422]: C8C216EC3FF:
client=mail-pb0-f46.google.com[209.85.160.46]
May 15 18:30:25 s1 postfix/cleanup[19433]: C8C216EC3FF:
message-id=<CAA_8x_BeEQgv=kn3puqvlr7oio-sjhwz2_g-q3serwdaung...@mail.gmail.co
m>
May 15 18:30:25 s1 postfix/qmgr[19421]: C8C216EC3FF: from=<username at
gmail.com>, size=1684, nrcpt=1 (queue active)
May 15 18:30:26 s1 postfix/smtpd[19438]: connect from localhost[127.0.0.1]
May 15 18:30:26 s1 postfix/smtpd[19438]: 253A06EC4FC:
client=localhost[127.0.0.1]
May 15 18:30:26 s1 postfix/cleanup[19433]: 253A06EC4FC:
message-id=<CAA_8x_BeEQgv=kn3puqvlr7oio-sjhwz2_g-q3serwdaung...@mail.gmail.com>
May 15 18:30:26 s1 postfix/qmgr[19421]: 253A06EC4FC: from=<username at
gmail.com>, size=2105, nrcpt=1 (queue active)
May 15 18:30:26 s1 postfix/virtual[19439]: 253A06EC4FC: to=<username at
example.com>, relay=virtual, delay=0.12, delays=0.12/0/0/0, dsn=2
.0.0, status=sent (delivered to maildir)
May 15 18:30:26 s1 postfix/qmgr[19421]: 253A06EC4FC: removed
May 15 18:30:26 s1 postfix/smtpd[19438]: disconnect from
localhost[127.0.0.1]
May 15 18:30:26 s1 postfix/lmtp[19436]: C8C216EC3FF: to=<username at
example.com>, relay=127.0.0.1[127.0.0.1]:11124, delay=0.76,
delays=0.48/0/0.04/0.24, dsn=2.6.0, status=sent (250 2.6.0 <username at
example.com> Message accepted for delivery)
May 15 18:30:26 s1 postfix/qmgr[19421]: C8C216EC3FF: removed
Please, can anybody help me?
Chris