On 11 Jun 2020, at 14:38, PGNet Dev wrote:
On 6/11/20 11:24 AM, Wietse Venema wrote:
PGNet Dev:
my postfix instance config currently includes my list of milters
-o
smtpd_milters=unix:/run/opendkim/opendkim.sock,unix:/run/opendmarc/opendmarc.sock,unix:/run/milter-regex/milter-regex.sock,unix:/run/clamav/clamav-milter.sock,unix:/run/spamass-milter/spamass-milter.sock
for a rejection by any given milter, i see in cleanup log
Jun 11 04:33:18 mx postfix/cleanup[18542]: 49jV46213qzy59:
milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 5.7.1
Service unavailable; from=<[email protected]> to=<[email protected]>
proto=ESMTP helo=<cloud3.deltareclame.nl>
can postfix logging itself identify the specific milter that
fails/rejects?
To find out WHY mail was rejected, the Milter needs to log what it
is doing, or say something other than "Service unavailable". The
IP address and port are poor substitutes for that.
e.g., in this^ case, it's
unix:/run/spamass-milter/spamass-milter.sock
i can configure reject messages in (some) milters to provide
identifying detail, but that reply gets passed on to external
connection.
any way to log that detail only _privately_?
Postfix logs are private. They should be read by authorized personnel
only.
if I add more detail to a milter's reject message,
a trigger spam sent to postfix triggers the spamass-milter
Jun 11 11:27:58 mx postfix/cleanup[6865]: 49jXR23vMMzy68:
milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 5.7.1 Service
unavailable; Message Content blocked using SA-Milter;
from=<[email protected]> to=<[email protected]> proto=ESMTP
helo=<mail-pg1-f196.google.com>
now 'identifying' the specific milter, 'privately', in logs
that's what I _do_ want
In the case of SpamAssassin, if your milter is spamass-milter or
anything else using spamd, you could just use spamd's logging and
correlate it with Postfix via Message-Ids.
which passes the message to postscreen-internal
Jun 11 11:27:58 mx postfix/postscreen-internal/smtpd[6858]:
proxy-reject: END-OF-MESSAGE: 550 5.7.1 Service unavailable; Message
Content blocked using SA-Milter; from=<[email protected]>
to=<[email protected]> proto=ESMTP helo=<mail-pg1-f196.google.com>
and 'out', back to the sender; as received
The response from the remote server was:
550 5.7.1 Service unavailable; Message Content blocked using
SA-Milter
that's what I do _not_ want; i.e., no milter-identifying message/data
returned to the sender.
If you can set what the milter returns to Postfix, you can make it
obscure to the sender but identifying for you, e.g. "Message
unacceptable under Rule 34" This is better than a completely
non-identifying message, because when you have a false positive spam
rejection, the sender will be able to tell you the specific error
message, revealing to you where the issue came from.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)
