Re: First world problem ...

[natan]

W dniu 16.05.2022 o 13:10, Wietse Venema pisze:
natan:
Hi
I have probably trivial problem - but I cannot resolv
I have two server
1)for outgoing
2)for incoming (typical mx)

For test i create in (incoming server) body_checks.pcre:
/alakot/ REJECT spam2bok bla bla

If i send e-mail from external (gmail, yahoo) I get info from
Mailer-Daemon about REJECT - works fine
but if i send from my domain I dont get Mailer-Daemon:

May 16 12:08:38 MX-node1 postfix/cleanup[45210]: 4L1w1y6WBVz1DDmK:
reject: body alakot from smtp....[xxx.xxx.xxx.xxx];
from=<na...@domain.ltd> to=<na...@domain.ltd> proto=ESMTP
helo=<smtp.domain.ltd>: 5.7.1 spam2bok bla bla
May 16 12:08:39 Mx1-node1 postfix/cleanup[45282]: 4L1w1z0zmpz1DDmn:
reject: body alakot from smtp....[xxx.xxx.xxx.xxxx]; from=<>
to=<na...@domain.ltd> proto=ESMTP helo=<smtp.domain.ltd>: 5.7.1 spam2bok
bla bla

Is this correct beacuse body_check check "second time" when incoming return

Any idea to whitlist ?
You included no "postconf -n" settings, so I will wast some bandwidth
with random text.

        Wietse

internal_mail_filter_classes (default: empty)
        What  categories  of Postfix-generated mail are subject to before-queue
        content inspection by non_smtpd_milters, HEADER_CHECKS and body_checks.
        Specify  zero  or  more  of  the  following, separated by whitespace or
        comma.

        BOUNCE INSPECT THE CONTENT OF DELIVERY STATUS NOTIFICATIONS.

        notify Inspect the content of postmaster notifications by  the  smtp(8)
               and smtpd(8) processes.

        NOTE:  It's  generally  not  safe to enable content inspection of Post-
        fix-generated email messages. The user is warned.

        This feature is available in Postfix 2.3 and later.

sorry

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
bounce_queue_lifetime = 5h
broken_sasl_auth_clients = yes
compatibility_level = 2
default_destination_concurrency_limit = 100
default_destination_recipient_limit = 100
default_process_limit = 850
delay_warning_time = 0h
disable_vrfy_command = yes
enable_long_queue_ids = yes
header_checks = pcre:/etc/postfix/header_checks.pcre
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
lmtp_destination_concurrency_limit = 100
lmtp_destination_recipient_limit = 1
lpolicyd = check_policy_service { unix:private/policyd-lemat3, 
timeout=4s, default_action=DUNNO }
mailbox_size_limit = 0
max_idle = 1200s
max_use = 150
maximal_queue_lifetime = 24h
message_size_limit = 146800640
myhostname = mx-node1.domain.ltd
mynetworks = 127.0.0.0/8, xxx.xxx.xxx.xxx/32
myorigin = /etc/mailname
policy-spf_time_limit = 3600
postscreen_access_list = permit_mynetworks 
cidr:/etc/postfix/postscreen_access.cidr 
cidr:/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_blacklist_action = ignore
proxy_read_maps = $canonical_maps $lmtp_generic_maps 
$local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps 
$recipient_canonical_maps $relay_domains $relay_recipient_maps 
$relocated_maps $sender_bcc_maps $sender_canonical_maps 
$smtp_generic_maps $smtpd_sender_login_maps $transport_maps 
$virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains 
$virtual_mailbox_maps $smtpd_sender_restrictions 
$sender_dependent_relayhost_maps 
proxy:mysql:/etc/postfix/mysql_whitelist_recipient.cf
readme_directory = no
recipient_delimiter = +
smtp-amavis_destination_recipient_limit = 1
smtp_connection_reuse_time_limit = 400s
smtp_data_done_timeout = 1600s
smtp_rcpt_timeout = 900s
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_connection_count_limit = 200
smtpd_client_restrictions = check_client_access 
cidr:/etc/postfix/client_checks, check_client_access 
cidr:/etc/postfix/amavis_bypass, reject_unauth_pipelining, permit
smtpd_data_restrictions = check_policy_service { inet:127.0.0.1:10040 
timeout=2s, default_action=DUNNO } reject_unauth_pipelining, 
reject_multi_recipient_bounce, permit
smtpd_enforce_tls = no
smtpd_hard_error_limit = 50
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access 
pcre:/etc/postfix/helo_access.pcre reject_unauth_pipelining, 
reject_invalid_helo_hostname reject_non_fqdn_helo_hostname 
reject_unknown_helo_hostname
smtpd_proxy_timeout = 240s
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = check_recipient_access 
hash:/etc/postfix/bad_recipients, reject_unauth_pipelining, 
reject_non_fqdn_recipient, reject_unknown_sender_domain, 
reject_unknown_recipient_domain, permit_mynetworks, 
permit_sasl_authenticated, check_client_access 
hash:/etc/postfix/whitelista, reject_unauth_destination, lpolicyd, 
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, 
check_recipient_access mysql:/etc/postfix/mysql_whitelist_recipient.cf, 
reject_invalid_hostname, check_sender_mx_access 
cidr:/etc/postfix/mx_access.cidr, check_policy_service 
unix:private/policy-spf, reject_unlisted_recipient, check_client_access 
cidr:/etc/postfix/rbl_override, reject_rbl_client 
b.barracudacentral.org, reject_rbl_client dynamic.rbl.tld, 
reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, 
reject_rbl_client cbl.abuseat.org, reject_rbl_client dnsbl.sorbs.net, permit
smtpd_restriction_classes = lpolicyd
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks check_sender_access 
pcre:/etc/postfix/sender_checks.pcre reject_unknown_sender_domain 
reject_unknown_reverse_client_hostname, reject_non_fqdn_sender 
reject_unknown_address, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 20
smtpd_tls_CAfile = /etc/pki/tls/certs/cert.crt
smtpd_tls_cert_file = /etc/pki/tls/certs/cert.pem
smtpd_tls_key_file = /etc/pki/tls/private/cert.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 600s
smtpd_use_tls = yes
smtputf8_enable = no
strict_rfc821_envelopes = yes
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
virtual_alias_expansion_limit = 2800
virtual_alias_maps = $virtual_mailbox_maps, 
proxy:mysql:/etc/postfix/mysql/mysql_virtual_aliases.cf, 
proxy:mysql:/etc/postfix/mysql/mysql_virtual_forward.cf, 
proxy:mysql:/etc/postfix/mysql/mysql_catchall.cf
virtual_gid_maps = static:300
virtual_mailbox_domains = proxy:mysql:/etc/postfix/map.sql
virtual_mailbox_maps = 
proxy:mysql:/etc/postfix/mysql/mysql_virtual_mailbox2.cf
virtual_minimum_uid = 300
virtual_transport = lmtp:inet:xxx.xxx.xxx.2:24
virtual_uid_maps = static:300
--