Re: [AMaViS-user] Amavisd-new in a separate machine
Now everything works fine. I just made one change on master.cf Instead of using smtp_fallback_relay, I used just fallback_relay: amavis unix - - n - 12smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o fallback_relay=127.0.0.1:10024 I am usgin RHEL 4 and the postfix version that is shipped with it. Postfix-2.2.10 I don't know if that is the cause. Well it works fine. Thank you. Sorry, I forgot RedHat supplied antique software. smtp_fallback_relay is the name for that parameter since 2005. I have another question. I want to make few whitelist. Can you help? I want one domain to be whitelisted from spam filtering when sending out. All the emails destined to that domain still has to be scanned but I would like to bypass outgoing messages from specific domains. How can I do this? Have them submit mail to an alternate postfix smtp listener that has -o content_filter= ie. an empty value to disable the content filter completely. Thank you, Justin -- Noel Jones Thanks, I am seeing some problem. I think it is related to the number of processes. In my postfix server, I set -- /etc/postfix/main.cf: default_destination_concurrency_limit = 20 default_process_limit = 150 smtpd_error_sleep_time = 1s smtpd_hard_error_limit = 20 smtpd_helo_required = yes smtpd_recipient_limit = 1000 smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unknown_sender_domain smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_sasl_authenticated smtpd_timeout = 60s And in my amavisd.conf in a separate machine - /etc/amavisd.conf: $max_servers = 12 - I didn't quiet understand how to configure my server to its best form. What is the reasonable numbers between amavis max_servers, default_destination_concurrency_limit and default_process_limit in postfix. When I use my postfix server to scan everything (amavis in localhost) the emails are delivered instantly. But when I use the separate spam filtering (separate machine for Amavis) then I see delays on delivering messages. And Huge backlog on active queue in postfix server. Can someone help me? Thank you, Justin. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new in a separate machine
At 11:47 PM 9/6/2007, Justin Kim wrote: Okay it gets more and more tricky. I guess that is because I am just starting to learn some of these from scratch. I would like to have my amavis1 server to serve as main spam filter. And for some reason if amavis1 is down, how can I configure postfix server to use it's localhost amavis to filter spams? Yes, this is possible. amavis unix - - n - 12smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes add to the above: -o smtp_fallback_relay=amavis[127.0.0.1]:10024 -- Noel Jones - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new in a separate machine
I wanted to offload amavis to a separate machine. [...] Sep 6 15:19:04 postfixmailserver postfix/smtp[6288]: connect to 10.150.150.1[10.150.150.1]: Connection refused (port 10024) amavisd.conf: $inet_socket_bind = undef; @inet_acl = qw( 127.0.0.1 [::1] 10.150.150.0/24 ); amavisd.conf-sample tells: # SMTP SERVER (INPUT) access control # - do not allow free access to the amavisd SMTP port !!! # # when MTA is at the same host, use the following (one or the other or both): #$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface # (default is '127.0.0.1') @inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP # (default is qw(127.0.0.1 [::1]) ) # when MTA (one or more) is on a different host, use the following: [EMAIL PROTECTED] = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2); # adjust list as needed #$inet_socket_bind = undef; # bind to all IP interfaces if undef Mark Thank you Mark, I really appreciate your reply. Now I think the connection is established. But I don't think the amavis server is passing the messages back to my original postfix server (port 10025) I get Sep 6 16:10:33 amavis1 amavis[29474]: (29474-01) (!)rw_loop read failed: Connection refused Sep 6 16:10:33 amavis1 amavis[29474]: (29474-01) (!)FWD via SMTP: [EMAIL PROTECTED] - [EMAIL PROTECTED], 451 4.5.0 From MTA([127.0.0.1]:10025) during fwd-connect (Negative greeting: at (eval 42) line 442, GEN5 line 233.): id=29474-01 Sep 6 16:10:33 amavis1 amavis[29474]: (29474-01) Blocked MTA-BLOCKED, LOCAL [10.100.7.7] [EMAIL PROTECTED] - [EMAIL PROTECTED], Message-ID: [EMAIL PROTECTED], mail_id: 2u9tlUoBjNvA, Hits: -1.439, size: 8747, 245 ms And I set the /etc/amavisd.conf # OTHER MORE COMMON SETTINGS (defaults may suffice): # $myhostname = 'host.example.com'; # must be a fully-qualified domain name! # $notify_method = 'smtp:[127.0.0.1]:10025'; # $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_BOUNCE; $final_spam_destiny = D_PASS; $final_bad_header_destiny = D_PASS; # $os_fingerprint_method = 'p0f:127.0.0.1:2345'; # to query p0f-analyzer.pl Should I uncomment notify method and others too? Thank you, Justin - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new in a separate machine
Justin, I wanted to offload amavis to a separate machine. [...] Sep 6 15:19:04 postfixmailserver postfix/smtp[6288]: connect to 10.150.150.1[10.150.150.1]: Connection refused (port 10024) amavisd.conf: $inet_socket_bind = undef; @inet_acl = qw( 127.0.0.1 [::1] 10.150.150.0/24 ); amavisd.conf-sample tells: # SMTP SERVER (INPUT) access control # - do not allow free access to the amavisd SMTP port !!! # # when MTA is at the same host, use the following (one or the other or both): #$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface # (default is '127.0.0.1') @inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP # (default is qw(127.0.0.1 [::1]) ) # when MTA (one or more) is on a different host, use the following: [EMAIL PROTECTED] = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2); # adjust list as needed #$inet_socket_bind = undef; # bind to all IP interfaces if undef Mark - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new in a separate machine
On Thu, Sep 06, 2007 at 04:12:31PM -0700, Justin Kim wrote: I wanted to offload amavis to a separate machine. [...] Sep 6 15:19:04 postfixmailserver postfix/smtp[6288]: connect to 10.150.150.1[10.150.150.1]: Connection refused (port 10024) amavisd.conf: $inet_socket_bind = undef; @inet_acl = qw( 127.0.0.1 [::1] 10.150.150.0/24 ); amavisd.conf-sample tells: # SMTP SERVER (INPUT) access control # - do not allow free access to the amavisd SMTP port !!! # # when MTA is at the same host, use the following (one or the other or both): #$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface # (default is '127.0.0.1') @inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP # (default is qw(127.0.0.1 [::1]) ) # when MTA (one or more) is on a different host, use the following: [EMAIL PROTECTED] = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2); # adjust list as needed #$inet_socket_bind = undef; # bind to all IP interfaces if undef Mark Thank you Mark, I really appreciate your reply. Now I think the connection is established. But I don't think the amavis server is passing the messages back to my original postfix server (port 10025) That's because it has no way to know that's what you want? You need to look closely at the config lines you quote below: Sep 6 16:10:33 amavis1 amavis[29474]: (29474-01) (!)rw_loop read failed: Connection refused Sep 6 16:10:33 amavis1 amavis[29474]: (29474-01) (!)FWD via SMTP: [EMAIL PROTECTED] - [EMAIL PROTECTED], 451 4.5.0 From MTA([127.0.0.1]:10025) during fwd-connect (Negative greeting: at (eval 42) line 442, GEN5 line 233.): id=29474-01 .. And I set the /etc/amavisd.conf # OTHER MORE COMMON SETTINGS (defaults may suffice): # $myhostname = 'host.example.com'; # must be a fully-qualified domain name! # $notify_method = 'smtp:[127.0.0.1]:10025'; # $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! So instead of 127.0.0.1, set these to the IP address where you actually want to send it. Forward_method is for delivering the mail, set this to the IP address of your Postfix server. (Notify is for sending NDRs, so this also needs to point to a valid postfix server.) Also, to forestall another round of trouble, before you change this you should check your Postfix server's master.cf and make sure that it has a listener on port 10025 and that it's bound to the reachable IP address you're using, not to 127.0.0.1. (Otherwise amavisd will try to reach the correct server, but find it is not listening.) -- Clifton -- Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED] President - I and I Computing * http://www.iandicomputing.com/ Custom programming, network design, systems and network consulting services - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new in a separate machine
On Thu, Sep 06, 2007 at 09:10:45PM -0700, Justin Kim wrote: # OTHER MORE COMMON SETTINGS (defaults may suffice): # $myhostname = 'amavis1.websitedynamics.com'; # must be a fully-qualified domain name! $notify_method = '[10.150.10.7]:10025'; $forward_method = '[10.150.10.7]:10025'; # set to undef with milter! You forgot the smtp: tag on the above, but just remove the two lines above since they're wrong and the next two are correct. #$forward_method = 'smtp:[10.150.10.7]:10025'; # set to undef with milter! #$notify_method = $forward_method; The above two lines are correct, but commented out. Just remove the leading # to activate them, and restart amavisd-new. -- Noel Jones - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new in a separate machine
# $myhostname = 'amavis1.websitedynamics.com'; # must be a fully-qualified domain name! $notify_method = '[10.150.10.7]:10025'; $forward_method = '[10.150.10.7]:10025'; # set to undef with milter! You forgot the smtp: tag on the above, but just remove the two lines above since they're wrong and the next two are correct. #$forward_method = 'smtp:[10.150.10.7]:10025'; # set to undef with milter! #$notify_method = $forward_method; The above two lines are correct, but commented out. Just remove the leading # to activate them, and restart amavisd-new. Thank you Noel, I got it working. :) Okay it gets more and more tricky. I guess that is because I am just starting to learn some of these from scratch. I would like to have my amavis1 server to serve as main spam filter. And for some reason if amavis1 is down, how can I configure postfix server to use it's localhost amavis to filter spams? It was already configure to do intensive spam filtering on localhost. I just wanted offload spam filtering to another dedicated server. my original /etc/postfix/master.cf shows: smtp inet n - n - 150 smtpd # amavis unix- - n - 12 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes # 127.0.0.1:10025inetn - n - - smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks And with the new amavis1 server, my new /etc/postfix/master.cf shows : smtp inet n - n - 150 smtpd # amavis unix - - n - 12smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes # 10.150.10.7:10025 inetn - n - - smtpd -o smtpd_authorized_xforward_hosts=10.0.0.0/8 -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8,10.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks # - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new in a separate machine
On Thu, Sep 06, 2007 at 04:12:31PM -0700, Justin Kim wrote: I wanted to offload amavis to a separate machine. [...] Sep 6 15:19:04 postfixmailserver postfix/smtp[6288]: connect to 10.150.150.1[10.150.150.1]: Connection refused (port 10024) amavisd.conf: $inet_socket_bind = undef; @inet_acl = qw( 127.0.0.1 [::1] 10.150.150.0/24 ); amavisd.conf-sample tells: # SMTP SERVER (INPUT) access control # - do not allow free access to the amavisd SMTP port !!! # # when MTA is at the same host, use the following (one or the other or both): #$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface # (default is '127.0.0.1') @inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP # (default is qw(127.0.0.1 [::1]) ) # when MTA (one or more) is on a different host, use the following: [EMAIL PROTECTED] = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2); # adjust list as needed #$inet_socket_bind = undef; # bind to all IP interfaces if undef Mark Thank you Mark, I really appreciate your reply. Now I think the connection is established. But I don't think the amavis server is passing the messages back to my original postfix server (port 10025) That's because it has no way to know that's what you want? You need to look closely at the config lines you quote below: Sep 6 16:10:33 amavis1 amavis[29474]: (29474-01) (!)rw_loop read failed: Connection refused Sep 6 16:10:33 amavis1 amavis[29474]: (29474-01) (!)FWD via SMTP: [EMAIL PROTECTED] - [EMAIL PROTECTED], 451 4.5.0 From MTA([127.0.0.1]:10025) during fwd-connect (Negative greeting: at (eval 42) line 442, GEN5 line 233.): id=29474-01 .. And I set the /etc/amavisd.conf # OTHER MORE COMMON SETTINGS (defaults may suffice): # $myhostname = 'host.example.com'; # must be a fully-qualified domain name! # $notify_method = 'smtp:[127.0.0.1]:10025'; # $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! So instead of 127.0.0.1, set these to the IP address where you actually want to send it. Forward_method is for delivering the mail, set this to the IP address of your Postfix server. (Notify is for sending NDRs, so this also needs to point to a valid postfix server.) Also, to forestall another round of trouble, before you change this you should check your Postfix server's master.cf and make sure that it has a listener on port 10025 and that it's bound to the reachable IP address you're using, not to 127.0.0.1. (Otherwise amavisd will try to reach the correct server, but find it is not listening.) -- Clifton Thanks Clifton, I used correct forward method and I think I am still missing amavis configuration. I cannot find a correct documentation or google search. I must be searching in the wrong place. :( Can someone help to finalize my configuration please? From /etc/amavisd.conf # OTHER MORE COMMON SETTINGS (defaults may suffice): # $myhostname = 'amavis1.websitedynamics.com'; # must be a fully-qualified domain name! $notify_method = '[10.150.10.7]:10025'; $forward_method = '[10.150.10.7]:10025'; # set to undef with milter! #$forward_method = 'smtp:[10.150.10.7]:10025'; # set to undef with milter! #$notify_method = $forward_method; $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_BOUNCE; $final_spam_destiny = D_PASS; $final_bad_header_destiny = D_PASS; # $os_fingerprint_method = 'p0f:127.0.0.1:2345'; # to query p0f-analyzer.pl - From maillog: Sep 6 20:59:58 amavis1 amavis[3498]: (03498-01) (!!)TROUBLE: recipient not done: [EMAIL PROTECTED] Sep 6 20:59:58 amavis1 amavis[3498]: (03498-01) (!!)TROUBLE in check_mail, but must continue (1): delivery-notification FAILED: Assert failed: 0, , at /usr/sbin/amavisd line 6848, GEN5 line 56. Sep 6 20:59:58 amavis1 amavis[3498]: (03498-01) (!!)TROUBLE in process_request: TROUBLE: (MISCONFIG?) not all recipients done, forward_method is: [10.150.10.7]:10025 at (eval 41) line 761, GEN5 line 56. Sep 6 20:59:58 amavis1 amavis[3498]: (03498-01) (!)Requesting process rundown after fatal error Sep 6 20:59:58 amavis1 amavis[3498]: (03498-01) (!)TempDir removal: tempdir is to be PRESERVED: /var/amavis/tmp/amavis-20070906T205958-03498 - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net
[AMaViS-user] Amavisd-new in a separate machine
Hi All, I just have a quick question. I wanted to offload amavis to a separate machine. I was using postfix+mysql+amavis for virtual domain and virtual user setup. I tried to setup a new amavis server then I thought I could easily offload amavis part from my original postfix server. But I get Sep 6 15:19:04 postfixmailserver postfix/smtp[6288]: connect to 10.150.150.1[10.150.150.1]: Connection refused (port 10024) The IP for amavis server is 10.150.150.1. I made hosts file to point that amavis server directly from my postfix server. I think I am missing some configuration. Can someone help me please? Thank you in advance. Justin - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/