Re: Disclaimer with always_bcc and config problems
On 2011-09-13 00:42, mouss wrote: Le 13/09/2011 00:04, Jeroen Geilman a écrit : On 2011-09-12 06:21, Alex wrote: Hi, I'm trying to configure a disclaimer footer using altermime with postfix-2.7.5, amavisd-new-2.6.4. I've tried to follow the examples for creating a new filter, but the messages appear to be being reinjected at the wrong spot and are being delivered multiple times to the always_bcc recipient. I thought I could outline my current config, and someone could help me to find what I'm missing. I have about twenty virtual domains, but it would be okay to use the same disclaimer footer text for each domain. I'd also like to be sure SASL authenticated clients are permitted as well. I'm not sure this configuration will only work with my domains, and only on outbound mail. How is this controlled? By limiting the scope of the setting to one or more individual daemons. Settings in main.cf affect all instances of any particular daemon. If you need this controlled per domain, either use a recipient access map with a FILTER action to select among multiple filters, or take care of the domain in the content_filter. For 20 domains, adding 20 filters is probably not the easiest solution. Just parse the domain part in your content_filter and act appropriately. smtp inet n - n - - smtpd -o receive_override_options=no_address_mappings -o content_filter=filter:dummy I would suggest not naming an actual filter something as generic as filter - use footer instead, in this case. Also, smtP(8) does not receive mail, so this is not the correct place to apply these settings - they achieve nothing. the above is an smtpD. see end of line. the smtp at start of line is the name of the service to be found in /etc/services, ie: smtp=25. Ugh, brainfart. submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o receive_override_options=no_address_mappings -o content_filter=filter:dummy They do here, since submission is an smtpD(8) listener. It is also an smtpD, but not because it's named submission. That's not what I said. it is an smtpd as indicated by the last token in the line. again, submission simply means use the port in /etc/services that corresponds to submission. The intended recipient receives a copy of the message, but the always_bcc user receives the message multiple times. Yes; always_bcc is invoked on receiving mail. If you re-inject mail (as you must after it is passed off to a content_filter), it is received for the second time. Everything in main.cf is applied anew, including always_bcc. The re-injection listener (which should NOT be the same daemon as your normal smtpd(8) listener!) should not apply always_bcc, so set your receive_override_options there. You should also be very, very careful about bouncing mail to your always_bcc address - consider what the result is. In practical terms, the recipient in always_bcc should never bounce, or you will have problems. Aside from the nitpicking, no comments on the actual contents ? -- J.
Re: Disclaimer with always_bcc and config problems
On 2011-09-12 06:21, Alex wrote: Hi, I'm trying to configure a disclaimer footer using altermime with postfix-2.7.5, amavisd-new-2.6.4. I've tried to follow the examples for creating a new filter, but the messages appear to be being reinjected at the wrong spot and are being delivered multiple times to the always_bcc recipient. I thought I could outline my current config, and someone could help me to find what I'm missing. I have about twenty virtual domains, but it would be okay to use the same disclaimer footer text for each domain. I'd also like to be sure SASL authenticated clients are permitted as well. I'm not sure this configuration will only work with my domains, and only on outbound mail. How is this controlled? By limiting the scope of the setting to one or more individual daemons. Settings in main.cf affect all instances of any particular daemon. If you need this controlled per domain, either use a recipient access map with a FILTER action to select among multiple filters, or take care of the domain in the content_filter. For 20 domains, adding 20 filters is probably not the easiest solution. Just parse the domain part in your content_filter and act appropriately. smtp inet n - n - - smtpd -o receive_override_options=no_address_mappings -o content_filter=filter:dummy I would suggest not naming an actual filter something as generic as filter - use footer instead, in this case. Also, smtP(8) does not receive mail, so this is not the correct place to apply these settings - they achieve nothing. submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o receive_override_options=no_address_mappings -o content_filter=filter:dummy They do here, since submission is an smtpD(8) listener. The intended recipient receives a copy of the message, but the always_bcc user receives the message multiple times. Yes; always_bcc is invoked on receiving mail. If you re-inject mail (as you must after it is passed off to a content_filter), it is received for the second time. Everything in main.cf is applied anew, including always_bcc. The re-injection listener (which should NOT be the same daemon as your normal smtpd(8) listener!) should not apply always_bcc, so set your receive_override_options there. You should also be very, very careful about bouncing mail to your always_bcc address - consider what the result is. In practical terms, the recipient in always_bcc should never bounce, or you will have problems. -- J.
Re: Disclaimer with always_bcc and config problems
Le 13/09/2011 00:04, Jeroen Geilman a écrit : On 2011-09-12 06:21, Alex wrote: Hi, I'm trying to configure a disclaimer footer using altermime with postfix-2.7.5, amavisd-new-2.6.4. I've tried to follow the examples for creating a new filter, but the messages appear to be being reinjected at the wrong spot and are being delivered multiple times to the always_bcc recipient. I thought I could outline my current config, and someone could help me to find what I'm missing. I have about twenty virtual domains, but it would be okay to use the same disclaimer footer text for each domain. I'd also like to be sure SASL authenticated clients are permitted as well. I'm not sure this configuration will only work with my domains, and only on outbound mail. How is this controlled? By limiting the scope of the setting to one or more individual daemons. Settings in main.cf affect all instances of any particular daemon. If you need this controlled per domain, either use a recipient access map with a FILTER action to select among multiple filters, or take care of the domain in the content_filter. For 20 domains, adding 20 filters is probably not the easiest solution. Just parse the domain part in your content_filter and act appropriately. smtp inet n - n - - smtpd -o receive_override_options=no_address_mappings -o content_filter=filter:dummy I would suggest not naming an actual filter something as generic as filter - use footer instead, in this case. Also, smtP(8) does not receive mail, so this is not the correct place to apply these settings - they achieve nothing. the above is an smtpD. see end of line. the smtp at start of line is the name of the service to be found in /etc/services, ie: smtp=25. submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o receive_override_options=no_address_mappings -o content_filter=filter:dummy They do here, since submission is an smtpD(8) listener. It is also an smtpD, but not because it's named submission. it is an smtpd as indicated by the last token in the line. again, submission simply means use the port in /etc/services that corresponds to submission. The intended recipient receives a copy of the message, but the always_bcc user receives the message multiple times. Yes; always_bcc is invoked on receiving mail. If you re-inject mail (as you must after it is passed off to a content_filter), it is received for the second time. Everything in main.cf is applied anew, including always_bcc. The re-injection listener (which should NOT be the same daemon as your normal smtpd(8) listener!) should not apply always_bcc, so set your receive_override_options there. You should also be very, very careful about bouncing mail to your always_bcc address - consider what the result is. In practical terms, the recipient in always_bcc should never bounce, or you will have problems.
Re: Disclaimer with always_bcc and config problems
Le 12/09/2011 06:21, Alex a écrit :
Hi,
I'm trying to configure a disclaimer footer using altermime with
postfix-2.7.5, amavisd-new-2.6.4. I've tried to follow the examples
for creating a new filter, but the messages appear to be being
reinjected at the wrong spot and are being delivered multiple times to
the always_bcc recipient.
I thought I could outline my current config, and someone could help me
to find what I'm missing. I have about twenty virtual domains, but it
would be okay to use the same disclaimer footer text for each domain.
I'd also like to be sure SASL authenticated clients are permitted as
well.
I'm not sure this configuration will only work with my domains, and
only on outbound mail. How is this controlled?
smtp inet n - n - - smtpd
-o receive_override_options=no_address_mappings
-o content_filter=filter:dummy
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o receive_override_options=no_address_mappings
-o content_filter=filter:dummy
filter unix - n n - - pipe
flags=Rq user=filter argv=/etc/postfix/disclaimer.sh -f
${sender} -- ${recipient}
The 'filter' users exists, and disclaimer.sh contains the actual
altermime command:
#!/bin/sh
INSPECT_DIR=/tmp
SENDMAIL=/usr/sbin/sendmail
# Exit codes from sysexits.h
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
# Clean up when done or when aborting.
trap rm -f in.$$ 0 1 2 3 15
# Start processing.
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit
$EX_TEMPFAIL; }
cat in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }
# obtain From address
from_address=`grep -m 1 From: in.$$ | cut -d -f 2 | cut -d -f 1`
/usr/bin/altermime --input=in.$$ \
--disclaimer=/etc/postfix/disclaimer.txt \
--disclaimer-html=/etc/postfix/disclaimer.txt \
--xheader=X-Copyrighted-Material: Please visit
http://www.mydomain.com/privacy.htm; || \
{ echo Message content rejected; exit $EX_UNAVAILABLE; }
$SENDMAIL $@ in.$$
exit $?
The intended recipient receives a copy of the message, but the
always_bcc user receives the message multiple times.
you didn't show the long awaited evidence: logs, logs, ...
in the absence of evidence, let's call crystal ball mamma.
I guess you tested this by sending mail using the sendmail command? if
so, your settings in smtp and submission are useless, since sendmail
uses pickup. and no, there is only one pickup per instance, you can't
simply disable address rewrite. some choices:
- ignore the sendmail case, if you don't care about sendmail mail
- in your altermime script, resubmit mail using smtp instead of sendmail
- use multiple postfix instances (taht is: run postfix multiple times,
each with its own config dir, data dir, queue dir, ... etc). in this
case, you can specify the instance for the sendmail command.
