Re: spamassassin spampref problem with alias
nik600 wrote:
Hi to all.
I've go a problem:
i've set up postfix to call a script in master.cf:
smtp inet n - n - - smtpd
-o content_filter=filter:dummy
filterunix - n n - 20 pipe
flags=Rq user=filter argv=/var/antispam/myscript -f ${sender}
-- ${recipient}
/var/antispam/myscript
is a script shell that submit the mail using spamc to spamd.
Spamc is invoked using spamc -u $4 where $4 is the destination user.
Now, suppose that $4 is [EMAIL PROTECTED] and [EMAIL PROTECTED] is an alias to
[EMAIL PROTECTED]
[EMAIL PROTECTED] has a spam score of 4 in the spampref table.
with these configuration, [EMAIL PROTECTED] receives the email, but these
email has been checked with a default spam score, and not with the
spam score of 4.
I'd like to scan the email with the preference of the real user that
receives the email, is it possibile?
Is it possible to scan the email AFTER postfix has determined the real
user/users associated to the email? (even if this can imply to re-scan
the email multiple times one for each user associated to the alias).
unless you disable address rewrite, the filter should get the address
after it was expanded. so your problem doesn't match your description.
show your master.cf and the output of 'psoctonf -n'.
Re: spamassassin spampref problem with alias
master.cf:
smtp inet n - n - - smtpd
-o content_filter=filter:dummy
9009 inet n - n - - smtpd
-o content_filter=filter:dummy
filterunix - n n - 20 pipe
flags=Rq user=filter argv=/var/antispam/myscript -f ${sender}
-- ${recipient}
policy unix - n n - 0 spawn
user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtpsinet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inetn - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickupfifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgrunix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounceunix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verifyunix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scacheunix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmailunix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
postconf -n:
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
disable_vrfy_command = yes
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 10024
mydestination = $transport_maps
mydomain = foo.com
myhostname = server.foo.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains =
proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf,hash:/etc/postfix/relay
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_host_lookup = native,dns
smtpd_client_connection_count_limit = 50
smtpd_client_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender,
reject_rbl_client list.dsbl.org,reject_rbl_client
sbl-xbl.spamhaus.org,reject_non_fqdn_hostname,reject_non_fqdn_recipient
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_invalid_hostname
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,check_sender_access
hash:/etc/postfix/whitelist/whitelist_reject_non_fqdn_sender,reject_non_fqdn_sender,reject_non_fqdn_sender,reject_unauth_destination,reject_unauth_pipelining,reject_rbl_client
list.dsbl.org,reject_rbl_client
sbl-xbl.spamhaus.org,reject_non_fqdn_hostname,reject_non_fqdn_recipient
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = sasl2/smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_sender_restrictions =
Re: spamassassin spampref problem with alias
nik600 wrote:
master.cf:
smtp inet n - n - - smtpd
-o content_filter=filter:dummy
9009 inet n - n - - smtpd
-o content_filter=filter:dummy
filterunix - n n - 20 pipe
flags=Rq user=filter argv=/var/antispam/myscript -f ${sender}
-- ${recipient}
policy unix - n n - 0 spawn
user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
You do not specify how the content_filter returns to postfix.
With the current config, you would need 'receive_override_options =
no_address_mappings' in main.cf *and*
'-o receive_override_options=' in master.cf on the return of the filter
to Postfix.
If the filter was not meant to return to Postfix, then it cannot be
accomplished.
Also, I've commented on your postconf too.
One area is of critical importance to check.
postconf -n:
mydestination = $transport_maps
This could seriously break things if you ever set transport_maps.
Anything in transport_maps should just be that.
If you want to disable local delivery, set 'mydestination = '.
Note: this breaks cron and possibly other notifications if myorigin is
not defined in a different address class.
mydomain = foo.com
myhostname = server.foo.com
myorigin = $mydomain
[...]
relay_domains =
proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf,hash:/etc/postfix/relay
relay_domains with no relay_recipient_maps can make you a Backscatter
source.
smtpd_client_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender,
reject_rbl_client list.dsbl.org,reject_rbl_client
sbl-xbl.spamhaus.org,reject_non_fqdn_hostname,reject_non_fqdn_recipient
dsbl.org is dead. Best to remove it to avoid future false positives.
reject_non_fqdn_(sender|recipient) have no effect here since you don't
know them yet.
You don't specify which Postfix version you have.
reject_non_fqdn_hostname was renamed in 2.3+ to
reject_non_fqdn_helo_hostname (probably to clarify it's meaning)
It only has meaning in helo restrictions or later (helo, sender,
recipient, etc.)
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,check_sender_access
hash:/etc/postfix/whitelist/whitelist_reject_non_fqdn_sender,reject_non_fqdn_sender,reject_non_fqdn_sender,reject_unauth_destination,reject_unauth_pipelining,reject_rbl_client
list.dsbl.org,reject_rbl_client
sbl-xbl.spamhaus.org,reject_non_fqdn_hostname,reject_non_fqdn_recipient
Why query rbls twice? You already covered them in client restrictions.
You must really not want non fqdn sender to check twice here, once in
sender_restrictions and once in client_restrictions
*WARNING*: an OK in whitelist_reject_non_fqdn_sender will make you an
open relay if a spammer can guess an address in there.
If you have OK in there, *fix it now*!
At minimum, put permit_auth_destination *OR* (suggested) remove it,
along with the reject_non_fqdn_sender's, and let sender_restrictions
take care of it.
smtpd_sender_restrictions =
permit_sasl_authenticated,permit_mynetworks,check_sender_access
hash:/etc/postfix/whitelist/whitelist_reject_non_fqdn_sender,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_non_fqdn_hostname,reject_non_fqdn_recipient
non_fqdn_recipient is unknown at this stage.
Brian
On Thu, Nov 13, 2008 at 5:08 PM, mouss [EMAIL PROTECTED] wrote:
nik600 wrote:
Hi to all.
I've go a problem:
i've set up postfix to call a script in master.cf:
smtp inet n - n - - smtpd
-o content_filter=filter:dummy
filterunix - n n - 20 pipe
flags=Rq user=filter argv=/var/antispam/myscript -f ${sender}
-- ${recipient}
/var/antispam/myscript
is a script shell that submit the mail using spamc to spamd.
Spamc is invoked using spamc -u $4 where $4 is the destination user.
Now, suppose that $4 is [EMAIL PROTECTED] and [EMAIL PROTECTED] is an alias
to
[EMAIL PROTECTED]
[EMAIL PROTECTED] has a spam score of 4 in the spampref table.
with these configuration, [EMAIL PROTECTED] receives the email, but these
email has been checked with a default spam score, and not with the
spam score of 4.
I'd like to scan the email with the preference of the real user that
receives the email, is it possibile?
Is it possible to scan the email AFTER postfix has determined the real
user/users associated to the email? (even if this can imply to re-scan
the email multiple times one for each user associated to the alias).
unless you disable address rewrite, the filter should get the address after
it was expanded. so your problem doesn't match your description.
show your master.cf and the output of 'psoctonf -n'.
Re: spamassassin spampref problem with alias
nik600 wrote:
master.cf:
smtp inet n - n - - smtpd
-o content_filter=filter:dummy
9009 inet n - n - - smtpd
-o content_filter=filter:dummy
filterunix - n n - 20 pipe
flags=Rq user=filter argv=/var/antispam/myscript -f ${sender}
-- ${recipient}
[snip]
postconf -n:
[snip]
I see nowhere where you disable address rewrite. so you shouldn't see
the problem you described. can you show logs that prove that the filter
gets the non expanded address? You can also log the addresses in your
script.
PS. If your script cannot handle multiple recipients, then you want:
filter_destination_recipient_limit = 1
