Re: spamassassin spampref problem with alias
nik600 wrote: Hi to all. I've go a problem: i've set up postfix to call a script in master.cf: smtp inet n - n - - smtpd -o content_filter=filter:dummy filterunix - n n - 20 pipe flags=Rq user=filter argv=/var/antispam/myscript -f ${sender} -- ${recipient} /var/antispam/myscript is a script shell that submit the mail using spamc to spamd. Spamc is invoked using spamc -u $4 where $4 is the destination user. Now, suppose that $4 is [EMAIL PROTECTED] and [EMAIL PROTECTED] is an alias to [EMAIL PROTECTED] [EMAIL PROTECTED] has a spam score of 4 in the spampref table. with these configuration, [EMAIL PROTECTED] receives the email, but these email has been checked with a default spam score, and not with the spam score of 4. I'd like to scan the email with the preference of the real user that receives the email, is it possibile? Is it possible to scan the email AFTER postfix has determined the real user/users associated to the email? (even if this can imply to re-scan the email multiple times one for each user associated to the alias). unless you disable address rewrite, the filter should get the address after it was expanded. so your problem doesn't match your description. show your master.cf and the output of 'psoctonf -n'.
Re: spamassassin spampref problem with alias
master.cf: smtp inet n - n - - smtpd -o content_filter=filter:dummy 9009 inet n - n - - smtpd -o content_filter=filter:dummy filterunix - n n - 20 pipe flags=Rq user=filter argv=/var/antispam/myscript -f ${sender} -- ${recipient} policy unix - n n - 0 spawn user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtpsinet n - n - - smtpd # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inetn - n - - smtpd # -o smtpd_etrn_restrictions=reject # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes #628 inet n - n - - qmqpd pickupfifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgrunix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounceunix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verifyunix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scacheunix - - n - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmailunix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient retry unix - - n - - error proxywrite unix - - n - 1 proxymap postconf -n: alias_database = hash:/etc/mail/aliases alias_maps = hash:/etc/mail/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix disable_vrfy_command = yes html_directory = no mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man message_size_limit = 10024 mydestination = $transport_maps mydomain = foo.com myhostname = server.foo.com myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf,hash:/etc/postfix/relay sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_host_lookup = native,dns smtpd_client_connection_count_limit = 50 smtpd_client_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender, reject_rbl_client list.dsbl.org,reject_rbl_client sbl-xbl.spamhaus.org,reject_non_fqdn_hostname,reject_non_fqdn_recipient smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,check_sender_access hash:/etc/postfix/whitelist/whitelist_reject_non_fqdn_sender,reject_non_fqdn_sender,reject_non_fqdn_sender,reject_unauth_destination,reject_unauth_pipelining,reject_rbl_client list.dsbl.org,reject_rbl_client sbl-xbl.spamhaus.org,reject_non_fqdn_hostname,reject_non_fqdn_recipient smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_path = sasl2/smtpd smtpd_sasl_security_options = noanonymous smtpd_sasl_type = cyrus smtpd_sender_restrictions =
Re: spamassassin spampref problem with alias
nik600 wrote: master.cf: smtp inet n - n - - smtpd -o content_filter=filter:dummy 9009 inet n - n - - smtpd -o content_filter=filter:dummy filterunix - n n - 20 pipe flags=Rq user=filter argv=/var/antispam/myscript -f ${sender} -- ${recipient} policy unix - n n - 0 spawn user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl You do not specify how the content_filter returns to postfix. With the current config, you would need 'receive_override_options = no_address_mappings' in main.cf *and* '-o receive_override_options=' in master.cf on the return of the filter to Postfix. If the filter was not meant to return to Postfix, then it cannot be accomplished. Also, I've commented on your postconf too. One area is of critical importance to check. postconf -n: mydestination = $transport_maps This could seriously break things if you ever set transport_maps. Anything in transport_maps should just be that. If you want to disable local delivery, set 'mydestination = '. Note: this breaks cron and possibly other notifications if myorigin is not defined in a different address class. mydomain = foo.com myhostname = server.foo.com myorigin = $mydomain [...] relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf,hash:/etc/postfix/relay relay_domains with no relay_recipient_maps can make you a Backscatter source. smtpd_client_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender, reject_rbl_client list.dsbl.org,reject_rbl_client sbl-xbl.spamhaus.org,reject_non_fqdn_hostname,reject_non_fqdn_recipient dsbl.org is dead. Best to remove it to avoid future false positives. reject_non_fqdn_(sender|recipient) have no effect here since you don't know them yet. You don't specify which Postfix version you have. reject_non_fqdn_hostname was renamed in 2.3+ to reject_non_fqdn_helo_hostname (probably to clarify it's meaning) It only has meaning in helo restrictions or later (helo, sender, recipient, etc.) smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,check_sender_access hash:/etc/postfix/whitelist/whitelist_reject_non_fqdn_sender,reject_non_fqdn_sender,reject_non_fqdn_sender,reject_unauth_destination,reject_unauth_pipelining,reject_rbl_client list.dsbl.org,reject_rbl_client sbl-xbl.spamhaus.org,reject_non_fqdn_hostname,reject_non_fqdn_recipient Why query rbls twice? You already covered them in client restrictions. You must really not want non fqdn sender to check twice here, once in sender_restrictions and once in client_restrictions *WARNING*: an OK in whitelist_reject_non_fqdn_sender will make you an open relay if a spammer can guess an address in there. If you have OK in there, *fix it now*! At minimum, put permit_auth_destination *OR* (suggested) remove it, along with the reject_non_fqdn_sender's, and let sender_restrictions take care of it. smtpd_sender_restrictions = permit_sasl_authenticated,permit_mynetworks,check_sender_access hash:/etc/postfix/whitelist/whitelist_reject_non_fqdn_sender,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_non_fqdn_hostname,reject_non_fqdn_recipient non_fqdn_recipient is unknown at this stage. Brian On Thu, Nov 13, 2008 at 5:08 PM, mouss [EMAIL PROTECTED] wrote: nik600 wrote: Hi to all. I've go a problem: i've set up postfix to call a script in master.cf: smtp inet n - n - - smtpd -o content_filter=filter:dummy filterunix - n n - 20 pipe flags=Rq user=filter argv=/var/antispam/myscript -f ${sender} -- ${recipient} /var/antispam/myscript is a script shell that submit the mail using spamc to spamd. Spamc is invoked using spamc -u $4 where $4 is the destination user. Now, suppose that $4 is [EMAIL PROTECTED] and [EMAIL PROTECTED] is an alias to [EMAIL PROTECTED] [EMAIL PROTECTED] has a spam score of 4 in the spampref table. with these configuration, [EMAIL PROTECTED] receives the email, but these email has been checked with a default spam score, and not with the spam score of 4. I'd like to scan the email with the preference of the real user that receives the email, is it possibile? Is it possible to scan the email AFTER postfix has determined the real user/users associated to the email? (even if this can imply to re-scan the email multiple times one for each user associated to the alias). unless you disable address rewrite, the filter should get the address after it was expanded. so your problem doesn't match your description. show your master.cf and the output of 'psoctonf -n'.
Re: spamassassin spampref problem with alias
nik600 wrote: master.cf: smtp inet n - n - - smtpd -o content_filter=filter:dummy 9009 inet n - n - - smtpd -o content_filter=filter:dummy filterunix - n n - 20 pipe flags=Rq user=filter argv=/var/antispam/myscript -f ${sender} -- ${recipient} [snip] postconf -n: [snip] I see nowhere where you disable address rewrite. so you shouldn't see the problem you described. can you show logs that prove that the filter gets the non expanded address? You can also log the addresses in your script. PS. If your script cannot handle multiple recipients, then you want: filter_destination_recipient_limit = 1