On Thu, 02 Aug 2007 00:22:32 -0500
Noel Jones <njones AT megan.vbhcs DOT org> wrote:
> At 11:59 PM 8/1/2007, Marshal Newrock wrote:
> >Is it possible to use header/body checks to reject mail after it goes
> >through a milter?
> >
> >I am trying to use spamass-milter with postfix 2.4.3 to scan mail
> >before it is accepted, and then reject it based on score or if it
> >matches certain rules after being marked as spam. I have this
> >working with spampd, but using the milter seems like it would be a
> >little more reliable, and I also want to also get clamav into the
> >mix.
> >
> >After switching from spampd to spamass-milter, I noticed that it was
> >now bouncing messages instead of rejecting, so I promptly switched it
> >back.
>
> No, header_checks aren't applied to headers added by a milter.
> I suppose you have a content_filter and the bounces are caused by the
> after-filter postfix rejecting the mail.
Yes, there is a content_filter. I tried the milter again without the
content filter, and it didn't look like the header/body checks were
being run. A message with a score of 13 and which matched the BAYES_99
rule was not rejected, and both of those are rules for rejection.
With the current setup, mail on port 25 is not run through the
before-queue filter. Mail on port 2525 is. This is because the mail
server is part of a private network with a single public IP. It seemed
easiest to redirect incoming mail from the outside to port 2525 for
scanning, since internal mail doesn't get scanned.
So I guess my question is if there is a way to use milters, after-queue
content filters, and header/body checks together without bouncing
mail? If not, what do I need to do in order to use header and body
checks to reject mail after it has been scanned with the milter?
postconf -n and smtpd entries from master.cf below:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
body_checks = pcre:/usr/local/etc/postfix/Spamchecks/body_checks
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
debug_peer_level = 2
default_privs = spamd
error_notice_recipient = postmaster@XXXX
header_checks = pcre:/usr/local/etc/postfix/Spamchecks/header_checks
html_directory = no
local_recipient_maps = $alias_maps $virtual_alias_maps
$virtual_mailbox_maps mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mime_header_checks =
pcre:/usr/local/etc/postfix/Spamchecks/mime_header_checks
mydestination = localhost, lists.XXXX
myhostname = mail.XXXX
mynetworks = 127.0.0.0/8 192.168.1.0/24 192.168.3.0/24
192.168.4.0/24 192.168.5.0/24 192.168.10.0/24
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
notify_classes = 2bounce,resource,software
queue_directory = /var/spool/postfix
readme_directory = no
recipient_bcc_maps = hash:/usr/local/etc/postfix/recipient_bcc
recipient_delimiter = +
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
show_user_unknown_table_name = no
smtpd_data_restrictions = reject_unauth_pipelining warn_if_reject
reject_multi_recipient_bounce
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_sender warn_if_reject
reject_non_fqdn_recipient reject_unknown_sender_domain warn_if_reject
reject_unknown_recipient_domain reject_unlisted_recipient
warn_if_reject reject_unlisted_sender permit_mynetworks
reject_unauth_pipelining reject_unauth_destination
check_recipient_access
hash:/usr/local/etc/postfix/Spamchecks/allow_postmaster_receive
check_client_access
cidr:/usr/local/etc/postfix/Spamchecks/client_checks.cidr
check_client_access
pcre:/usr/local/etc/postfix/Spamchecks/client_checks.pcre
check_helo_access
hash:/usr/local/etc/postfix/Spamchecks/check_domain_spoof
check_helo_access pcre:/usr/local/etc/postfix/Spamchecks/helo_checks
check_sender_access
pcre:/usr/local/etc/postfix/Spamchecks/sender_checks
check_recipient_access
pcre:/usr/local/etc/postfix/Spamchecks/recipient_checks
check_sender_mx_access
cidr:/usr/local/etc/postfix/Spamchecks/check_sender_mx.cidr
reject_rbl_client sbl-xbl.spamhaus.org check_helo_access
hash:/usr/local/etc/postfix/Spamchecks/common_forged_webmail_helo
check_client_access
pcre:/usr/local/etc/postfix/Spamchecks/greylist_clients
smtpd_restriction_classes = common_forged_webmail, greylist
smtpd_soft_error_limit = 3
transport_maps = hash:/usr/local/etc/postfix/transport_maps
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
proxy:ldap:/usr/local/etc/postfix/virtual_aliases.ldap virtual_gid_maps
= static:225 virtual_mailbox_base = /var/mail
virtual_mailbox_domains = /usr/local/etc/postfix/virtual_domains
virtual_mailbox_maps = ldap:/usr/local/etc/postfix/virtual_users.ldap
virtual_uid_maps = static:225
master.cf:
smtp inet n - n - 20 smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_client_restrictions=permit_mynetworks,reject
-o content_filter=filter:dummy
:2525 inet n - n - 20 smtpd
# -o milter_default_action=accept
# -o smtpd_milters=unix:/var/run/spamass-milter.sock
# -o content_filter=filter:dummy
-o smtpd_proxy_filter=127.0.0.1:10024
-o smtpd_proxy_timeout=280
-o content_filter=
-o smtpd_client_connection_count_limit=10
# in-line content filter
:10025 inet n - n - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=
-o mynetworks=127.0.0.0/8,192.168.10.250
-o receive_override_options=no_unknown_recipient_checks
-o content_filter=filter:dummy
filter unix - n n - - pipe
user=filter argv=/usr/local/bin/filter.sh -f ${sender} --
${recipient}
--
Marshal Newrock
Ideal Solution, LLC - http://www.idealso.com
|
