 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | Sep-2007 | Next-Thread | Next-Msg |
| Subject: | Re: Bypass Spam checks for certain destinations |
| Group: | Postfix-users |
| From: | mouss |
| Date: | 20 Sep 2007 |
> Hi all,
>
> I'm using postfix with the following setup:
>
> postfix -> dspam -> dbmail-smtp
>
> This is working great, however I also have some domains which I want to
> forward to other destinations (domains or email addresses). I don't want
> to invoke dspam for those destinations which are not located on my
> mailserver.
>
> In my master.cf I have configured a dspam transport (I have not
> content_filters):
>
> dspam unix - n n - - pipe
> flags=Ru user=dspam:dspam argv=/usr/bin/dspam --deliver=innocent
> --user ${recipient}
>
>
> In main.cf lookups go like this (complete main.cf at the end):
>
> mailbox_transport = dbmail-lmtp:localhost:24
> transport_maps = hash:/etc/postfix/transport
> virtual_alias_maps = pgsql:/etc/postfix/sql-forwards.cfg
> mydestination = pgsql:/etc/postfix/sql-mydestination.cfg
>
> /etc/postfix/transport
> spam dspam-retrain:spam
> ham dspam-retrain:innocent
>
> the sql-*.cfg files talk to a table which look likes this:
> CREATE TABLE postfix_destinations
> (
> destination_id serial NOT NULL,
> destination text NOT NULL, -- the domain
> active boolean NOT NULL DEFAULT true,
> "forward" boolean NOT NULL DEFAULT false, -- is this domain getting
> forwarded
> forward_to text, -- domain or email address
> CONSTRAINT postfix_destinations_pkey PRIMARY KEY (destination_id),
> )
>
> /etc/postfix/sql-forwards.cfg
> query = SELECT case when forward_to ~ '@' then forward_to else '%u@' ||
> forward_to end from postfix_destinations WHERE active='t' and
> forward='t' AND lower(destination)='%d'
>
> pgsql:/etc/postfix/sql-mydestination.cfg
> query = SELECT destination FROM postfix_destinations WHERE active='t'
> AND lower(destination)='%s'
>
> In smtpd_client_restrictions i have
> check_client_access pcre:/etc/postfix/dspam_filter_access
>
> where /etc/postfix/dspam_filter_access contains:
> /./ FILTER dspam:dspam
>
this is equivalent to setting
content_filter=dspam:dspam
>
> Now when I (user) sent email to a destination
> (user) which I want to forward to an external
> destination (user), I get this in my logs:
>
> Sep 20 00:09:34 pretpark postfix/smtpd[23448]: NOQUEUE: filter: RCPT
> from sending.mailserver.domain[x.x.x.x]:
> <sending.mailserver.domain[x.x.x.x]>: Client host triggers FILTER
> dspam:dspam; from=<user> to=<user>
> proto=ESMTP helo=<sending.mailserver.domain>
> Sep 20 00:09:36 pretpark postfix/pipe[22948]: 65A1E14B8C00:
> to=<user>, orig_to=<user>, relay=dspam,
> delay=3.6, delays=2/0/0/1.5, dsn=5.3.0, status=bounced (Command died
> with status 255: "/usr/bin/dspam")
>
you need to fix this. whatever your desire is, such errors should not
occur.
also, consider running dspam in relay mode instead of forking
/usr/bin/dspam. see dspam documentation or ask on dspam list for more
infos (google for dspam+relay+postfix).
> This is obviously not the desired way. I don't want dspam to get
> involved by postfix, but just let postfix send it to user.
>
> Two questions arise:
>
> 1. How can I actually forward the mail without invoking dspam?
The safe way is to use two postfix instances and to use transport_maps
to select the filter. If you're not ready for this, you can use
something like:
content_filter=
smtpd_recipient_restrictions =
...
check_recipient_access hash:/etc/postfix/filter_my_domains
...
== filter_my_domains:
mydomain1.example FILTER dspam:blahblah
mydomain2.example FILTER dspam:blahblah
This will only filter mail if one of the recipients is in the listed
domains. Note that any FILTER seeting encountered later (for example in
header_checks) will override this. Make sure to really understand this
and get it right: Only one filter is used for every message, even if the
message has multiple recipients (as said above, multiple instances and
transport_maps is the sfae option).
> 2. Is my current setup ok, or did I made some mistakes in the setup for
> forwarding domains?
>
> Here is the output of my postconf -n:
> [snip]
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> permit_mynetworks, reject_unauth_pipelining,
> reject_invalid_hostname, reject_unknown_sender_domain,
> reject_unknown_recipient_domain, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, reject_unauth_destination,
> reject_rbl_client combined.njabl.org, reject_rbl_client
> cbl.abuseat.org, reject_rbl_client list.dsbl.org,
> reject_rbl_client sbl.spamhaus.org, reject_rbl_client
> pbl.spamhaus.org, reject_rbl_client ipwhois.rfc-ignorant.org
ipwhois.rfc-ignorant is really really inadequate for spam filtering. use
it in a score based system (it is already used in spamassassin) instead.
consider using zen.spamhaus.org instead of cbl+sbl+pbl (zen contains
these and njabl-proxy).
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_restrictions = permit_mynetworks, reject_rhsbl_sender
> dsn.rfc-ignorant.org, permit_sasl_authenticated,
> reject_sender_login_mismatch
> smtpd_soft_error_limit = 60
> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
> smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
> smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> transport_maps = hash:/etc/postfix/transport
> virtual_alias_maps = pgsql:/etc/postfix/sql-forwards.cfg
>
>
> Hope someone can help!
>
> Sincerely,
>
> Frodo Larik
>
>
>
| Prev-Msg | Prev-Thread | Postfix-users | Sep-2007 | Next-Thread | Next-Msg |