 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | Jan-2008 | Next-Thread | Next-Msg |
| Subject: | Re: Catchall setup problem with Virtual domains and cyrus |
| Group: | Postfix-users |
| From: | mouss |
| Date: | 16 Jan 2008 |
> mouss wrote:
>>>>
>>> See the resulting master.cf below.
>>>
>>> I also thought I should explain my setup a little. What I want to
>>> achieve is the
>>> ability to filter some domains while leaving out others because some
>>> customers
>>> may prefer their mail filtered while others may not. I want to
>>> achieve this on
>>> one machine. I don't want to setup two separate boxes nor two
>>> instances of
>>> postfix. I read that all I need is to use the /etc/postfix/access
>>> file with
>>> entries like these:
>>>
>>> domains1.tld FILTER smtp-amavis:[127.0.0.1]:10024
>>> domain2.tld OK
>>> domain3.tld FILTER smtp-amavis-mailzu:[127.0.0.1]:10026
>>> e.t.c.
>>
>>
>> As Magnus says, this doesn't work with multi recipient mail. For every
>> message, only one filter is used. FILTER sets the filter (it does not
>> run it) so the last FILTER wins (the last recipient).
>>
>> to do per recipient filtering, use multiple instances and use
>> transport_maps instead of content_filter and FILTER. multiple
>> instances are needed because transport_maps are global.
>>
>>>
>>> Is it possible to achieve this without setting the "-o
>>> receive_override_options=no_address_mappings" in the smtp section of
>>> the master.cf?
>>>
>>
>> no_address_mapping disables rewrite (in particular, virtual alias
>> expansion). It has nothing to do with filtering. The filter is
>> selected before rewrite.
>>
>>
>>>>
>>> My master.cf
>>> ----------------------------------------------------------------
>>> smtp inet n - n - 250 smtpd
>>
>> you need
>> -o receive_override_options=no_address_mappings
>> here. you must disable rewrite except in one smtpd in a chain.
>> otherwise, virtual aliases will be expanded multiple times, which may
>> result in duplicate mail. think of a virtual alias like this:
>>
>> foo => foo, bar
>>
>> if this is expanded twice, bar will get the message twice.
>>
>>> smtps inet n - n - - smtpd
>>> -o smtpd_tls_wrappermode=yes
>>> -o smtpd_sasl_auth_enable=yes
>>
>> here too
>>
>>> submission inet n - n - - smtpd
>>> -o smtpd_enforce_tls=yes
>>> -o smtpd_sasl_auth_enable=yes
>>
>> probably here too.
>>>
>>> cleanup unix n - n - 0 cleanup
>>> -o mime_header_checks=
>>> -o nested_header_checks=
>>> -o body_checks=
>>> -o header_checks=
>>> -o header_checks=pcre:/etc/postfix/header_checks2
>>
>> remove the options of cleanup here and put them in main.cf.
>>
>>> mailman unix - n n - - pipe
>>> flags=FR user=mailman:mailman
>>> argv=/etc/postfix/postfix-to-mailman-2.1.py ${nexthop} ${user}
>>>
>>
>> do the suggested modifications, try again. if "it doesn't work", show
>> the corresponding logs and the new master.cf (yes, again, because logs
>> can only be analyzed with the corresponding setup).
>>
>> PS. Take a look at amavisd-new README.postfix.
> amavisd-new README.postfix suggests that:
>
> "... Any transformations and checks done by a cleanup service are thus
> performed twice. In simpler
> setups this does not matter much, but in more demanding situations one
> needs to consider which cleanup instance should perform which task. ...."
>
This mostly means that you should not do recipient validation, smtpd
restrictions, header checks... twice. receive_override_options solves
the problem for recipient validation and header checks. -o
smtpd_mumble_restrictions solve the problem for smtpd restrictions.
Before receive_override_options was added, it was necessary to "unset"
recipient maps.
I see that you read
http://www.ijs.si/software/amavisd/README.postfix.old
you can also take a look at the new one:
http://www.ijs.si/software/amavisd/README.postfix.html
> This is the relevant master.cf section they suggest and is waht I'am now
> using and seems to work; I have shown it below :
>
> 127.0.0.1:10025 inet n - y/n - - smtpd
> -o content_filter=
> -o smtpd_restriction_classes=
> -o smtpd_delay_reject=no
> -o smtpd_client_restrictions=permit_mynetworks,reject
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o smtpd_data_restrictions=reject_unauth_pipelining
> -o smtpd_end_of_data_restrictions=
> -o mynetworks=127.0.0.0/8
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
> -o smtpd_client_connection_count_limit=0
> -o smtpd_client_connection_rate_limit=0
> -o smtpd_milters=
> -o local_header_rewrite_clients=
> -o local_recipient_maps=
you can remove this.
> -o relay_recipient_maps=
and this too.
> -o
> receive_override_options=no_header_body_checks,no_unknown_recipient_checks
>
> What does the lines below do with respect to virtual aliases expansion?
> -o local_header_rewrite_clients=
This is about headers. virtual aliases are about envelope recipients.
> -o local_recipient_maps=
> -o relay_recipient_maps=
These disable the corresponding maps, and thus disable recipient
validation for local and relay domains. This was needed before the
no_unknown_recipient_checks was added. you can remove them.
>
> Due to legacy reasons my clients have always used the same server and IP
> for sending out email and as an MX for their domains hence making
> changes is always and uphill task.
you can set up a test instance and play with it before commiting changes
to the normal one.
>
> Lastly why was the FILTER feature added ? Where is it ideal to use?
you can select different filters based on client, sender or whether the
user was authenticated. a common use is to avoid spam scanning for
outbound mail (authenticated or from mynetworks).
| Prev-Msg | Prev-Thread | Postfix-users | Jan-2008 | Next-Thread | Next-Msg |