postfix -> amavis problem


Raze

New Member
Hallo,

folgendes ist konfiguriert, und funktioniert auch problemlos:

transport
Code:
domain smtp:externeIP

Zwischenschalten möchte ich nun noch Amavis fürs Filtering.

Das System an sich greift auf eine MySQL basierte VUser realisierung zurück, wo natürlich für die Domain keine Benutzer eingerichtet sind.

postconf -n
Code:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60
bounce_queue_lifetime = 6h
bounce_template_file = /etc/postfix/bounce.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
default_process_limit = 200
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} - see http://$rbl_domain or http://postmaster.easyklix2.de/rbl/$rbl_what/$rbl_domain
header_checks = pcre:/etc/postfix/header_checks.pcre
home_mailbox = .maildir/
html_directory = /usr/share/doc/postfix-2.4.5/html
inet_interfaces = all
mail_owner = postfix
mailbox_size_limit = 1073741824
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 4d
message_size_limit = 134217728
myhostname = HOST
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
proxy_read_maps = $local_recipient_maps,    $mydestination,    $virtual_alias_maps,    $virtual_uid_maps,    $virtual_gid_maps,    $virtual_alias_domains,    $virtual_mailbox_maps,    $virtual_mailbox_domains,    $relay_recipient_maps,    $relay_domains,    $canonical_maps,    $sender_canonical_maps,    $recipient_canonical_maps,    $relocated_maps,    $mynetworks
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.4.5/readme
relay_domains = DOMAIN
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_connect_timeout = 10
smtp_helo_timeout = 60
smtpd_client_connection_count_limit = 25
smtpd_client_connection_rate_limit = 120
smtpd_data_restrictions = permit_mynetworks,    permit_sasl_authenticated,    reject_multi_recipient_bounce,    reject_unauth_pipelining
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,    permit_sasl_authenticated,    reject_invalid_helo_hostname,    reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks,    permit_sasl_authenticated,    reject_unlisted_recipient,    check_policy_service unix:private/whitelist,    check_recipient_access mysql:/etc/postfix/virtual_blacklist_maps.cf,    check_recipient_access mysql:/etc/postfix/virtual_rfc_recipient_maps.cf,    check_policy_service inet:127.0.0.1:10031,    check_recipient_access mysql:/etc/postfix/virtual_amavis_maps.cf,    reject_unauth_destination
smtpd_reject_unlisted_sender = no
smtpd_restriction_classes = check_blacklist,    check_rfc_recipient
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks,    permit_sasl_authenticated,    reject_non_fqdn_sender,    reject_unknown_sender_domain
smtpd_soft_error_limit = 10
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
virtual_gid_maps = proxy:mysql:/etc/postfix/virtual_gid_maps.cf
virtual_mailbox_base = /
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_domains_maps.cf
virtual_mailbox_limit = 1073741824
virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_minimum_uid = 100
virtual_transport = maildrop
virtual_uid_maps = proxy:mysql:/etc/postfix/virtual_uid_maps.cf

Die DOC-Pfade spiegeln nicht die wirkliche Version wieder, update ich nur nie:rolleyes: Postfix 2.5.7 ist installiert.

master.cf
Code:
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       200     smtpd
submission inet n       -       n       -       -       smtpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
smtp-amavis     unix    -       -       n       -       2       smtp
    -o smtp_data_done_timeout=1200
    -o receive_override_options=no_address_mappings
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
127.0.0.1:10025 inet    n       -       n       -       -       smtpd
    -o content_filter=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o smtpd_restriction_classes=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_unknown_recipient_checks,no_milters
    -o local_header_rewrite_clients=
scache    unix  -       -       n       -       1       scache
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop        unix    -       n       n       -       -       pipe
        flags=DRhu user=mail argv=/usr/bin/maildrop -d ${recipient}
#
# whitelist checks
#
whitelist       unix    -       n       n       -       -       spawn
  user=nobody   argv=/usr/libexec/postfix/whitelist
#
# Autoresponder
#
autoreply       unix    -       n       n       -       -       pipe
  flags=F user=nobody argv=/usr/libexec/postfix/autoresponder $sender $recipient

Wie bekomm ichs nun hin, den Amavis da zwischen zu schalten, ohne den Umweg über die DB? Ich steh da grad böse aufm Schlauch.

Edit:

content_filter=smtp-amavis:[127.0.0.1]:10024 in die main.cf rein, und gut .. soviel zum schlauch stehen. Allerdings geht nun zwangsweise ALLES durch amavis, was unschön ist. An einer Lösung, nur das durch Amavis zu schicken, was auch so per MySQL-Implementation eingestellt ist, wäre ich sehr interessiert ;)
 
Last edited by a moderator:
Allerdings geht nun zwangsweise ALLES durch amavis, was unschön ist. An einer Lösung, nur das durch Amavis zu schicken, was auch so per MySQL-Implementation eingestellt ist, wäre ich sehr interessiert ;)

Einfach in die Datenbanktabelle ein weiteres Feld einfügen und amavis dann über smtpd_sender_restrictions bzw. smtpd_recipient_restrictions einbinden.
 

Back
Top