Dan wrote:
Hi,
I'm currently setting up a small server that will run postfix+dspam (latest
CVS). Actually I'm finished with setting it up, but there's a few issues
right now where I am not sure what to do next. Partially this may be more
postfix related, but there's also a big part dspam related, hence I'll try
my luck on this list ;-)
In the past I had dspam called via procmail for each user, but this turned
out to be too much hassle once there were more than a few users. Also I
wanted to have a virtual user setup in postfix. So I've now inserted dspam
via a content filter into postfix. The issue is now with
redirected/forwarded email addresses. I am not quite sure whether dspam
scans the mail twice in that case, and also for emails forwarded to an
external address, it seems to create a new virtual user for the external
address.
Let's take as example an incoming email to [EMAIL PROTECTED] which is
redirected this way to [EMAIL PROTECTED] (local). In the logs I see:
smtpd[1441]: connect from some.ip
smtpd[1441]: NOQUEUE: filter: RCPT from some.ip: <[EMAIL PROTECTED]>:
Recipient address triggers FILTER
dspam:unix:/var/run/dspam/dspam.sock;
from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo=<
some.ip>
so you are using a check_recipient_access to select the FILTER. are you
aware that this doesn't work as intended with multi-recipient mail? only
one filter will be used, and the last FILTER statement wins.
smtpd[1441]: 459BF30A63: client=some.ip
cleanup[1449]: 459BF30A63: message-id=<[EMAIL PROTECTED]>
qmgr[2179]: 459BF30A63: from=<[EMAIL PROTECTED]>, size=559, nrcpt=1 (queue
active)
smtpd[1441]: disconnect from some.ip
smtpd[1453]: connect from unknown[127.0.0.1]
smtpd[1453]: 6C1C830A75: client=unknown[127.0.0.1]
cleanup[1449]: 6C1C830A75: message-id=<[EMAIL PROTECTED]>
qmgr[2179]: 6C1C830A75: from=<[EMAIL PROTECTED], size=1776, nrcpt=1 (queue
active)
virtual[1454]: 6C1C830A75: to=<[EMAIL PROTECTED]>, relay=virtual, delay=0.18
,
delays=0.14/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to
maildir)
qmgr[2179]: 6C1C830A75: removed
smtpd[1453]: disconnect from unknown[127.0.0.1]
lmtp[1451]: 459BF30A63: to=<[EMAIL PROTECTED]>,
relay=myserver.com[/var/run/dspam/dspam.sock], delay=1.5,
delays=1.2/0.01/0/0.26, dsn=2.6.0, status=sent
(250 2.6.0 <[EMAIL PROTECTED]> Message accepted for delivery)
qmgr[2179]: 459BF30A63: removed
Apart from the fact that I do not like this huge amount of logs for one
email, I interpret the logs that the mail is routed through dspam twice -
once for [EMAIL PROTECTED] and once for [EMAIL PROTECTED] - or am I reading
this wrong?
It's only going once (the ltmp[1451] line).
Also, when changing [EMAIL PROTECTED] to be redirected to e.g.
[EMAIL PROTECTED] (i.e. external address), I afterwards see
[EMAIL PROTECTED] in the output of dspam_stats. This is actually quite
annoying, as I'll have a few addresses where the incoming mail is split into
multiple (2-4) emails to different (external) addresses, and I would rather
that dspam would not handle them (and esp not store them). Any ideas how
this could be done? I see how it makes sense if the new address is local,
but for external addresses I think this doesn't really make sense (they will
have their own spam filter at their site).
you can remove the auto_increment from dspam virtual uids table, and
fill it manually.
alternatively, if you don't want to filter outbound mail, then don't set
a filter for outbound mail. for mail submitted via sendmail, just add
"-o content_filter=" under the pickup service in master.cf. for mail
submitted via smtp, you can do something like this
smtpd_sender_restrictions =
check_client_access pcre:/etc/postfix/filter_outbound
permit_mynetworks
permit_sasl_authenticated
check_client_access pcre:/etc/postfix/filter_inbound
== filter_outbound
/./ FILTER dummy:
== filter_inbound
/./ FILTER dspam:
note however that any FILTER returned by subsequent checks will override
the above. once again, only one filter is set for a message. so the last
FILTER statement wins.
P.S.: Frankly I am not quite sure I understand correctly what's going on
here (the more I think about it, hehe). For example, dspam_stat does not
have any stats about the [EMAIL PROTECTED] address. This would make me think
that the mail is only going through dspam once, after the forward is already
resolved (though the above log excerpt doesn't really show it).
dspam never sees the [EMAIL PROTECTED] address, since it is rewritten by
postfix before mail is handed to the content filter.
More setup details below.
Thanks in advance for any helpful reply.
Dan
dspam is compiled with:
'--enable-daemon' '--with-storage-driver=mysql_drv'
'--enable-preferences-extension' '--enable-clamav' '--enable-virtual-users'
'--enable-long-usernames' '--enable-spam-delivery' '--enable-opt-out'
'--enable-large-scale'
and included as a content filter into postfix:
postfix/main.cf
smtpd_recipient_restrictions = ... check_recipient_access
pcre:/etc/postfix/dspam_incoming ....
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
mysql:/etc/postfix/mysql-virtual_email2email.cf
/etc/postfix/dspam_incoming
/./ FILTER dspam:unix:/var/run/dspam/dspam.sock
/etc/dspam.conf
DeliveryHost 127.0.0.1
DeliveryPort 10025
DeliveryIdent localhost
DeliveryProto SMTP
and of course a matching 127.0.0.1:10025 entry in postfix's master.cf
Postfix works with mysql-stored virtual users:
/postfix/mysql-virtual_forwardings.cf
user = mail
password = thisisnottherealpwd
dbname = mail
query = SELECT destination FROM forwardings WHERE source='%s'
hosts = localhost
