On Tue, 1 Apr 2008 21:54:50 +0200 Alexei Troussov <[EMAIL PROTECTED]> wrote:
> Hi, > > > Generally speaking, when you give someone config files or log snippets > > don't do this; you don't gain much security-wise, but you can change > > by mistake something relevant to the problem being debugged. > > It's a simple search-replace, wouldn't hurt I guess... > Anyway I always double-check it. Sorry for my being paranoiac :) Whatever; I know enough people who will stop reading your email at that stage. Also please try to format your mails not to wrap logs or program output, it's hell to read it. > > ..skipped... > > And try again. > > I did all changes you asked and now it gives that log: > ------------begin----------- > #tail -f /var/log/maillog > Apr 1 21:25:11 erley postfix/smtpd[3655]: connect from > nf-out-0910.google.com[64.233.182.190] > Apr 1 21:25:11 erley postfix/smtpd[3655]: NOQUEUE: filter: RCPT from > nf-out-0910.google.com[64.233.182.190]: <[EMAIL PROTECTED]>: Recipient > address triggers FILTER lmtp:unix:/var/run/dspam.sock; from=<[EMAIL > PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo=<nf-out-0910.google.com> > Apr 1 21:25:11 erley postfix/smtpd[3655]: 6D932516A: > client=nf-out-0910.google.com[64.233.182.190] > Apr 1 21:25:11 erley postfix/cleanup[3658]: 6D932516A: message-id=<[EMAIL > PROTECTED]> > Apr 1 21:25:11 erley postfix/qmgr[3648]: 6D932516A: from=<[EMAIL > PROTECTED]>, size=1925, nrcpt=1 (queue active) > Apr 1 21:25:11 erley dspam[99761]: bailing on error -2 > Apr 1 21:25:11 erley dspam[99761]: received invalid result (!DSR_ISSPAM || > DSR_INNOCENT) : -2 > Apr 1 21:25:11 erley dspam[99761]: process_message returned error -2. > delivering. > Apr 1 21:25:11 erley postfix/smtpd[3660]: connect from localhost[127.0.0.1] > Apr 1 21:25:12 erley postfix/smtpd[3660]: 05BA1517A: > client=localhost[127.0.0.1] > Apr 1 21:25:12 erley postfix/cleanup[3658]: 05BA1517A: message-id=<[EMAIL > PROTECTED]> > Apr 1 21:25:12 erley postfix/qmgr[3648]: 05BA1517A: from=<[EMAIL > PROTECTED]>, size=2113, nrcpt=1 (queue active) > Apr 1 21:25:12 erley postfix/smtpd[3660]: disconnect from > localhost[127.0.0.1] > Apr 1 21:25:12 erley postfix/lmtp[3659]: 6D932516A: to=<[EMAIL PROTECTED]>, > relay=mail.MYDOMAIN.NAME.HERE[/var/run/dspam.sock], delay=0.99, > delays=0.26/0.03/0/0.7, dsn=2.6.0, status=sent (250 2.6.0 <[EMAIL PROTECTED]> > Message accepted for delivery) > Apr 1 21:25:12 erley postfix/qmgr[3648]: 6D932516A: removed > Apr 1 21:25:12 erley postfix/pipe[3662]: 05BA1517A: to=<[EMAIL PROTECTED]>, > relay=cyrus, delay=0.62, delays=0.32/0.03/0/0.27, dsn=2.0.0, status=sent > (delivered via cyrus service) > Apr 1 21:25:12 erley postfix/qmgr[3648]: 05BA1517A: removed > Apr 1 21:25:41 erley postfix/smtpd[3655]: disconnect from > nf-out-0910.google.com[64.233.182.190] > ------------ end ----------- So now the message goes the way it's supposed to go, via dspam. But dspam gives an error. > ------------begin----------- > #ls -l /var/log/dspam/ > total 10 > -rw-rw---- 1 root mail 1 13 янв 22:48 dspam.debug > -rw-rw---- 1 root mail 5657 1 апр 21:40 dspam.messages > -rw-rw---- 1 root mail 1 22 май 2007 sql.errors > #cat dspam.messages > ...contents of the email message I sent.... > ------------ end ----------- > > and message is delivered (again without dspam headers). And what's in dspam.debug ? ;-) >>>> received invalid result (!DSR_ISSPAM || DSR_INNOCENT) : -2 Tell you that dspam can't classify the message; probably it can't find (depending on your seup) the user 'test' or '[EMAIL PROTECTED]' (actually an uid for it). To debug this further I need more info from you. Do you have an 'test' system user ? > PS > I've been reading Postfix docs again about "smtpd_client_restrictions" > options and > noticed that there is no "check_recipient_access", but > "check_client_access" instead. check_client_access type:table Search the specified access database for the client hostname, parent domains, client IP address, or networks obtained by stripping least significant octets. See the access(5) manual page for details. check_recipient_access type:table Search the specified access(5) database for the resolved RCPT TO address, domain, parent domains, or localpart@, and execute the corresponding action. > So I tried to rename that option to "check_recipient_access". So change it back :-) In this case they're having the same result, but in the future you might want to add some client checks maybe. Plus, by changing the regexp in your filter_access file, you can trigger dspam filtering only for some mailboxes. For example: /[EMAIL PROTECTED]/ FILTER lmtp:[127.0.0.1]:24 will only trigger filtering via dspam for this particular address, which lets you use your email while setting-up dspam :) > Sending message gives the same lines: > ... > Apr 1 21:25:11 erley dspam[99761]: bailing on error -2 > Apr 1 21:25:11 erley dspam[99761]: received invalid result (! > DSR_ISSPAM || DSR_INNOCENT) : -2 > Apr 1 21:25:11 erley dspam[99761]: process_message returned error > -2. delivering. > ... > in /var/log/maillog and no dspam headers in delivered message... Of course, now the problem is in dspam and since in this case both postfix configs do the same thing you get the same error in the log. HTH, -- IOnut - Un^d^dregistered ;) FreeBSD "user" "Intellectual Property" is nowhere near as valuable as "Intellect" FreeBSD committer -> [EMAIL PROTECTED], PGP Key ID 057E9F8B493A297B
signature.asc
Description: PGP signature
