On Wed, 15 Jan 2020 at 17:43, Jaroslaw Rafa <r...@rafa.eu.org> wrote:
> Does Amavis actually connect to 127.0.0.1 when injecting mail back to
> Postfix? If yes, then maybe you don't have 127.0.0.1 in $mynetworks
>
> It can also be that Amavis doesn't connect to 127.0.0.1, but to some other
> IP on your server - then you need to put that IP in $mynetworks too, or
> reconfigure Amavis so that it connects to 127.0.0.1
On Wed, 15 Jan 2020 at 16:50, Simon B <simon.buongio...@gmail.com> wrote:
I don't know where else it could connect... In master.cf it is defined
119 #The amavis reciever
120 127.0.0.1:10025 inet n - - - - smtpd
I would temporarily add:
-o syslog_name=postfix/amavis
to verify in logs that the mail was received via this port
(localhost:10025 is the builtin default in amavis).
> If it works with "permit", it should also work with "permit_mynetworks",
> provided that the value of $mynetworks includes the actual IP Amavis is
> connecting to.
it should, but it isn't - hence the reason I have asked here for help.
# postconf -n | grep -n mynetworks
36:mynetworks = 127.0.0.0/8, [::1]/128
37:mynetworks_style = host
note that mynetworks is overridden by -o option in master.cf:
118 #The amavis reciever
119 127.0.0.1:10025 inet n - - - - smtpd
120 -o content_filter=
121 -o local_recipient_maps=
122 -o relay_recipient_maps=
123 -o smtpd_restriction_classes=
124 -o smtpd_client_restrictions=permit_mynetworks,reject_plaintext_session
125 -o smtpd_helo_restrictions=permit_mynetworks
126 -o smtpd_sender_restrictions=
127 -o smtpd_recipient_restrictions=permit_mynetworks,reject
128 -o mynetworks=127.0.0.0/8
129 -o strict_rfc821_envelopes=yes
130 -o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
131 -o smtp_bind_address=127.0.0.1
so, either this config does not apply (e.g. you forgot whitespace at the
beginninf of one of those lines), or there's something strange
On Wed, 15 Jan 2020 at 18:00, Dominic Raferd <domi...@timedicer.co.uk> wrote:
Try removing 'mynetworks' from definitions since it overwrites
'mynetworks_style=host' which should already restrict the definition of
mynetworks to the local machine (and might do so in a more correct way?)
yes, however that should be completely irelevant since only localhost can
connect to 127.0.0.1:10025
Try adding 'reject' after 'permit_mynetworks' at the end of one of the
restriction lists (for smtpd-from-amavis) e.g. smtpd_client_restrictions
- this gives you the full protection
irelevant because of the same reason.
On 15.01.20 18:32, Simon B wrote:
Thanks. That works and meets our objectives.
the downside is we still don't know what is (or was) wrong.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."