Hi,
After switching to rspamd (was amavis+spamassassin), virtual_alias_maps seems
to be ignored
(mail to aliases address are bounced with "user unknown"), and I don't find why…
1) Before (all is fine with virtual_alias_maps)
content_filter=amavis:[127.0.0.1]:10024
milter_protocol = 3
smtpd_milters =
unix:run/opendkim/opendkim.sock,unix:run/opendmarc/opendmarc.sock
non_smtpd_milters = $smtpd_milters
milter_connect_macros = j
2) after (virtual_alias_maps ignored)
# content_filter=amavis:[127.0.0.1]:10024
milter_protocol = 6
milter_default_action = tempfail
smtpd_milters = inet:localhost:11332
non_smtpd_milters = $smtpd_milters
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
All others lines are identicals, especially
virtual_alias_maps =
mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-sympa-virtual_alias_maps.cf
Any clue ?
Thanks
Here is a log of a mail ok with 1)
postfix/pickup[25504]: 18D8F222ED4: uid=0 from=<root>
postfix/cleanup[27187]: 18D8F222ED4:
message-id=<20210118105545.18d8f222...@mail.sesamath.net>
opendkim[5572]: 18D8F222ED4: DKIM-Signature field added (s=mail, d=sesamath.net)
postfix/qmgr[25505]: 18D8F222ED4: from=<r...@sesamath.net>, size=654, nrcpt=1
(queue active)
postfix/smtpd[27196]: 4822622194E: client=localhost[127.0.0.1]
postfix/cleanup[27187]: 4822622194E:
message-id=<20210118105545.18d8f222...@mail.sesamath.net>
postfix/qmgr[25505]: 4822622194E: from=<root-m...@sesamath.net>, size=1483,
nrcpt=1 (queue active)
amavis[20707]: (20707-14) Passed CLEAN {RelayedInbound}, [127.0.0.1]
<root-m...@sesamath.net> -> <root-m...@sesamath.net>, Message-ID:
<20210118105545.18d8f222...@mail.sesamath.net>, mail_id: kvP9WKxhumWJ, Hits:
-1.791, size: 988, queued_as: 4822622194E, 211 ms
postfix/smtp[27192]: 18D8F222ED4: to=<r...@sesamath.net>, orig_to=<root>,
relay=127.0.0.1[127.0.0.1]:10024, delay=0.28, delays=0.07/0/0/0.21, dsn=2.0.0,
status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued
as 4822622194E)
postfix/qmgr[25505]: 18D8F222ED4: removed
postfix/pipe[27197]: 4822622194E: to=<t...@sesamath.net>,
orig_to=<root-m...@sesamath.net>, relay=dovecot, delay=0.15,
delays=0.03/0/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
postfix/qmgr[25505]: 4822622194E: removed
and the same test ko with 2)
postfix/pickup[24882]: 6DD04222ED4: uid=0 from=<root>
postfix/cleanup[24914]: 6DD04222ED4:
message-id=<20210118103925.6dd04222...@mail.sesamath.net>
postfix/qmgr[24883]: 6DD04222ED4: from=<r...@sesamath.net>, size=383, nrcpt=1
(queue active)
postfix/pipe[24920]: 6DD04222ED4: to=<r...@sesamath.net>, orig_to=<root>,
relay=dovecot, delay=0.14, delays=0.09/0.01/0/0.05, dsn=5.1.1, status=bounced
(user unknown)
postfix/bounce[24922]: 6DD04222ED4: sender non-delivery notification:
87950222EDA
postfix/qmgr[24883]: 6DD04222ED4: removed
Just in case, the full postconf -n
1)
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
append_dot_mydomain = no
biff = no
bounce_template_file = /etc/postfix/bounce_templates.cf
broken_sasl_auth_clients = yes
compatibility_level = 2
content_filter = amavis:[127.0.0.1]:10024
default_destination_concurrency_limit = 5
default_destination_rate_delay = 1s
default_destination_recipient_limit = 30
delay_warning_time = 1h
dovecot_destination_recipient_limit = 1
header_checks = pcre:/etc/postfix/header_checks.pcre
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
laposte_destination_concurrency_limit = 1
laposte_destination_rate_delay = 1s
laposte_destination_recipient_limit = 1
milter_connect_macros = j
milter_protocol = 3
mydestination = $myhostname
mydomain = sesamath.net
myhostname = mail.sesamath.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16
mynetworks_style = subnet
myorigin = $mydomain
non_smtpd_milters = $smtpd_milters
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = _
relay_domains = $mydestination
relayhost =
sender_dependent_relayhost_maps =
regexp:/etc/postfix/sender_dependent_relayhost_maps.regexp
slow_destination_concurrency_limit = 2
slow_destination_recipient_limit = 5
smtp_generic_maps = hash:/etc/postfix/smtp_generic_maps.hash
smtp_tls_fingerprint_digest = sha256
smtp_tls_loglevel = 2
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_connection_rate_limit = 30
smtpd_client_message_rate_limit = 30
smtpd_client_recipient_rate_limit = 30
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unknown_reverse_client_hostname reject_unknown_client_hostname
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_milters =
unix:run/opendkim/opendkim.sock,unix:run/opendmarc/opendmarc.sock
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination reject_unknown_recipient_domain
reject_non_fqdn_recipient reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client psbl.surriel.com check_policy_service unix:private/spfcheck
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql-smtpd_sender_login_maps-user.cf,
mysql:/etc/postfix/mysql-smtpd_sender_login_maps-alias.cf,
mysql:/etc/postfix/mysql-smtpd_sender_login_maps-sender.cf
smtpd_sender_restrictions = reject_unknown_sender_domain, permit_mynetworks,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_authenticated_sender_login_mismatch
smtpd_starttls_timeout = 30s
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.sesamath.net/fullchain.pem
smtpd_tls_fingerprint_digest = sha256
smtpd_tls_key_file = /etc/letsencrypt/live/mail.sesamath.net/privkey.pem
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtputf8_enable = no
strict_rfc821_envelopes = yes
sympa_destination_recipient_limit = 1
sympabounce_destination_recipient_limit = 1
transport_maps = mysql:/etc/postfix/mysql-transport_maps.cf,
hash:/etc/postfix/transport_maps.hash
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
mysql:/etc/postfix/mysql-sympa-virtual_alias_maps.cf
virtual_gid_maps = static:3002
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains.list
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:3002
2)
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
append_dot_mydomain = no
biff = no
bounce_template_file = /etc/postfix/bounce_templates.cf
broken_sasl_auth_clients = yes
compatibility_level = 2
config_directory = test.rspamd
default_destination_concurrency_limit = 5
default_destination_rate_delay = 1s
default_destination_recipient_limit = 30
delay_warning_time = 1h
dovecot_destination_recipient_limit = 1
header_checks = pcre:/etc/postfix/header_checks.pcre
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
laposte_destination_concurrency_limit = 1
laposte_destination_rate_delay = 1s
laposte_destination_recipient_limit = 1
milter_default_action = tempfail
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
mydestination = $myhostname
mydomain = sesamath.net
myhostname = mail.sesamath.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16
mynetworks_style = subnet
myorigin = $mydomain
non_smtpd_milters = $smtpd_milters
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = _
relay_domains = $mydestination
relayhost =
sender_dependent_relayhost_maps =
regexp:/etc/postfix/sender_dependent_relayhost_maps.regexp
slow_destination_concurrency_limit = 2
slow_destination_recipient_limit = 5
smtp_generic_maps = hash:/etc/postfix/smtp_generic_maps.hash
smtp_tls_fingerprint_digest = sha256
smtp_tls_loglevel = 2
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_connection_rate_limit = 30
smtpd_client_message_rate_limit = 30
smtpd_client_recipient_rate_limit = 30
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unknown_reverse_client_hostname reject_unknown_client_hostname
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_milters = inet:localhost:11332
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination reject_unknown_recipient_domain
reject_non_fqdn_recipient reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client psbl.surriel.com check_policy_service unix:private/spfcheck
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql-smtpd_sender_login_maps-user.cf,
mysql:/etc/postfix/mysql-smtpd_sender_login_maps-alias.cf,
mysql:/etc/postfix/mysql-smtpd_sender_login_maps-sender.cf
smtpd_sender_restrictions = reject_unknown_sender_domain, permit_mynetworks,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_authenticated_sender_login_mismatch
smtpd_starttls_timeout = 30s
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.sesamath.net/fullchain.pem
smtpd_tls_fingerprint_digest = sha256
smtpd_tls_key_file = /etc/letsencrypt/live/mail.sesamath.net/privkey.pem
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtputf8_enable = no
strict_rfc821_envelopes = yes
sympa_destination_recipient_limit = 1
sympabounce_destination_recipient_limit = 1
transport_maps = mysql:/etc/postfix/mysql-transport_maps.cf,
hash:/etc/postfix/transport_maps.hash
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
mysql:/etc/postfix/mysql-sympa-virtual_alias_maps.cf
virtual_gid_maps = static:3002
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains.list
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:3002
master.cf is the same in both case (I'll remove amavis section when rspamd will
be fine)
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - y - 50 smtpd
submission inet n - y - 20 smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - 50 smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup fifo n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - 10 smtp
slow unix - - - - 3 smtp
laposte unix - - - - 1 smtp
relay unix - - y - 10 smtp
-o smtp_fallback_relay=
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -a
${recipient} -d ${user}@${nexthop} -m ${extension}
spfcheck unix - n n - 0 spawn
user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl
# sympa mailing list manager
sympa unix - n n - - pipe
flags=R user=sympa argv=/usr/lib/sympa/lib/sympa/queue ${recipient}
sympabounce unix - n n - - pipe
flags=R user=sympa argv=/usr/lib/sympa/lib/sympa/bouncequeue ${recipient}
# for content_filter=amavis in main.cf
amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
-o max_use=100
# amavis return
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
--
Daniel
Nous n'héritons pas la terre de nos ancêtres,
nous l'empruntons à nos enfants.
Seattle (chef indien)
