W dniu 16.05.2022 o 13:10, Wietse Venema pisze:
natan:
Hi
I have probably trivial problem - but I cannot resolv
I have two server
1)for outgoing
2)for incoming (typical mx)
For test i create in (incoming server) body_checks.pcre:
/alakot/ REJECT spam2bok bla bla
If i send e-mail from external (gmail, yahoo) I get info from
Mailer-Daemon about REJECT - works fine
but if i send from my domain I dont get Mailer-Daemon:
May 16 12:08:38 MX-node1 postfix/cleanup[45210]: 4L1w1y6WBVz1DDmK:
reject: body alakot from smtp....[xxx.xxx.xxx.xxx];
from=<na...@domain.ltd> to=<na...@domain.ltd> proto=ESMTP
helo=<smtp.domain.ltd>: 5.7.1 spam2bok bla bla
May 16 12:08:39 Mx1-node1 postfix/cleanup[45282]: 4L1w1z0zmpz1DDmn:
reject: body alakot from smtp....[xxx.xxx.xxx.xxxx]; from=<>
to=<na...@domain.ltd> proto=ESMTP helo=<smtp.domain.ltd>: 5.7.1 spam2bok
bla bla
Is this correct beacuse body_check check "second time" when incoming return
Any idea to whitlist ?
You included no "postconf -n" settings, so I will wast some bandwidth
with random text.
Wietse
internal_mail_filter_classes (default: empty)
What categories of Postfix-generated mail are subject to before-queue
content inspection by non_smtpd_milters, HEADER_CHECKS and body_checks.
Specify zero or more of the following, separated by whitespace or
comma.
BOUNCE INSPECT THE CONTENT OF DELIVERY STATUS NOTIFICATIONS.
notify Inspect the content of postmaster notifications by the smtp(8)
and smtpd(8) processes.
NOTE: It's generally not safe to enable content inspection of Post-
fix-generated email messages. The user is warned.
This feature is available in Postfix 2.3 and later.
sorry
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
bounce_queue_lifetime = 5h
broken_sasl_auth_clients = yes
compatibility_level = 2
default_destination_concurrency_limit = 100
default_destination_recipient_limit = 100
default_process_limit = 850
delay_warning_time = 0h
disable_vrfy_command = yes
enable_long_queue_ids = yes
header_checks = pcre:/etc/postfix/header_checks.pcre
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
lmtp_destination_concurrency_limit = 100
lmtp_destination_recipient_limit = 1
lpolicyd = check_policy_service { unix:private/policyd-lemat3,
timeout=4s, default_action=DUNNO }
mailbox_size_limit = 0
max_idle = 1200s
max_use = 150
maximal_queue_lifetime = 24h
message_size_limit = 146800640
myhostname = mx-node1.domain.ltd
mynetworks = 127.0.0.0/8, xxx.xxx.xxx.xxx/32
myorigin = /etc/mailname
policy-spf_time_limit = 3600
postscreen_access_list = permit_mynetworks
cidr:/etc/postfix/postscreen_access.cidr
cidr:/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_blacklist_action = ignore
proxy_read_maps = $canonical_maps $lmtp_generic_maps
$local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps
$recipient_canonical_maps $relay_domains $relay_recipient_maps
$relocated_maps $sender_bcc_maps $sender_canonical_maps
$smtp_generic_maps $smtpd_sender_login_maps $transport_maps
$virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains
$virtual_mailbox_maps $smtpd_sender_restrictions
$sender_dependent_relayhost_maps
proxy:mysql:/etc/postfix/mysql_whitelist_recipient.cf
readme_directory = no
recipient_delimiter = +
smtp-amavis_destination_recipient_limit = 1
smtp_connection_reuse_time_limit = 400s
smtp_data_done_timeout = 1600s
smtp_rcpt_timeout = 900s
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_connection_count_limit = 200
smtpd_client_restrictions = check_client_access
cidr:/etc/postfix/client_checks, check_client_access
cidr:/etc/postfix/amavis_bypass, reject_unauth_pipelining, permit
smtpd_data_restrictions = check_policy_service { inet:127.0.0.1:10040
timeout=2s, default_action=DUNNO } reject_unauth_pipelining,
reject_multi_recipient_bounce, permit
smtpd_enforce_tls = no
smtpd_hard_error_limit = 50
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
pcre:/etc/postfix/helo_access.pcre reject_unauth_pipelining,
reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
smtpd_proxy_timeout = 240s
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/bad_recipients, reject_unauth_pipelining,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain, permit_mynetworks,
permit_sasl_authenticated, check_client_access
hash:/etc/postfix/whitelista, reject_unauth_destination, lpolicyd,
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
check_recipient_access mysql:/etc/postfix/mysql_whitelist_recipient.cf,
reject_invalid_hostname, check_sender_mx_access
cidr:/etc/postfix/mx_access.cidr, check_policy_service
unix:private/policy-spf, reject_unlisted_recipient, check_client_access
cidr:/etc/postfix/rbl_override, reject_rbl_client
b.barracudacentral.org, reject_rbl_client dynamic.rbl.tld,
reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org, reject_rbl_client dnsbl.sorbs.net, permit
smtpd_restriction_classes = lpolicyd
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks check_sender_access
pcre:/etc/postfix/sender_checks.pcre reject_unknown_sender_domain
reject_unknown_reverse_client_hostname, reject_non_fqdn_sender
reject_unknown_address, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 20
smtpd_tls_CAfile = /etc/pki/tls/certs/cert.crt
smtpd_tls_cert_file = /etc/pki/tls/certs/cert.pem
smtpd_tls_key_file = /etc/pki/tls/private/cert.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 600s
smtpd_use_tls = yes
smtputf8_enable = no
strict_rfc821_envelopes = yes
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
virtual_alias_expansion_limit = 2800
virtual_alias_maps = $virtual_mailbox_maps,
proxy:mysql:/etc/postfix/mysql/mysql_virtual_aliases.cf,
proxy:mysql:/etc/postfix/mysql/mysql_virtual_forward.cf,
proxy:mysql:/etc/postfix/mysql/mysql_catchall.cf
virtual_gid_maps = static:300
virtual_mailbox_domains = proxy:mysql:/etc/postfix/map.sql
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql/mysql_virtual_mailbox2.cf
virtual_minimum_uid = 300
virtual_transport = lmtp:inet:xxx.xxx.xxx.2:24
virtual_uid_maps = static:300
--
