Re: Disclaimer with always_bcc and config problems
On 2011-09-12 06:21, Alex wrote: Hi, I'm trying to configure a disclaimer footer using altermime with postfix-2.7.5, amavisd-new-2.6.4. I've tried to follow the examples for creating a new filter, but the messages appear to be being reinjected at the wrong spot and are being delivered multiple times to the always_bcc recipient. I thought I could outline my current config, and someone could help me to find what I'm missing. I have about twenty virtual domains, but it would be okay to use the same disclaimer footer text for each domain. I'd also like to be sure SASL authenticated clients are permitted as well. I'm not sure this configuration will only work with my domains, and only on outbound mail. How is this controlled? By limiting the scope of the setting to one or more individual daemons. Settings in main.cf affect all instances of any particular daemon. If you need this controlled per domain, either use a recipient access map with a FILTER action to select among multiple filters, or take care of the domain in the content_filter. For 20 domains, adding 20 filters is probably not the easiest solution. Just parse the domain part in your content_filter and act appropriately. smtp inet n - n - - smtpd -o receive_override_options=no_address_mappings -o content_filter=filter:dummy I would suggest not naming an actual filter something as generic as "filter" - use "footer" instead, in this case. Also, smtP(8) does not receive mail, so this is not the correct place to apply these settings - they achieve nothing. submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o receive_override_options=no_address_mappings -o content_filter=filter:dummy They do here, since submission is an smtpD(8) listener. The intended recipient receives a copy of the message, but the always_bcc user receives the message multiple times. Yes; always_bcc is invoked on receiving mail. If you re-inject mail (as you must after it is passed off to a content_filter), it is received for the second time. Everything in main.cf is applied anew, including always_bcc. The re-injection listener (which should NOT be the same daemon as your normal smtpd(8) listener!) should not apply always_bcc, so set your receive_override_options there. You should also be very, very careful about bouncing mail to your always_bcc address - consider what the result is. In practical terms, the recipient in always_bcc should never bounce, or you will have problems. -- J.
Re: Disclaimer with always_bcc and config problems
Le 13/09/2011 00:04, Jeroen Geilman a écrit : > On 2011-09-12 06:21, Alex wrote: >> Hi, >> >> I'm trying to configure a disclaimer footer using altermime with >> postfix-2.7.5, amavisd-new-2.6.4. I've tried to follow the examples >> for creating a new filter, but the messages appear to be being >> reinjected at the wrong spot and are being delivered multiple times to >> the always_bcc recipient. >> >> I thought I could outline my current config, and someone could help me >> to find what I'm missing. I have about twenty virtual domains, but it >> would be okay to use the same disclaimer footer text for each domain. >> I'd also like to be sure SASL authenticated clients are permitted as >> well. >> >> I'm not sure this configuration will only work with my domains, and >> only on outbound mail. How is this controlled? > > By limiting the scope of the setting to one or more individual daemons. > Settings in main.cf affect all instances of any particular daemon. > > If you need this controlled per domain, either use a recipient access > map with a FILTER action to select among multiple filters, or take care > of the domain in the content_filter. > For 20 domains, adding 20 filters is probably not the easiest solution. > Just parse the domain part in your content_filter and act appropriately. > >> smtp inet n - n - - smtpd >> -o receive_override_options=no_address_mappings >> -o content_filter=filter:dummy > > > I would suggest not naming an actual filter something as generic as > "filter" - use "footer" instead, in this case. > Also, smtP(8) does not receive mail, so this is not the correct place to > apply these settings - they achieve nothing. the above is an smtpD. see end of line. the "smtp" at start of line is the name of the service to be found in /etc/services, ie: smtp=25. > > >> submission inet n - n - - smtpd >>-o smtpd_tls_security_level=encrypt >>-o smtpd_sasl_auth_enable=yes >>-o smtpd_client_restrictions=permit_sasl_authenticated,reject >>-o receive_override_options=no_address_mappings >>-o content_filter=filter:dummy > > > They do here, since submission is an smtpD(8) listener. It is also an smtpD, but not because it's named "submission". it is an smtpd as indicated by the last token in the line. again, "submission" simply means use the port in /etc/services that corresponds to "submission". > > >> The intended recipient receives a copy of the message, but the >> always_bcc user receives the message multiple times. > > Yes; always_bcc is invoked on receiving mail. > If you re-inject mail (as you must after it is passed off to a > content_filter), it is received for the second time. > Everything in main.cf is applied anew, including always_bcc. > > The re-injection listener (which should NOT be the same daemon as your > normal smtpd(8) listener!) should not apply always_bcc, so set your > receive_override_options there. > > You should also be very, very careful about bouncing mail to your > always_bcc address - consider what the result is. > > In practical terms, the recipient in always_bcc should never bounce, or > you will have problems. > >
Re: Disclaimer with always_bcc and config problems
Le 12/09/2011 06:21, Alex a écrit : > Hi, > > I'm trying to configure a disclaimer footer using altermime with > postfix-2.7.5, amavisd-new-2.6.4. I've tried to follow the examples > for creating a new filter, but the messages appear to be being > reinjected at the wrong spot and are being delivered multiple times to > the always_bcc recipient. > > I thought I could outline my current config, and someone could help me > to find what I'm missing. I have about twenty virtual domains, but it > would be okay to use the same disclaimer footer text for each domain. > I'd also like to be sure SASL authenticated clients are permitted as > well. > > I'm not sure this configuration will only work with my domains, and > only on outbound mail. How is this controlled? > > smtp inet n - n - - smtpd >-o receive_override_options=no_address_mappings >-o content_filter=filter:dummy > > submission inet n - n - - smtpd > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o receive_override_options=no_address_mappings > -o content_filter=filter:dummy > > filter unix - n n - - pipe > flags=Rq user=filter argv=/etc/postfix/disclaimer.sh -f > ${sender} -- ${recipient} > > The 'filter' users exists, and disclaimer.sh contains the actual > altermime command: > > > #!/bin/sh > INSPECT_DIR=/tmp > SENDMAIL=/usr/sbin/sendmail > > # Exit codes from > EX_TEMPFAIL=75 > EX_UNAVAILABLE=69 > > # Clean up when done or when aborting. > trap "rm -f in.$$" 0 1 2 3 15 > > # Start processing. > cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit > $EX_TEMPFAIL; } > > cat >in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; } > > # obtain From address > from_address=`grep -m 1 "From:" in.$$ | cut -d "<" -f 2 | cut -d ">" -f 1` > > /usr/bin/altermime --input=in.$$ \ >--disclaimer=/etc/postfix/disclaimer.txt \ >--disclaimer-html=/etc/postfix/disclaimer.txt \ >--xheader="X-Copyrighted-Material: Please visit > http://www.mydomain.com/privacy.htm"; || \ > { echo Message content rejected; exit $EX_UNAVAILABLE; } > > $SENDMAIL "$@" > exit $? > > > The intended recipient receives a copy of the message, but the > always_bcc user receives the message multiple times. > you didn't show the long awaited evidence: logs, logs, ... in the absence of evidence, let's call crystal ball mamma. I guess you tested this by sending mail using the sendmail command? if so, your settings in "smtp" and "submission" are useless, since sendmail uses pickup. and no, there is only one pickup per instance, you can't simply disable address rewrite. some choices: - ignore the sendmail case, if you don't care about sendmail mail - in your altermime script, resubmit mail using smtp instead of sendmail - use multiple postfix instances (taht is: run postfix multiple times, each with its own config dir, data dir, queue dir, ... etc). in this case, you can specify the instance for the sendmail command.
Re: Disclaimer with always_bcc and config problems
On 2011-09-13 00:42, mouss wrote: Le 13/09/2011 00:04, Jeroen Geilman a écrit : On 2011-09-12 06:21, Alex wrote: Hi, I'm trying to configure a disclaimer footer using altermime with postfix-2.7.5, amavisd-new-2.6.4. I've tried to follow the examples for creating a new filter, but the messages appear to be being reinjected at the wrong spot and are being delivered multiple times to the always_bcc recipient. I thought I could outline my current config, and someone could help me to find what I'm missing. I have about twenty virtual domains, but it would be okay to use the same disclaimer footer text for each domain. I'd also like to be sure SASL authenticated clients are permitted as well. I'm not sure this configuration will only work with my domains, and only on outbound mail. How is this controlled? By limiting the scope of the setting to one or more individual daemons. Settings in main.cf affect all instances of any particular daemon. If you need this controlled per domain, either use a recipient access map with a FILTER action to select among multiple filters, or take care of the domain in the content_filter. For 20 domains, adding 20 filters is probably not the easiest solution. Just parse the domain part in your content_filter and act appropriately. smtp inet n - n - - smtpd -o receive_override_options=no_address_mappings -o content_filter=filter:dummy I would suggest not naming an actual filter something as generic as "filter" - use "footer" instead, in this case. Also, smtP(8) does not receive mail, so this is not the correct place to apply these settings - they achieve nothing. the above is an smtpD. see end of line. the "smtp" at start of line is the name of the service to be found in /etc/services, ie: smtp=25. Ugh, brainfart. submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o receive_override_options=no_address_mappings -o content_filter=filter:dummy They do here, since submission is an smtpD(8) listener. It is also an smtpD, but not because it's named "submission". That's not what I said. it is an smtpd as indicated by the last token in the line. again, "submission" simply means use the port in /etc/services that corresponds to "submission". The intended recipient receives a copy of the message, but the always_bcc user receives the message multiple times. Yes; always_bcc is invoked on receiving mail. If you re-inject mail (as you must after it is passed off to a content_filter), it is received for the second time. Everything in main.cf is applied anew, including always_bcc. The re-injection listener (which should NOT be the same daemon as your normal smtpd(8) listener!) should not apply always_bcc, so set your receive_override_options there. You should also be very, very careful about bouncing mail to your always_bcc address - consider what the result is. In practical terms, the recipient in always_bcc should never bounce, or you will have problems. Aside from the nitpicking, no comments on the actual contents ? -- J.