Hi,

I'm running Mandriva 2008 One and I've attempted to follow this how-to guide:

http://www.howtoforge.com/mandriva_postfix_antispam_antivirus_exchange

I'm trying to configure Postfix to scan inbound and outbound smtp mail on my network. We use Exchange 2003 internally on a Windows 2003 domain. I also have an ISA firewall sat at the border, so the Mandriva machine is behind this ISA box.

I have email flowing just fine without using the Mandriva box. So when I have Exchange setup to route external SMTP through the ISA server using the IP of the ISA server as a smarthost, it all works fine inbound and outbound.

As soon as I set the smarthost IP on the Exchange server to point to the Mandriva machine, email stops flowing.

I'm a total newb with Linux, so please be gentle ;-)

I don't even know where to look on the Mandriva box to see if mail is being received into any of the queues?

I have tried telnetting to the Mandriva box using port 25, and I think it connects - I don't see any message saying it couldn't establish a connection - but I also don't see what I would class as an SMTP connected notice?

I have disabled the firewall on the Mandriva box - as a temporary measure, to see if that made a difference but unfortunately it hasn't so far.

Any help you can offer is greatly appreciated!!!

Thanks and kind regards,

Greg.

Take a look at your mail log - should be in the /var/log directory.

Thanks for the advice ;-)

I found the following logs in the folder you mentioned:

/var/log/mail/info.log:

Oct 25 09:28:16 tlvmmail1 spamd[5868]: prefork: child states: II
Oct 25 09:28:16 tlvmmail1 spamd[5868]: prefork: child states: II
Oct 25 09:28:16 tlvmmail1 postfix/postfix-script[7445]: stopping the Postfix mail system
Oct 25 09:28:16 tlvmmail1 postfix/master[6961]: terminating on signal 15
Oct 25 09:29:47 tlvmmail1 postfix/postfix-script[5684]: starting the Postfix mail system
Oct 25 09:29:47 tlvmmail1 postfix/master[5685]: daemon started -- version 2.4.5, configuration /etc/postfix
Oct 25 09:29:48 tlvmmail1 amavis[5146]: starting. /usr/sbin/amavisd at tlvmmail1 amavisd-new-2.5.2 (20070627), Unicode aware
Oct 25 09:29:48 tlvmmail1 amavis[5146]: Perl version 5.008008
Oct 25 09:29:50 tlvmmail1 spamd[4948]: config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": use_dcc1
Oct 25 09:29:50 tlvmmail1 spamd[4948]: config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": dcc_timeout 10
Oct 25 09:29:50 tlvmmail1 spamd[4948]: config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": dcc_home /var/lib/dcc
Oct 25 09:29:50 tlvmmail1 spamd[4948]: config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": dcc_path /usr/bin/dccproc
Oct 25 09:29:51 tlvmmail1 spamd[4948]: logger: removing stderr method
Oct 25 09:30:00 tlvmmail1 spamd[5818]: rules: meta test FM_DDDD_TIMES_2 has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score
Oct 25 09:30:00 tlvmmail1 spamd[5818]: rules: meta test FM_SEX_HOSTDDDD has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score
Oct 25 09:30:00 tlvmmail1 spamd[5818]: rules: meta test HS_PHARMA_1 has dependency 'HS_SUBJ_ONLINE_PHARMACEUTICAL' with a zero score
Oct 25 09:30:01 tlvmmail1 spamd[5818]: spamd: server started on port 783/tcp (running version 3.2.3)
Oct 25 09:30:01 tlvmmail1 spamd[5818]: spamd: server pid: 5818
Oct 25 09:30:01 tlvmmail1 spamd[5818]: spamd: server successfully spawned child process, pid 6048
Oct 25 09:30:01 tlvmmail1 spamd[5818]: spamd: server successfully spawned child process, pid 6049
Oct 25 09:30:01 tlvmmail1 spamd[5818]: prefork: child states: II


/var/log/mail/warnings.log:

Oct 25 09:29:47 tlvmmail1 postfix/postfix-script[5603]: warning: group or other writable: /etc/postfix/./main.cf
Oct 25 09:29:47 tlvmmail1 postfix/postfix-script[5625]: warning: group or other writable: /etc/postfix/./main.cf~
Oct 25 09:29:47 tlvmmail1 postfix/postfix-script[5641]: warning: group or other writable: /etc/postfix/./main.cf.orig
Oct 25 09:29:53 tlvmmail1 spamd[5818]: razor2: razor2 check failed: No such file or directory razor2: Can't read conf file: /root/.razor/razor-agent.conf at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/Razor2.pm line 326.


The /var/log/mail/errors.log file was empty.

I assume that this means the config is not quite right yet?

Any advice based on the above logfile contents is greatly appreciated!

Thanks and kind regards,

Greg.

OK, I've fixed all those errors and I'm making some progress

It now appears as though my problem lies with Amavisd. Having Googled for this, I should be able to telnet to 127.0.01 on port 10025 - but this is not working. I've tried to amend the amavisd.conf file and now when I issue the command amavisd reload, I get the following error:

The amavisd daemon is apparently not running, no PID file /var/lib/amavis/amavisd.pid

Any ideas why that's occurring and how I should fix it? Should I just re-install Amavisd and start over?

Thanks,

Greg.

What's the output of netstat -tap? Any errors in your mail log (regarding amavisd)?

Thanks for following up with some more advice ;-)

I did manage to get Amavisd to run now and I can telnet to 127.0.0.1 10025, but it seems like the email relaying is not configured correctly. I now get the following error in the /var/log/mail/info/log file:

Oct 26 14:24:15 tlvmmail1 postfix/smtpd[7868]: connect from tlvsmail1.tlab.local[172.xxx.xxx.xxx]
Oct 26 14:24:18 tlvmmail1 postfix/smtpd[7868]: D54D730AA1: client=tlvsmail1.tlab.local[172.xxx.xxx.xxx]
Oct 26 14:24:18 tlvmmail1 postfix/cleanup[7871]: D54D730AA1: message-id=<3927C4FEE97FAF4F9BF223B02624190E24FC@TLVSMAIL1.tla b.local>
Oct 26 14:24:18 tlvmmail1 postfix/qmgr[7235]: D54D730AA1: from=<gregn@myaddress.com>, size=2510, nrcpt=1 (queue active)
Oct 26 14:24:18 tlvmmail1 postfix/smtpd[7868]: disconnect from tlvsmail1.tlab.local[172.xxx.xxx.xxx]
Oct 26 14:24:20 tlvmmail1 amavis[7103]: (07103-03) Blocked MTA-BLOCKED, [172.xxx.xxx.xxx] <gregn@myaddress.com> -> <gregnottage@gmail.com>, Message-ID: <3927C4FEE97FAF4F9BF223B02624190E24FC@TLVSMAIL1.tla b.local>, mail_id: YB4u1Zy7PilA, Hits: 2.176, size: 2510, 1956 ms
Oct 26 14:24:20 tlvmmail1 postfix/smtp[7872]: D54D730AA1: to=<gregnottage@gmail.com>, relay=127.0.0.1[127.0.0.1]:10025, delay=2.1, delays=0.08/0.02/0.09/1.9, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 From MTA([127.0.0.1]:10026) during fwd-connect (Negative greeting: at (eval 52) line 442, <GEN8> line 504.): id=07103-03 (in reply to end of DATA command))

Any ideas what needs changing?

Thanks,

Greg.

What's in /etc/postfix/main.cf and /etc/postfix/master.cf (please strip out the comments)?

OK, I've made a bit of progress by enabling this section in the master.cf file:

127.0.0.1:10026 inet n - n - - smtpd

(As you can see from the post below).

I now get an undeliverable message in my Outlook when I send a test message. Here's the contents of the undeliverable:
This is the mail system at host tlvmmail1.tlab.local.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

The mail system

<gregn>: host tlfw1.tlab.local[172.31.3.28] said: 550 5.7.1 Unable to
relay for gregn@vmc.com (in reply to RCPT TO command)

Reporting-MTA: dns; tlvmmail1.tlab.local
X-Postfix-Queue-ID: A454F30A99
X-Postfix-Sender: rfc822; gregn@vmceuro.com
Arrival-Date: Sun, 28 Oct 2007 18:43:02 +0000 (GMT)

Final-Recipient: rfc822; gregn@vmc.com
Original-Recipient: rfc822;gregn@vmc.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; tlfw1.tlab.local
Diagnostic-Code: smtp; 550 5.7.1 Unable to relay for gregn@vmc.com

Here's the contents of the master.cf:
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - y - - smtpd
pickup fifo n - y 60 1 pickup
-o content_filter=
-o receive_override_options=
cleanup unix n - y - 0 cleanup
qmgr fifo n - y 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o fallback_relay=
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache

cyrus unix - n n - - lmtp
-o lmtp_cache_connection=yes
cyrus-chroot unix - - y - - lmtp
-o lmtp_cache_connection=yes

cyrus-inet unix - - y - - lmtp
-o lmtp_cache_connection=yes
-o lmtp_sasl_auth_enable=yes
-o lmtp_sasl_password_maps=hash:/etc/postfix/cyrus_lmtp_sasl_pass
-o lmtp_sasl_security_options=noanonymous

127.0.0.1:10026 inet n - n - - smtpd
-o content_filter=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_end_of_data_restrictions=
-o smtpd_etrn_restrictions=
-o smtpd_data_restrictions=
-o smtpd_delay_reject=no
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks

smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes

Here's the contents of the main.cf file:
readme_directory = /usr/share/doc/postfix/README_FILES
html_directory = /usr/share/doc/postfix/html
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/lib/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
inet_interfaces = all
mynetworks_style = host
smtpd_banner = $myhostname ESMTP $mail_name
unknown_local_recipient_reject_code = 550
smtp-filter_destination_concurrency_limit = 2
lmtp-filter_destination_concurrency_limit = 2
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
recipient_delimiter = +
owner_request_special = no
alias_maps = hash:/etc/postfix/aliases
content_filter = smtp-amavis:[127.0.0.1]:10025
receive_override_options = no_address_mappings
header_checks = regexp:/etc/postfix/header_checks
message_size_limit = 1024000
relay_domains = vmceuro.com, tlab.local, remote.tlab.local
mydomain = vmceuro.com
myhostname = tlvmmail1.tlab.local
mynetworks = 127.0.0.0/8, 172.31.3.0/24, vmceuro.com, 10.250.10.0/24, tlab.local, remote.tlab.local, 192.168.240.0/24
transport_maps = hash:/etc/postfix/transport
queue_minfree = 0
maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, opm.blitzed.org, dun.dnsrbl.net
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject, reject_non_fqdn_hostname, reject_maps_rbl
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient
smtpd_sender_restrictions = reject_unauth_pipelining, reject_unknown_sender_domain, reject_non_fqdn_sender
relay_recipient_maps = hash:/etc/postfix/exchange_recipients
delay_warning_time = 2h
myorigin = vmceuro.com
mydestination = $myhostname, localhost.$mydomain
debug_peer_level = 1
mail_spool_directory = /var/spool/mail
alias_database = hash:/etc/postfix/aliases
relayhost = tlfw1.tlab.local

Here's the contents of the /var/log/mail/info.log:
Oct 28 18:43:00 tlvmmail1 postfix/smtpd[6563]: connect from tlvsmail1.tlab.local[172.31.3.34]
Oct 28 18:43:00 tlvmmail1 postfix/smtpd[6563]: 1CF0E30A8B: client=tlvsmail1.tlab.local[172.31.3.34]
Oct 28 18:43:00 tlvmmail1 postfix/cleanup[6566]: 1CF0E30A8B: message-id=<3927C4FEE97FAF4F9BF223B02624190E24FF>
Oct 28 18:43:00 tlvmmail1 postfix/qmgr[5681]: 1CF0E30A8B: from=<gregn>, size=2553, nrcpt=1 (queue active)
Oct 28 18:43:00 tlvmmail1 postfix/smtpd[6563]: disconnect from tlvsmail1.tlab.local[172.31.3.34]
Oct 28 18:43:02 tlvmmail1 postfix/smtpd[6571]: connect from tlvmmail1.tlab.local[127.0.0.1]
Oct 28 18:43:02 tlvmmail1 postfix/smtpd[6571]: A454F30A99: client=tlvmmail1.tlab.local[127.0.0.1]
Oct 28 18:43:02 tlvmmail1 postfix/cleanup[6566]: A454F30A99: message-id=<3927C4FEE97FAF4F9BF223B02624190E24FF>
Oct 28 18:43:02 tlvmmail1 postfix/qmgr[5681]: A454F30A99: from=<gregn>, size=3202, nrcpt=1 (queue active)
Oct 28 18:43:02 tlvmmail1 postfix/smtpd[6571]: disconnect from tlvmmail1.tlab.local[127.0.0.1]
Oct 28 18:43:02 tlvmmail1 amavis[6005]: (06005-01) Passed CLEAN, [172.31.3.34] <gregn> -> <gregn>, Message-ID: <3927C4FEE97FAF4F9BF223B02624190E24FF>, mail_id: oiXyScjU-H77, Hits: 2.321, size: 2553, queued_as: A454F30A99, 2578 ms
Oct 28 18:43:02 tlvmmail1 postfix/smtp[6567]: 1CF0E30A8B: to=<gregn>, relay=127.0.0.1[127.0.0.1]:10025, delay=2.6, delays=0.02/0.01/0.03/2.6, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as A454F30A99)
Oct 28 18:43:02 tlvmmail1 postfix/qmgr[5681]: 1CF0E30A8B: removed
Oct 28 18:43:02 tlvmmail1 postfix/smtp[6572]: A454F30A99: to=<gregn>, relay=tlfw1.tlab.local[172.31.3.28]:25, delay=0.11, delays=0.01/0.03/0.01/0.06, dsn=5.7.1, status=bounced (host tlfw1.tlab.local[172.31.3.28] said: 550 5.7.1 Unable to relay for gregn@vmc.com (in reply to RCPT TO command))
Oct 28 18:43:02 tlvmmail1 postfix/cleanup[6566]: BF0EF30A92: message-id=<20071028184302>
Oct 28 18:43:02 tlvmmail1 postfix/qmgr[5681]: BF0EF30A92: from=<>, size=5161, nrcpt=1 (queue active)
Oct 28 18:43:02 tlvmmail1 postfix/bounce[6573]: A454F30A99: sender non-delivery notification: BF0EF30A92
Oct 28 18:43:02 tlvmmail1 postfix/qmgr[5681]: A454F30A99: removed
Oct 28 18:43:02 tlvmmail1 postfix/smtp[6572]: BF0EF30A92: to=<gregn>, relay=172.31.3.34[172.31.3.34]:25, delay=0.11, delays=0.01/0/0/0.1, dsn=2.6.0, status=sent (250 2.6.0 <20071028184302> Queued mail for delivery)
Oct 28 18:43:02 tlvmmail1 postfix/qmgr[5681]: BF0EF30A92: removed

The server tlfw1.tlab.local is the ISA firewall, and the rules on the ISA box allow SMTP relaying from the inside network (which the Linux box is in).

Thanks,

Greg.

Did you create an email account for gregn@vmc.com on the system?

The gregn@vmc.com address is the delivery address (i.e. the TO address) for the email I sent out. The from address is the gregn@vmceuro.com address and this is a Microsoft Exchange mailbox.

There are no mailboxes on the Linux box. All I want the Linux box to do is to scan inbound and outbound emails for viruses and spam. As long as the mails are clean, the Linux box should just forward to the appropriate next hop - either the ISA firewall for outbound mail, or the Exchange server for inbound mail.

The mail that generated this delivery failure notice was an outbound mail from the Exchange mailbox to an external email address in a totally separate Exchange email system.

Thanks,

Greg.

OK, I've managed to get this working how I want now by changing these settings in the main.cf file:

mynetworks_style = host

changed to:

mynetworks_style = subnet

and:

mynetworks = 127.0.0.0/8, 172.31.3.0/24, vmceuro.com, 10.250.10.0/24, tlab.local, remote.tlab.local, 192.168.240.0/24

changed to:

mynetworks = 127.0.0.0/8, 172.31.3.0/24, 10.250.10.0/24, 192.168.240.0/24

I also had to tweak the email relaying settings on my ISA server to allow the Linux server IP address.

I'm all set now, so thanks very much for your help and advice ;-)

Kind Regards,

Greg.