More Perfect SpamSnake 10.10 probs!

[colskinet]

Hi all

Couple of probs.

1. Do I need to do the "Apply Relay Recipients" section for Exchange (page 4)? It only mentions Exchange 2000/2003, I am running Windows Server 2008R2 and Exchange 2010. I can't get the spamsnake to retrieve a list of usernames/passwords. I've changed all the usernames/passwords in the getadsmtp.pl file but it returns the error "error:The wrong password was supplied or the SASL credentials could not be processed"

2. Monitoring my mail.log is showing the following errors and no mail is getting through to the Baruwa web interface..

Code:

Dec 18 20:24:03 spamsnake postfix/smtpd[3970]: connect from ***.*****.**.uk[***.***.**.**]
Dec 18 20:24:04 spamsnake postfix/spawn[3978]: warning: command /usr/bin/perl exit status 2
Dec 18 20:24:04 spamsnake postfix/smtpd[3970]: warning: premature end-of-input on private/policy while reading input attribute name
Dec 18 20:24:05 spamsnake postfix/spawn[3978]: warning: command /usr/bin/perl exit status 2
Dec 18 20:24:05 spamsnake postfix/smtpd[3970]: warning: premature end-of-input on private/policy while reading input attribute name
Dec 18 20:24:05 spamsnake postfix/smtpd[3970]: warning: problem talking to server private/policy: Connection reset by peer
Dec 18 20:24:05 spamsnake postfix/smtpd[3970]: NOQUEUE: reject: RCPT from ***.****.**.**[***.***.**.**]: 451 4.3.5 Server configuration problem; from=<colin@**.**.**> to=<colin@**.**.**> proto=ESMTP helo=<***.***.**.**>
Dec 18 20:24:05 spamsnake postfix/smtpd[3970]: disconnect from **.***.**.**[***.***.**.**]
Dec 18 20:27:25 spamsnake postfix/anvil[3973]: statistics: max connection rate 1/60s for (smtp:***.***.**.**) at Dec 18 20:24:03
Dec 18 20:27:25 spamsnake postfix/anvil[3973]: statistics: max connection count 1 for (smtp:***.***.**.**) at Dec 18 20:24:03
Dec 18 20:27:25 spamsnake postfix/anvil[3973]: statistics: max cache size 1 at Dec 18 20:24:03

The only other stuff left for me to do is setup email disclaimers, Webmin, etc, nothing that appears vital to make this thing work!

Please help, I feel like I'm almost there but just need to sort these issues out!

Thanks in advance.

Colin

[Rocky]

Looks like the SPF entry is incorrect. Post your master.cf and main.cf.

I'm not sure if the script works with Exchange 2010, but you can use the look_ahead feature as an alternate. You cannot implement both, so it's either relay_recipient hash or look_ahead. If you plan to use relay_recipients hash, then you should disable look_ahead. Give this page a look: http://thelowedown.wordpress.com/200...y-to-exchange/ Otherwise, setup main.cf as described under the postfix section in the guide and enable look_ahead.

Read through the guide carefully, as some things are optional. That is up to you to install should you need those features.

[colskinet]

Hi Rocky, thanks for the reply.

Here is my main.cf as requested

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = ESMTP SpamSnake
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = spamsnake.colskinet.co.uk
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = colskinet.co.uk
mydestination =
relayhost =
mynetworks = 127.0.0.0/8, 192.168.1.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
message_size_limit = 10485760
local_transport = error:No local mail delivery
local_recipient_maps =
relay_domains = mysql:/etc/postfix/mysql-relay_domains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-relay_recipients.cf
transport_maps = mysql:/etc/postfix/mysql-transports.cf
virtual_alias_maps = hash:/etc/postfix/virtual
disable_vrfy_command = yes
strict_rfc821_envelopes = no
smtpd_delay_reject = yes
smtpd_recipient_limit = 100
smtpd_helo_required = yes
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, permit
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, permit
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit
smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining
smtpd_restriction_classes = spf_policy, rbl_policy, grey_policy, whitelist_policy
spf_policy = check_policy_service unix:private/policy
rbl_policy = reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
grey_policy = check_policy_service unix:private/greyfix
whitelist_policy = check_sender_access mysql:/etc/postfix/mysql-global_whitelist.cf
header_checks = regexp:/etc/postfix/header_checks
verify_recipient = reject_unknown_recipient_domain, reject_unverified_recipient
look_ahead = check_recipient_access hash:/etc/postfix/access
unverified_recipient_reject_code = 550
address_verify_map = btree:/var/lib/postfix/verify

Here is my master.cf

Code:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
   -o content_filter=dfilt:
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
         -o content_filter=
         -o receive_override_options=no_header_body_checks
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
        -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

policy unix - n n - - spawn
  user=nobody argv=/usr/bin/perl /usr/lib/post

greyfix    unix  -        n       n       -        -       spawn
   user=nobody  argv=/usr/local/sbin/greyfix   --greylist-delay 60  -/ 24

dfilt     unix    -       n       n       -       -       pipe
    flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} -- ${recipient}

Colin

[colskinet]

I've now fixed this and got the system up and running.

The problem was with some code in my "master.cf" file

It read :

Code:

policy unix - n n - - spawn
  user=nobody argv=/usr/bin/perl /usr/lib/post

When it should have read :

Code:

policy unix - n n - - spawn
  user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl

I'd simply not copied the entire line!

I had an issue of "colin@domain.com" being accepted but "Colin@domain.com" being rejected (450 4.1.1 error) - I assume the case sensitive issue was the problem here? I've removed "reject_unknown_recipient_domain" from main.cf and this seems to have stopped the problem. I've replaced it with "check_relay_domains" - is that the right thing to do?

Thanks
Colin

[Rocky]

Yes, SPF entry in master.cf was incorrect, glad you caught it.

The system should allow the mail regardless of case, because the domain is specified. Are you using relay recipients or look_ahead?

Also, have you followed my little writeup on how to create the domain admin and the entries for domains and transports? It's under the Baruwa section. Without that section being completed, the system won't relay messages since the relay domains aren't present.

[colskinet]

Quote:

Originally Posted by Rocky

Yes, SPF entry in master.cf was incorrect, glad you caught it.

The system should allow the mail regardless of case, because the domain is specified. Are you using relay recipients or look_ahead?

Also, have you followed my little writeup on how to create the domain admin and the entries for domains and transports? It's under the Baruwa section. Without that section being completed, the system won't relay messages since the relay domains aren't present.

My /etc/postfix/access file has the following:

Code:

colskinet.co.uk verify_recipient

But look_ahead is also listed in the "smtpd_recipient_restrictions" section of master.cf. I notice there's also a line in that file with "look_ahead = check_recipient_access hash:/etc/postfix/access"

That what you were wanting to know? This part confused me somewhat!

Edit - yes - the whole Baruwa section went without any problems, and I added my domain to it.

Colin

[Rocky]

Ok, yes, so you can skip the entire relay_recipient script section because your system is setup for look_ahead.

Your setup will send a dummy mail to your exchange to verify(look_ahead) to make sure the user exists. If the user doesn't exist, exchange will reply saying so and postfix will drop the connection. However, you must have exchange setup to act that way if the user doesn't exist.

[colskinet]

Thanks Rocky, appreciate your help with this. Think I'm there now...

Colin