Amavisd- Any way to tell which filter is being triggered?

Discussion in 'Installation/Configuration' started by rwheindl, Mar 5, 2018.

  1. rwheindl

    rwheindl Member

    We're receiving some inbound mail from this domain we would like to receive. Unfortunately it's getting rejected by one of the content filters. Is there any way to tell which one so I can adjust it? Turn on additional logging in postfix or amavisd perhaps? Any ideas are appreciated! Thanks. Here's an excerpt from the log:
    Code:
    Mar  5 14:58:28 SRVNAME postfix/qmgr[12632]: D7E3720D55D2: from=<[email protected]>, size=3243, nrcpt=1 (queue active)
    Mar  5 14:58:28 SRVNAME amavis[30941]: (30941-18) Passed CLEAN {RelayedInbound}, [199.231.xxx.xxx]:57645 [216.170.xxx.xxx] <[email protected]> -> <[email protected]>, Queue-ID: A59E420D55C8, Message-ID: <[email protected]>, mail_id: CkLx7DuzZK5X, Hits: -1.12, size: 2577, queued_as: D7E3720D55D2, 8159 ms
    Mar  5 14:58:43 SRVNAME postfix/smtps/smtpd[31992]: NOQUEUE: filter: RCPT from cpe-65-31-xxx-xxx.xx.xx.xx.com[65.31.xxx.xxx]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to= [email protected]> proto=ESMTP helo=<[192.168.xxx.xxx]>
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The email received Hits: -1.12, so unless your kill score is below -1.12 (which is quite unlikely), then the amavis filter is not causiing this. maybe you run some manual content filter rules in postfix (header filter / content filter)?
     
  3. rwheindl

    rwheindl Member

    Thanks till. Spam kill level is set to 5.00. I have these lines with the word "header", "body" and/or "content" active in /etc/postfix/main.cf
    Code:
    smtpd_sasl_authenticated_header = yes
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    content_filter = amavis:[127.0.0.1]:10024
    Examining the contents of those files, they are all empty. Other ideas?
     
  4. rwheindl

    rwheindl Member

    I took a look at /etc/postfix/master.cf and have these at the bottom of the file. Are the 2 entries for localhost both for amavisd (I'm guessing, send to and receive back from amavisd)? I believe the mail log typically indicates if the email message triggers the SPF policy so I don't think that's it. The SPF policy on their domain is set to "?all" which is neutral.
    Code:
    amavis unix - - - - 2 smtp
            -o smtp_data_done_timeout=1200
            -o smtp_send_xforward_command=yes
    
    127.0.0.1:10025 inet n - - - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    
    spfpolicy unix  -       n       n       -       0       spawn
            user=nobody argv=/usr/bin/perl /usr/local/bin/postfix-policyd-spf-perl
    
    127.0.0.1:10027 inet n - n - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtp_send_xforward_command=yes
                -o milter_default_action=accept
            -o milter_macro_daemon_name=ORIGINATING
            -o disable_dns_lookups=yes
     
    Last edited: Mar 6, 2018

Share This Page