More Perfect SpamSnake 10.10 probs!

Discussion in 'HOWTO-Related Questions' started by colskinet, Dec 18, 2010.

  1. colskinet

    colskinet New Member

    Hi all

    Couple of probs.

    1. Do I need to do the "Apply Relay Recipients" section for Exchange (page 4)? It only mentions Exchange 2000/2003, I am running Windows Server 2008R2 and Exchange 2010. I can't get the spamsnake to retrieve a list of usernames/passwords. I've changed all the usernames/passwords in the getadsmtp.pl file but it returns the error "error:The wrong password was supplied or the SASL credentials could not be processed"

    2. Monitoring my mail.log is showing the following errors and no mail is getting through to the Baruwa web interface..

    Code:
    Dec 18 20:24:03 spamsnake postfix/smtpd[3970]: connect from ***.*****.**.uk[***.***.**.**]
    Dec 18 20:24:04 spamsnake postfix/spawn[3978]: warning: command /usr/bin/perl exit status 2
    Dec 18 20:24:04 spamsnake postfix/smtpd[3970]: warning: premature end-of-input on private/policy while reading input attribute name
    Dec 18 20:24:05 spamsnake postfix/spawn[3978]: warning: command /usr/bin/perl exit status 2
    Dec 18 20:24:05 spamsnake postfix/smtpd[3970]: warning: premature end-of-input on private/policy while reading input attribute name
    Dec 18 20:24:05 spamsnake postfix/smtpd[3970]: warning: problem talking to server private/policy: Connection reset by peer
    Dec 18 20:24:05 spamsnake postfix/smtpd[3970]: NOQUEUE: reject: RCPT from ***.****.**.**[***.***.**.**]: 451 4.3.5 Server configuration problem; from=<colin@**.**.**> to=<colin@**.**.**> proto=ESMTP helo=<***.***.**.**>
    Dec 18 20:24:05 spamsnake postfix/smtpd[3970]: disconnect from **.***.**.**[***.***.**.**]
    Dec 18 20:27:25 spamsnake postfix/anvil[3973]: statistics: max connection rate 1/60s for (smtp:***.***.**.**) at Dec 18 20:24:03
    Dec 18 20:27:25 spamsnake postfix/anvil[3973]: statistics: max connection count 1 for (smtp:***.***.**.**) at Dec 18 20:24:03
    Dec 18 20:27:25 spamsnake postfix/anvil[3973]: statistics: max cache size 1 at Dec 18 20:24:03
    The only other stuff left for me to do is setup email disclaimers, Webmin, etc, nothing that appears vital to make this thing work!

    Please help, I feel like I'm almost there but just need to sort these issues out!

    Thanks in advance.

    Colin
     
  2. Rocky

    Rocky New Member

    Looks like the SPF entry is incorrect. Post your master.cf and main.cf.

    I'm not sure if the script works with Exchange 2010, but you can use the look_ahead feature as an alternate. You cannot implement both, so it's either relay_recipient hash or look_ahead. If you plan to use relay_recipients hash, then you should disable look_ahead. Give this page a look: http://thelowedown.wordpress.com/2008/02/16/postfix-gateway-to-exchange/ Otherwise, setup main.cf as described under the postfix section in the guide and enable look_ahead.

    Read through the guide carefully, as some things are optional. That is up to you to install should you need those features.
     
    Last edited: Dec 19, 2010
  3. colskinet

    colskinet New Member

    Hi Rocky, thanks for the reply.

    Here is my main.cf as requested

    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = ESMTP SpamSnake
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # TLS parameters
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls=yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    myhostname = spamsnake.colskinet.co.uk
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = colskinet.co.uk
    mydestination =
    relayhost =
    mynetworks = 127.0.0.0/8, 192.168.1.0/24
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    message_size_limit = 10485760
    local_transport = error:No local mail delivery
    local_recipient_maps =
    relay_domains = mysql:/etc/postfix/mysql-relay_domains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-relay_recipients.cf
    transport_maps = mysql:/etc/postfix/mysql-transports.cf
    virtual_alias_maps = hash:/etc/postfix/virtual
    disable_vrfy_command = yes
    strict_rfc821_envelopes = no
    smtpd_delay_reject = yes
    smtpd_recipient_limit = 100
    smtpd_helo_required = yes
    smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, permit
    smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, permit
    smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit
    smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining
    smtpd_restriction_classes = spf_policy, rbl_policy, grey_policy, whitelist_policy
    spf_policy = check_policy_service unix:private/policy
    rbl_policy = reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
    grey_policy = check_policy_service unix:private/greyfix
    whitelist_policy = check_sender_access mysql:/etc/postfix/mysql-global_whitelist.cf
    header_checks = regexp:/etc/postfix/header_checks
    verify_recipient = reject_unknown_recipient_domain, reject_unverified_recipient
    look_ahead = check_recipient_access hash:/etc/postfix/access
    unverified_recipient_reject_code = 550
    address_verify_map = btree:/var/lib/postfix/verify
    
    Here is my master.cf

    Code:
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       -       -       -       smtpd
       -o content_filter=dfilt:
    #submission inet n       -       -       -       -       smtpd
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #smtps     inet  n       -       -       -       -       smtpd
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628       inet  n       -       -       -       -       qmqpd
    pickup    fifo  n       -       -       60      1       pickup
             -o content_filter=
             -o receive_override_options=no_header_body_checks
    cleanup   unix  n       -       -       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    #qmgr     fifo  n       -       -       300     1       oqmgr
    tlsmgr    unix  -       -       -       1000?   1       tlsmgr
    rewrite   unix  -       -       -       -       -       trivial-rewrite
    bounce    unix  -       -       -       -       0       bounce
    defer     unix  -       -       -       -       0       bounce
    trace     unix  -       -       -       -       0       bounce
    verify    unix  -       -       -       -       1       verify
    flush     unix  n       -       -       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       -       -       -       smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay     unix  -       -       -       -       -       smtp
            -o smtp_fallback_relay=
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       -       -       -       showq
    error     unix  -       -       -       -       -       error
    retry     unix  -       -       -       -       -       error
    discard   unix  -       -       -       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       -       -       -       lmtp
    anvil     unix  -       -       -       -       1       anvil
    scache    unix  -       -       -       -       1       scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    #
    # ====================================================================
    #
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    #
    # Specify in cyrus.conf:
    #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    #
    # Specify in main.cf one or more of the following:
    #  mailbox_transport = lmtp:inet:localhost
    #  virtual_transport = lmtp:inet:localhost
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    #cyrus     unix  -       n       n       -       -       pipe
    #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    # Old example of delivery via Cyrus.
    #
    #old-cyrus unix  -       n       n       -       -       pipe
    #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix  -       n       n       -       2       pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
    policy unix - n n - - spawn
      user=nobody argv=/usr/bin/perl /usr/lib/post
    
    greyfix    unix  -        n       n       -        -       spawn
       user=nobody  argv=/usr/local/sbin/greyfix   --greylist-delay 60  -/ 24
    
    dfilt     unix    -       n       n       -       -       pipe
        flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} -- ${recipient}
    

    Colin
     
  4. colskinet

    colskinet New Member

    I've now fixed this and got the system up and running.

    The problem was with some code in my "master.cf" file

    It read :

    Code:
    policy unix - n n - - spawn
      user=nobody argv=/usr/bin/perl /usr/lib/post
    When it should have read :

    Code:
    policy unix - n n - - spawn
      user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl
    I'd simply not copied the entire line!

    I had an issue of "[email protected]" being accepted but "[email protected]" being rejected (450 4.1.1 error) - I assume the case sensitive issue was the problem here? I've removed "reject_unknown_recipient_domain" from main.cf and this seems to have stopped the problem. I've replaced it with "check_relay_domains" - is that the right thing to do?

    Thanks
    Colin
     
  5. Rocky

    Rocky New Member

    Yes, SPF entry in master.cf was incorrect, glad you caught it.

    The system should allow the mail regardless of case, because the domain is specified. Are you using relay recipients or look_ahead?

    Also, have you followed my little writeup on how to create the domain admin and the entries for domains and transports? It's under the Baruwa section. Without that section being completed, the system won't relay messages since the relay domains aren't present.
     
  6. colskinet

    colskinet New Member

    My /etc/postfix/access file has the following:

    Code:
    colskinet.co.uk verify_recipient
    
    But look_ahead is also listed in the "smtpd_recipient_restrictions" section of master.cf. I notice there's also a line in that file with "look_ahead = check_recipient_access hash:/etc/postfix/access"

    That what you were wanting to know? This part confused me somewhat!

    Edit - yes - the whole Baruwa section went without any problems, and I added my domain to it.

    Colin
     
  7. Rocky

    Rocky New Member

    Ok, yes, so you can skip the entire relay_recipient script section because your system is setup for look_ahead.

    Your setup will send a dummy mail to your exchange to verify(look_ahead) to make sure the user exists. If the user doesn't exist, exchange will reply saying so and postfix will drop the connection. However, you must have exchange setup to act that way if the user doesn't exist.
     
  8. colskinet

    colskinet New Member

    Thanks Rocky, appreciate your help with this. Think I'm there now...

    Colin
     

Share This Page