Virtual Users /Domains /Postfix, Courier/MySQL CentOS 5.1 with no outgoing spam check

Discussion in 'HOWTO-Related Questions' started by waters, Mar 8, 2011.

  1. waters

    waters New Member

    Hi,
    I've followed the tutorial "Virtual Users And Domains With Postfix, Courier And MySQL (CentOS 5.1)" and everything works. But now I want to stop Spamassassin from scanning outgoing mail. So basically I want to allow all local and roaming authenticated users to bypass the spam scanning. Here is what I've set up, the problem is I get the error message "status=deferred (mail transport unavailable)" in the mail logs when sending as a roaming authenticated user (from outlook using my server an the smtp server).

    my /etc/postfix/master.cf
    Code:
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       n       -       -       smtpd
    submission inet n       -       n       -       -       smtpd
    #  -o smtpd_enforce_tls=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o content_filter=smtp-amavis:[127.0.0.1]:10026
    #smtps     inet  n       -       n       -       -       smtpd
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #628      inet  n       -       n       -       -       qmqpd
    pickup    fifo  n       -       n       60      1       pickup
    cleanup   unix  n       -       n       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    #qmgr     fifo  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       n       1000?   1       tlsmgr
    rewrite   unix  -       -       n       -       -       trivial-rewrite
    bounce    unix  -       -       n       -       0       bounce
    defer     unix  -       -       n       -       0       bounce
    trace     unix  -       -       n       -       0       bounce
    verify    unix  -       -       n       -       1       verify
    flush     unix  n       -       n       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    smtp      unix  -       -       n       -       -       smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay     unix  -       -       n       -       -       smtp
            -o fallback_relay=
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       n       -       -       showq
    error     unix  -       -       n       -       -       error
    discard   unix  -       -       n       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       n       -       -       lmtp
    anvil     unix  -       -       n       -       1       anvil
    scache    unix  -       -       n       -       1       scache
    
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
    #
    # The Cyrus deliver program has changed incompatibly, multiple times.
    #
    old-cyrus unix  -       n       n       -       -       pipe
      flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    cyrus     unix  -       n       n       -       -       pipe
      user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
    
    amavis unix - - - - 2 smtp
            -o smtp_data_done_timeout=1200
            -o smtp_send_xforward_command=yes
    
    127.0.0.1:10025 inet n - - - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtpd_bind_address=127.0.0.1
    
    
    the submission port should be receiving mail from roaming authenticated users and sending it to smtp-amavis:[127.0.0.1]:10026

    my amavisd.conf
    Code:
    $max_servers = 2;            # num of pre-forked children (2..15 is common), -m
    $daemon_user  = "amavis";     # (no default;  customary: vscan or amavis), -u
    $daemon_group = "amavis";     # (no default;  customary: vscan or amavis), -g
    
    $mydomain = 'localhost.localdomain';
    
    $TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
    $ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
    $QUARANTINEDIR = "/var/virusmails";
    
    $db_home   = "$MYHOME/db";
    
    $log_level = 0;              # verbosity 0..5, -d
    $log_recip_templ = undef;    # disable by-recipient level-0 log entries
    $DO_SYSLOG = 1;              # log via syslogd (preferred)
    $syslog_facility = 'mail';   # Syslog facility as a string
               # e.g.: mail, daemon, user, local0, ... local7
    $syslog_priority = 'debug';  # Syslog base (minimal) priority as a string,
               # choose from: emerg, alert, crit, err, warning, notice, info, debug
    
    $enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
    $enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
    $nanny_details_level = 2;    # nanny verbosity: 1: traditional, 2: detailed
    
    @local_domains_maps = ( [".$mydomain",".myotherdomain.com","anotherdomainomine.com"] );  # list of all local domains
    
    @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                      10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
    
    $unix_socketname = "$MYHOME/amavisd.sock";  # amavisd-release or amavis-milter
                   # option(s) -p overrides $inet_socket_port and $unix_socketname
    
    $inet_socket_port = [10024,10026];  # listen on multiple TCP ports
    
    $policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
      originating => 1,  # is true in MYNETS by default, but let's make it explicit
      os_fingerprint_method => undef,  # don't query p0f for internal clients
      bypass_spam_checks_maps => [1], # don't spam-check outgoing mail
    };
    
    # it is up to MTA to re-route mail from authenticated roaming users or
    # from internal hosts to a dedicated TCP port (such as 10026) for filtering
    $interface_policy{'10026'} = 'ORIGINATING';
    
    $policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
      originating => 1,  # declare that mail was submitted by our smtp client
      allow_disclaimers => 1,  # enables disclaimer insertion if available
      # notify administrator of locally originating malware
      virus_admin_maps => ["virusalert\@$mydomain"],
      spam_admin_maps  => ["virusalert\@$mydomain"],
      warnbadhsender   => 1,
      # forward to a smtpd service providing DKIM signing service
      #forward_method => 'smtp:[127.0.0.1]:10027',
      # force MTA conversion to 7-bit (e.g. before DKIM signing)
      smtpd_discard_ehlo_keywords => ['8BITMIME'],
      bypass_banned_checks_maps => [1],  # allow sending any file names and types
      bypass_spam_checks_maps => [1], # don't spam-check outgoing mail
      terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
    };
    
    .
    .
    .
    
    
    So policy_bank{'ORIGINATING'} should be getting the mail postfix sent over and dealing with it I think, but it's not working.

    Any help is much appreciated, I've scoured the net and many place have talking about the theory of how to do this without any specific examples.
     
  2. waters

    waters New Member

    I guess I should also include some relevant info in /etc/postfix/main.cf:

    Code:
    mynetworks = 127.0.0.0/8
    virtual_alias_domains = 
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    smtpd_use_tls = yes
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_create_maildirsize = yes
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    
    
     
  3. waters

    waters New Member

    I found the problem. The content_filter= setting in main.cf was overriding the one in master.cf. Works great now.
     

Share This Page