Solved

spamassassin + postfix + procmail (don't forward spam)

Posted on 2004-04-05
20
4,030 Views
Last Modified: 2012-06-27

Hello,

I'm using postfix with spamassassin and procmail to filter spam.
It works very good so far but if an email address has a virtual user too it is forwarding the standard message that a spam was detected on that mail.
Is it possible to configure it so that if a spam is detected it should neither forward to an email-address or a mailbox?

j79
0
Comment
Question by:j79
  • 7
  • 7
  • 6
20 Comments
 
LVL 9

Expert Comment

by:Alf666
Comment Utility
Can you post your procmail.conf ?

And what exactly do you call a virtual user ? (mail alias ?).
0
 
LVL 2

Author Comment

by:j79
Comment Utility

Hello Alf666,

thank you for the answer.
Yes virtual user is in this case mail alias

I couldn't find any procmail.conf on my server.

I have /etc/procmailrc with the following content:
:0H
* ^X-Spam-Status: Yes
/dev/null
0
 
LVL 9

Expert Comment

by:Alf666
Comment Utility
How is your config ?

Where does spamassassin get called ?

I'd need your postfix config files (the ones you modified).

0
 
LVL 2

Author Comment

by:j79
Comment Utility
OK, I had to modify /etc/postfix/master.cf and /etc/postfix/main.cf
Spamassassin is called in master.cf:
--------------------------------------------------------------------------------------------------------
smtp      inet  n       -       n       -       -       smtpd
   -o content_filter=postfixfilter:

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission     inet    n       -       n       -       -       smtpd
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       nqmgr
#tlsmgr   fifo  -       -       n       300     1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
flush     unix  n       -       n       1000?   0       flush
smtp      unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
#localhost:10025 inet   n       -       n       -       -       smtpd -o content_filter=
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# The Cyrus deliver program has changed incompatibly.
#  
cyrus     unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe  
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
vscan     unix  -       n       n       -       10       pipe
  user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail  unix  -       n       n       -       -       pipe
  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
postfixfilter unix -    n       n       -       -       pipe
 flags=Rq user=filter argv=/usr/local/filter/postfixfilter -f ${sender} -- ${recipient}

--------------------------------------------------------------------------------------------------------
 
In main.cf I only added this line:
--------------------------------------------------------------------------------------------------------
mailbox_command = /usr/bin/procmail -f- -a "$USER"
--------------------------------------------------------------------------------------------------------

Spamassassin is running as user:group  filter:filter

The content of postfixfilter is:
--------------------------------------------------------------------------------------------------------
#!/bin/sh

INSPECT_DIR=/usr/local/filter
SENDMAIL=/usr/sbin/sendmail
SPAMASSASSIN=/usr/bin/spamc

EX_TEMPFAIL=75
EX_UNAVAILABLE=69

cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }

trap "rm -f in.$$; rm -f out.$$" 0 1 2 3 15

cat | $SPAMASSASSIN -f > out.$$ #|| # { echo Message content rejected; exit $EX_UNAVAILABLE; }


$SENDMAIL "$@" < out.$$

exit $?
--------------------------------------------------------------------------------------------------------


0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Haven't verified this, but at alias expansion, the mail probably gets "remailed" locally, in all likelihood invoking
smtp      unix  -       -       n       -       -       smtp
instead of the "networked" master line:). Try changing it so that the filet gets called for that too
smtp      unix  -       -       n       -       -       smtp -o content_filter=postfixfilter
... or better yet, why not set it on a global scale (and ditch the changes to master.cf) in main.cf ... If it isn't there already, just stick it in there somewher;-)... Something like:

# Custom spam filter
content_filter = postfixfilter

... Might do it;).

-- Glenn
0
 
LVL 2

Author Comment

by:j79
Comment Utility

Nope, neither the changes on master.cf or adding "content_filter" to main.cf are solving the problem.
It's delivering to mail-aliases the standard message that a spam was found, which shows that spamassassin is working well but procmail filters only the mailboxes.

j79

0
 
LVL 9

Expert Comment

by:Alf666
Comment Utility
I'd need your full main.cf.

The thing I suspect is that your "local" users get delivered through the local delivery agent. This one delivers through procmail using the mailbox_command. But, your aliases, for a reason yet to determine, may not be seen as "local" users, and delivered (or forwarded) to another delivery agent. This delivery agent, of course, does not use procmail.

0
 
LVL 2

Author Comment

by:j79
Comment Utility

Any idea how to make him to use procmail too? :)

j79
0
 
LVL 9

Expert Comment

by:Alf666
Comment Utility
That's why I need your full main.cf.
There are so many ways doing things in postfix...

I have a question though. Are your aliases sent to somewhere else ?
0
 
LVL 2

Author Comment

by:j79
Comment Utility

OK, I had to delete the standard explanations first because it's a large file to post here:

main.cf
--------------------------------------------------------------------------------------------------
queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

default_privs = autoresp

myhostname = server1.myprovider.info

mydomain = mymaindomain.com

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, $mydomain, smtp.$mydomain

mynetworks_style = host

local_recipient_maps = $alias_maps unix:passwd.byname

in_flow_delay = 0

alias_maps = hash:/etc/aliases

mail_spool_directory = /var/mail

mailbox_command = /usr/bin/procmail -f- -a "$USER"

fast_flush_domains = $relay_domains

smtpd_banner = $myhostname ESMTP $mail_name

debug_peer_level = 2

debugger_command =
       PATH=/usr/bin:/usr/X11R6/bin
       xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/sbin/sendmail

mailq_path = /usr/bin/mailq

setgid_group = maildrop

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/packages/postfix/samples

readme_directory = /usr/share/doc/packages/postfix/README_FILES

#suseconfig:
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual, hash:/etc/postfix/confixx_virtualUsers, hash:/etc/postfix/confixx_localDomains
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
inet_interfaces = all
masquerade_domains = genthios.com
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination

#SMTPD Auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

#TLS Support
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

message_size_limit = 5242880
line_length_limit = 5242880
header_size_limit = 6000000
qmgr_message_active_limit = 1000

---------------------------------------------------------------------------------------------------

The whole aliases for mailboxes and aliases to email addresses are in confixx_virtualUsers generated by confixx (a web management interface like plesk or ensim)

confixx_localDomains looks like:
mydomain.com confixx
domain2.info confixx
domain3.info confixx

confixx_virtualUsers looks like:
person@mydomain.com person@anotherdomain.com
contact@domain2.info confixx-du-81
contact@domain3.com web4p3

confixx-du-81 for example is defined in /etc/aliases:
confixx-du-81: web9p1, person@anything.com

where web9p1 is a mailbox.

j79





0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 9

Expert Comment

by:Alf666
Comment Utility
Ok. The simplest method would be to replace your postfixfilter directly by a procmail script. The procmail script would invoke SpamAssassin, and decide what to do with the mail.

The good news is that procmail will handle properly all return and/or exit codes.

I use a similar approach. Your procmailrc could look like this (just use this as an example to build your own) :

:0 fw
| /usr/bin/spamc

:0H
* ^X-Spam-Status: Yes
/dev/null

0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
mailbox_command is used to call procmail... this is the "local" daemon responsible for delivery.
Your virtuals... aren't handled by "local"... they're handled by "virtual" daemon. This doesn't support the mailbox_command.
Sorry, but I don't see any reasonable way to fix this... Other than to enhance the filter script a bit, so that you don't remail the identified spam... Sort of what procmail does anyway:-).

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Oh bother. To slow, to little, to late...:-). Good suggestion Alf.

-- Glenn
0
 
LVL 2

Author Comment

by:j79
Comment Utility

Hello Alf666,

I changed the procmailrc script to your suggestion and it cleans still the spam of the mailboxes.
But if I change the smtp line of master.cf from:
smtp      inet  n       -       n       -       -       smtpd
       -o content_filter=postfixfilter:

to:
smtp      inet  n       -       n       -       -       smtpd
       -o content_filter=procmail:

or
smtp      inet  n       -       n       -       -       smtpd
  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}

then it doesn't deliver the email neither to the mailbox nor to the alias-email

If I comment out that line then the mail-alias recipient is getting the original E-Mail without any comment of "spam detector".

I don't know but it's very confusing...

j79
0
 
LVL 9

Accepted Solution

by:
Alf666 earned 50 total points
Comment Utility
Please, accept my apologies. I was not clear at all, and I mixed myself up :-)))


Keep your actual postfix filter. You don't need procmail filters for what you're doing.

Just modify the following in your filter config :

cat | $SPAMASSASSIN -f > out.$$ #|| # { echo Message content rejected; exit $EX_UNAVAILABLE; }

grep "^X-Spam-Status: Yes" out.$$ > /dev/null 2>&1

if [ $? -ne 0 ]
then
  $SENDMAIL "$@" < out.$$
fi

The only drawback with this method (but you already had it), is that you also filter outgoing mail (when your own users connect to your mail server for sending mail outside).

0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
You'll need instruct procmail to "remail" everything in a safe way. This would entail using formail to set an unambiguous header to flag that you've already processed it... This can turn ugly, meaning a continuous mail loop, if one isn't carefull...:-)

You could as easily just add a small grep to your filter script... Like this:

--------------------------------------------------------------------------------------------------------
#!/bin/sh

INSPECT_DIR=/usr/local/filter
SENDMAIL=/usr/sbin/sendmail
SPAMASSASSIN=/usr/bin/spamc

EX_TEMPFAIL=75
EX_UNAVAILABLE=69

cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }

trap "rm -f in.$$; rm -f out.$$" 0 1 2 3 15

cat | $SPAMASSASSIN -f > out.$$ #|| # { echo Message content rejected; exit $EX_UNAVAILABLE; }

if egrep "^X-Spam-Status: Yes$"
then
  true
else
  $SENDMAIL "$@" < out.$$
fi

exit $?
--------------------------------------------------------------------------------------------------------
... This is of course bad if you have a message that has this exact string somewhere in the body...:-).

There are some examples on using formail with procmail in the procmail man-pages.

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Argh... You beat me to it again! And did the grep right. I shouldn't do this with less than half a mind on what I'm doing:-).

Anyway, _if_ i get the time and _if_ I can focus for more than two seconds... Would you be interrested in a procmail/formail/sendmail example j79?

-- Glenn
0
 
LVL 9

Expert Comment

by:Alf666
Comment Utility
> I shouldn't do this with less than half a mind on what I'm doing:-).
 
I only use a tenth of mine :-))))
0
 
LVL 2

Author Comment

by:j79
Comment Utility

As I could see at the logfiles it's working now!

Thank you for the help!

j79
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
> I only use a tenth of mine :-))))
Yeah yeah, me do as best me can... uuuh:-):-)

-- Glenn
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now