j79
asked on
spamassassin + postfix + procmail (don't forward spam)
Hello,
I'm using postfix with spamassassin and procmail to filter spam.
It works very good so far but if an email address has a virtual user too it is forwarding the standard message that a spam was detected on that mail.
Is it possible to configure it so that if a spam is detected it should neither forward to an email-address or a mailbox?
j79
ASKER
Hello Alf666,
thank you for the answer.
Yes virtual user is in this case mail alias
I couldn't find any procmail.conf on my server.
I have /etc/procmailrc with the following content:
:0H
* ^X-Spam-Status: Yes
/dev/null
How is your config ?
Where does spamassassin get called ?
I'd need your postfix config files (the ones you modified).
Where does spamassassin get called ?
I'd need your postfix config files (the ones you modified).
ASKER
OK, I had to modify /etc/postfix/master.cf and /etc/postfix/main.cf
Spamassassin is called in master.cf:
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
smtp inet n - n - - smtpd
-o content_filter=postfixfilt er:
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 nqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
smtp unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
#localhost:10025 inet n - n - - smtpd -o content_filter=
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# The Cyrus deliver program has changed incompatibly.
#
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus/bin/de liver -e -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmai l -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
vscan unix - n n - 10 pipe
user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
postfixfilter unix - n n - - pipe
flags=Rq user=filter argv=/usr/local/filter/pos tfixfilter -f ${sender} -- ${recipient}
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
In main.cf I only added this line:
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
mailbox_command = /usr/bin/procmail -f- -a "$USER"
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
Spamassassin is running as user:group filter:filter
The content of postfixfilter is:
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
#!/bin/sh
INSPECT_DIR=/usr/local/fil ter
SENDMAIL=/usr/sbin/sendmai l
SPAMASSASSIN=/usr/bin/spam c
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
trap "rm -f in.$$; rm -f out.$$" 0 1 2 3 15
cat | $SPAMASSASSIN -f > out.$$ #|| # { echo Message content rejected; exit $EX_UNAVAILABLE; }
$SENDMAIL "$@" < out.$$
exit $?
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
Spamassassin is called in master.cf:
--------------------------
smtp inet n - n - - smtpd
-o content_filter=postfixfilt
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 nqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
smtp unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
#localhost:10025 inet n - n - - smtpd -o content_filter=
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# The Cyrus deliver program has changed incompatibly.
#
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus/bin/de
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmai
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp
vscan unix - n n - 10 pipe
user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
postfixfilter unix - n n - - pipe
flags=Rq user=filter argv=/usr/local/filter/pos
--------------------------
In main.cf I only added this line:
--------------------------
mailbox_command = /usr/bin/procmail -f- -a "$USER"
--------------------------
Spamassassin is running as user:group filter:filter
The content of postfixfilter is:
--------------------------
#!/bin/sh
INSPECT_DIR=/usr/local/fil
SENDMAIL=/usr/sbin/sendmai
SPAMASSASSIN=/usr/bin/spam
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
trap "rm -f in.$$; rm -f out.$$" 0 1 2 3 15
cat | $SPAMASSASSIN -f > out.$$ #|| # { echo Message content rejected; exit $EX_UNAVAILABLE; }
$SENDMAIL "$@" < out.$$
exit $?
--------------------------
Haven't verified this, but at alias expansion, the mail probably gets "remailed" locally, in all likelihood invoking
smtp unix - - n - - smtp
instead of the "networked" master line:). Try changing it so that the filet gets called for that too
smtp unix - - n - - smtp -o content_filter=postfixfilt er
... or better yet, why not set it on a global scale (and ditch the changes to master.cf) in main.cf ... If it isn't there already, just stick it in there somewher;-)... Something like:
# Custom spam filter
content_filter = postfixfilter
... Might do it;).
-- Glenn
smtp unix - - n - - smtp
instead of the "networked" master line:). Try changing it so that the filet gets called for that too
smtp unix - - n - - smtp -o content_filter=postfixfilt
... or better yet, why not set it on a global scale (and ditch the changes to master.cf) in main.cf ... If it isn't there already, just stick it in there somewher;-)... Something like:
# Custom spam filter
content_filter = postfixfilter
... Might do it;).
-- Glenn
ASKER
Nope, neither the changes on master.cf or adding "content_filter" to main.cf are solving the problem.
It's delivering to mail-aliases the standard message that a spam was found, which shows that spamassassin is working well but procmail filters only the mailboxes.
j79
I'd need your full main.cf.
The thing I suspect is that your "local" users get delivered through the local delivery agent. This one delivers through procmail using the mailbox_command. But, your aliases, for a reason yet to determine, may not be seen as "local" users, and delivered (or forwarded) to another delivery agent. This delivery agent, of course, does not use procmail.
The thing I suspect is that your "local" users get delivered through the local delivery agent. This one delivers through procmail using the mailbox_command. But, your aliases, for a reason yet to determine, may not be seen as "local" users, and delivered (or forwarded) to another delivery agent. This delivery agent, of course, does not use procmail.
ASKER
Any idea how to make him to use procmail too? :)
j79
That's why I need your full main.cf.
There are so many ways doing things in postfix...
I have a question though. Are your aliases sent to somewhere else ?
There are so many ways doing things in postfix...
I have a question though. Are your aliases sent to somewhere else ?
ASKER
OK, I had to delete the standard explanations first because it's a large file to post here:
main.cf
--------------------------
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
default_privs = autoresp
myhostname = server1.myprovider.info
mydomain = mymaindomain.com
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, $mydomain, smtp.$mydomain
mynetworks_style = host
local_recipient_maps = $alias_maps unix:passwd.byname
in_flow_delay = 0
alias_maps = hash:/etc/aliases
mail_spool_directory = /var/mail
mailbox_command = /usr/bin/procmail -f- -a "$USER"
fast_flush_domains = $relay_domains
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/usr/bin:/usr/X11R6/b
xxgdb $daemon_directory/$process
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/sbin/sendmail
mailq_path = /usr/bin/mailq
setgid_group = maildrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/po
readme_directory = /usr/share/doc/packages/po
#suseconfig:
canonical_maps = hash:/etc/postfix/canonica
virtual_maps = hash:/etc/postfix/virtual,
relocated_maps = hash:/etc/postfix/relocate
transport_maps = hash:/etc/postfix/transpor
sender_canonical_maps = hash:/etc/postfix/sender_c
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
inet_interfaces = all
masquerade_domains = genthios.com
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictio
#SMTPD Auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_option
broken_sasl_auth_clients = yes
#TLS Support
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_ti
tls_random_source = dev:/dev/urandom
message_size_limit = 5242880
line_length_limit = 5242880
header_size_limit = 6000000
qmgr_message_active_limit = 1000
--------------------------
The whole aliases for mailboxes and aliases to email addresses are in confixx_virtualUsers generated by confixx (a web management interface like plesk or ensim)
confixx_localDomains looks like:
mydomain.com confixx
domain2.info confixx
domain3.info confixx
confixx_virtualUsers looks like:
person@mydomain.com person@anotherdomain.com
contact@domain2.info confixx-du-81
contact@domain3.com web4p3
confixx-du-81 for example is defined in /etc/aliases:
confixx-du-81: web9p1, person@anything.com
where web9p1 is a mailbox.
j79
Ok. The simplest method would be to replace your postfixfilter directly by a procmail script. The procmail script would invoke SpamAssassin, and decide what to do with the mail.
The good news is that procmail will handle properly all return and/or exit codes.
I use a similar approach. Your procmailrc could look like this (just use this as an example to build your own) :
:0 fw
| /usr/bin/spamc
:0H
* ^X-Spam-Status: Yes
/dev/null
The good news is that procmail will handle properly all return and/or exit codes.
I use a similar approach. Your procmailrc could look like this (just use this as an example to build your own) :
:0 fw
| /usr/bin/spamc
:0H
* ^X-Spam-Status: Yes
/dev/null
mailbox_command is used to call procmail... this is the "local" daemon responsible for delivery.
Your virtuals... aren't handled by "local"... they're handled by "virtual" daemon. This doesn't support the mailbox_command.
Sorry, but I don't see any reasonable way to fix this... Other than to enhance the filter script a bit, so that you don't remail the identified spam... Sort of what procmail does anyway:-).
-- Glenn
Your virtuals... aren't handled by "local"... they're handled by "virtual" daemon. This doesn't support the mailbox_command.
Sorry, but I don't see any reasonable way to fix this... Other than to enhance the filter script a bit, so that you don't remail the identified spam... Sort of what procmail does anyway:-).
-- Glenn
Oh bother. To slow, to little, to late...:-). Good suggestion Alf.
-- Glenn
-- Glenn
ASKER
Hello Alf666,
I changed the procmailrc script to your suggestion and it cleans still the spam of the mailboxes.
But if I change the smtp line of master.cf from:
smtp inet n - n - - smtpd
-o content_filter=postfixfilt
to:
smtp inet n - n - - smtpd
-o content_filter=procmail:
or
smtp inet n - n - - smtpd
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
then it doesn't deliver the email neither to the mailbox nor to the alias-email
If I comment out that line then the mail-alias recipient is getting the original E-Mail without any comment of "spam detector".
I don't know but it's very confusing...
j79
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You'll need instruct procmail to "remail" everything in a safe way. This would entail using formail to set an unambiguous header to flag that you've already processed it... This can turn ugly, meaning a continuous mail loop, if one isn't carefull...:-)
You could as easily just add a small grep to your filter script... Like this:
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
#!/bin/sh
INSPECT_DIR=/usr/local/fil ter
SENDMAIL=/usr/sbin/sendmai l
SPAMASSASSIN=/usr/bin/spam c
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
trap "rm -f in.$$; rm -f out.$$" 0 1 2 3 15
cat | $SPAMASSASSIN -f > out.$$ #|| # { echo Message content rejected; exit $EX_UNAVAILABLE; }
if egrep "^X-Spam-Status: Yes$"
then
true
else
$SENDMAIL "$@" < out.$$
fi
exit $?
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
... This is of course bad if you have a message that has this exact string somewhere in the body...:-).
There are some examples on using formail with procmail in the procmail man-pages.
-- Glenn
You could as easily just add a small grep to your filter script... Like this:
--------------------------
#!/bin/sh
INSPECT_DIR=/usr/local/fil
SENDMAIL=/usr/sbin/sendmai
SPAMASSASSIN=/usr/bin/spam
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
trap "rm -f in.$$; rm -f out.$$" 0 1 2 3 15
cat | $SPAMASSASSIN -f > out.$$ #|| # { echo Message content rejected; exit $EX_UNAVAILABLE; }
if egrep "^X-Spam-Status: Yes$"
then
true
else
$SENDMAIL "$@" < out.$$
fi
exit $?
--------------------------
... This is of course bad if you have a message that has this exact string somewhere in the body...:-).
There are some examples on using formail with procmail in the procmail man-pages.
-- Glenn
Argh... You beat me to it again! And did the grep right. I shouldn't do this with less than half a mind on what I'm doing:-).
Anyway, _if_ i get the time and _if_ I can focus for more than two seconds... Would you be interrested in a procmail/formail/sendmail example j79?
-- Glenn
Anyway, _if_ i get the time and _if_ I can focus for more than two seconds... Would you be interrested in a procmail/formail/sendmail example j79?
-- Glenn
> I shouldn't do this with less than half a mind on what I'm doing:-).
I only use a tenth of mine :-))))
I only use a tenth of mine :-))))
ASKER
As I could see at the logfiles it's working now!
Thank you for the help!
j79
> I only use a tenth of mine :-))))
Yeah yeah, me do as best me can... uuuh:-):-)
-- Glenn
Yeah yeah, me do as best me can... uuuh:-):-)
-- Glenn
And what exactly do you call a virtual user ? (mail alias ?).