Link to home
Start Free TrialLog in
Avatar of j79
j79

asked on

spamassassin + postfix + procmail (don't forward spam)


Hello,

I'm using postfix with spamassassin and procmail to filter spam.
It works very good so far but if an email address has a virtual user too it is forwarding the standard message that a spam was detected on that mail.
Is it possible to configure it so that if a spam is detected it should neither forward to an email-address or a mailbox?

j79
Avatar of Alf666
Alf666

Can you post your procmail.conf ?

And what exactly do you call a virtual user ? (mail alias ?).
Avatar of j79

ASKER


Hello Alf666,

thank you for the answer.
Yes virtual user is in this case mail alias

I couldn't find any procmail.conf on my server.

I have /etc/procmailrc with the following content:
:0H
* ^X-Spam-Status: Yes
/dev/null
How is your config ?

Where does spamassassin get called ?

I'd need your postfix config files (the ones you modified).

Avatar of j79

ASKER

OK, I had to modify /etc/postfix/master.cf and /etc/postfix/main.cf
Spamassassin is called in master.cf:
--------------------------------------------------------------------------------------------------------
smtp      inet  n       -       n       -       -       smtpd
   -o content_filter=postfixfilter:

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission     inet    n       -       n       -       -       smtpd
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       nqmgr
#tlsmgr   fifo  -       -       n       300     1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
flush     unix  n       -       n       1000?   0       flush
smtp      unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
#localhost:10025 inet   n       -       n       -       -       smtpd -o content_filter=
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# The Cyrus deliver program has changed incompatibly.
#  
cyrus     unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe  
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
vscan     unix  -       n       n       -       10       pipe
  user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail  unix  -       n       n       -       -       pipe
  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
postfixfilter unix -    n       n       -       -       pipe
 flags=Rq user=filter argv=/usr/local/filter/postfixfilter -f ${sender} -- ${recipient}

--------------------------------------------------------------------------------------------------------
 
In main.cf I only added this line:
--------------------------------------------------------------------------------------------------------
mailbox_command = /usr/bin/procmail -f- -a "$USER"
--------------------------------------------------------------------------------------------------------

Spamassassin is running as user:group  filter:filter

The content of postfixfilter is:
--------------------------------------------------------------------------------------------------------
#!/bin/sh

INSPECT_DIR=/usr/local/filter
SENDMAIL=/usr/sbin/sendmail
SPAMASSASSIN=/usr/bin/spamc

EX_TEMPFAIL=75
EX_UNAVAILABLE=69

cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }

trap "rm -f in.$$; rm -f out.$$" 0 1 2 3 15

cat | $SPAMASSASSIN -f > out.$$ #|| # { echo Message content rejected; exit $EX_UNAVAILABLE; }


$SENDMAIL "$@" < out.$$

exit $?
--------------------------------------------------------------------------------------------------------


Haven't verified this, but at alias expansion, the mail probably gets "remailed" locally, in all likelihood invoking
smtp      unix  -       -       n       -       -       smtp
instead of the "networked" master line:). Try changing it so that the filet gets called for that too
smtp      unix  -       -       n       -       -       smtp -o content_filter=postfixfilter
... or better yet, why not set it on a global scale (and ditch the changes to master.cf) in main.cf ... If it isn't there already, just stick it in there somewher;-)... Something like:

# Custom spam filter
content_filter = postfixfilter

... Might do it;).

-- Glenn
Avatar of j79

ASKER


Nope, neither the changes on master.cf or adding "content_filter" to main.cf are solving the problem.
It's delivering to mail-aliases the standard message that a spam was found, which shows that spamassassin is working well but procmail filters only the mailboxes.

j79

I'd need your full main.cf.

The thing I suspect is that your "local" users get delivered through the local delivery agent. This one delivers through procmail using the mailbox_command. But, your aliases, for a reason yet to determine, may not be seen as "local" users, and delivered (or forwarded) to another delivery agent. This delivery agent, of course, does not use procmail.

Avatar of j79

ASKER


Any idea how to make him to use procmail too? :)

j79
That's why I need your full main.cf.
There are so many ways doing things in postfix...

I have a question though. Are your aliases sent to somewhere else ?
Avatar of j79

ASKER


OK, I had to delete the standard explanations first because it's a large file to post here:

main.cf
--------------------------------------------------------------------------------------------------
queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

default_privs = autoresp

myhostname = server1.myprovider.info

mydomain = mymaindomain.com

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, $mydomain, smtp.$mydomain

mynetworks_style = host

local_recipient_maps = $alias_maps unix:passwd.byname

in_flow_delay = 0

alias_maps = hash:/etc/aliases

mail_spool_directory = /var/mail

mailbox_command = /usr/bin/procmail -f- -a "$USER"

fast_flush_domains = $relay_domains

smtpd_banner = $myhostname ESMTP $mail_name

debug_peer_level = 2

debugger_command =
       PATH=/usr/bin:/usr/X11R6/bin
       xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/sbin/sendmail

mailq_path = /usr/bin/mailq

setgid_group = maildrop

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/packages/postfix/samples

readme_directory = /usr/share/doc/packages/postfix/README_FILES

#suseconfig:
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual, hash:/etc/postfix/confixx_virtualUsers, hash:/etc/postfix/confixx_localDomains
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
inet_interfaces = all
masquerade_domains = genthios.com
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination

#SMTPD Auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

#TLS Support
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

message_size_limit = 5242880
line_length_limit = 5242880
header_size_limit = 6000000
qmgr_message_active_limit = 1000

---------------------------------------------------------------------------------------------------

The whole aliases for mailboxes and aliases to email addresses are in confixx_virtualUsers generated by confixx (a web management interface like plesk or ensim)

confixx_localDomains looks like:
mydomain.com confixx
domain2.info confixx
domain3.info confixx

confixx_virtualUsers looks like:
person@mydomain.com person@anotherdomain.com
contact@domain2.info confixx-du-81
contact@domain3.com web4p3

confixx-du-81 for example is defined in /etc/aliases:
confixx-du-81: web9p1, person@anything.com

where web9p1 is a mailbox.

j79





Ok. The simplest method would be to replace your postfixfilter directly by a procmail script. The procmail script would invoke SpamAssassin, and decide what to do with the mail.

The good news is that procmail will handle properly all return and/or exit codes.

I use a similar approach. Your procmailrc could look like this (just use this as an example to build your own) :

:0 fw
| /usr/bin/spamc

:0H
* ^X-Spam-Status: Yes
/dev/null

mailbox_command is used to call procmail... this is the "local" daemon responsible for delivery.
Your virtuals... aren't handled by "local"... they're handled by "virtual" daemon. This doesn't support the mailbox_command.
Sorry, but I don't see any reasonable way to fix this... Other than to enhance the filter script a bit, so that you don't remail the identified spam... Sort of what procmail does anyway:-).

-- Glenn
Oh bother. To slow, to little, to late...:-). Good suggestion Alf.

-- Glenn
Avatar of j79

ASKER


Hello Alf666,

I changed the procmailrc script to your suggestion and it cleans still the spam of the mailboxes.
But if I change the smtp line of master.cf from:
smtp      inet  n       -       n       -       -       smtpd
       -o content_filter=postfixfilter:

to:
smtp      inet  n       -       n       -       -       smtpd
       -o content_filter=procmail:

or
smtp      inet  n       -       n       -       -       smtpd
  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}

then it doesn't deliver the email neither to the mailbox nor to the alias-email

If I comment out that line then the mail-alias recipient is getting the original E-Mail without any comment of "spam detector".

I don't know but it's very confusing...

j79
ASKER CERTIFIED SOLUTION
Avatar of Alf666
Alf666

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You'll need instruct procmail to "remail" everything in a safe way. This would entail using formail to set an unambiguous header to flag that you've already processed it... This can turn ugly, meaning a continuous mail loop, if one isn't carefull...:-)

You could as easily just add a small grep to your filter script... Like this:

--------------------------------------------------------------------------------------------------------
#!/bin/sh

INSPECT_DIR=/usr/local/filter
SENDMAIL=/usr/sbin/sendmail
SPAMASSASSIN=/usr/bin/spamc

EX_TEMPFAIL=75
EX_UNAVAILABLE=69

cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }

trap "rm -f in.$$; rm -f out.$$" 0 1 2 3 15

cat | $SPAMASSASSIN -f > out.$$ #|| # { echo Message content rejected; exit $EX_UNAVAILABLE; }

if egrep "^X-Spam-Status: Yes$"
then
  true
else
  $SENDMAIL "$@" < out.$$
fi

exit $?
--------------------------------------------------------------------------------------------------------
... This is of course bad if you have a message that has this exact string somewhere in the body...:-).

There are some examples on using formail with procmail in the procmail man-pages.

-- Glenn
Argh... You beat me to it again! And did the grep right. I shouldn't do this with less than half a mind on what I'm doing:-).

Anyway, _if_ i get the time and _if_ I can focus for more than two seconds... Would you be interrested in a procmail/formail/sendmail example j79?

-- Glenn
> I shouldn't do this with less than half a mind on what I'm doing:-).
 
I only use a tenth of mine :-))))
Avatar of j79

ASKER


As I could see at the logfiles it's working now!

Thank you for the help!

j79
> I only use a tenth of mine :-))))
Yeah yeah, me do as best me can... uuuh:-):-)

-- Glenn