Date: Thu, 28 Jun 2018 09:48:52 -0500 From: Valeri Galtsev <galtsev@kicp.uchicago.edu> To: freebsd-questions@freebsd.org Subject: Re: Posfix and Amavisd-new in FreeBSD jail Message-ID: <944fff0f-6064-ccbb-a36b-f11752aaf2f7@kicp.uchicago.edu> In-Reply-To: <4c9d4c7bcb994b1e086ae55ebd0f64b3.squirrel@webmail.harte-lyne.ca> References: <4c9d4c7bcb994b1e086ae55ebd0f64b3.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/28/18 08:35, James B. Byrne via freebsd-questions wrote: > Dose anyone on the list run Postfix with amavisd inside a FreeBSD > jail? On larger servers I switched to maia (to the contrary to what I said earlier, one can configure and run it, not not only the way port maintainer has it, Thanks to port maintainer !!). One of the servers fully running in jail may at some point get passed to the project owner to [co]-administer it, for this reason it has postfix+clamav+spamassassin+amavisd > I am running into this problem: > > /usr/local/sbin/amavisd[42231]: (!)DENIED ACCESS from IP 127.0.32.1, > policy bank '' In my case jail has localhost IP 127.0.0.1, but I set jails "by the book", I do not use any scripts like ezjail... jail doesn't need to talk to localhos of host system. You may want to go though /usr/local/etc/amavisd.conf /usr/local/etc/postfix/master.cf ( and maybe /usr/local/etc/postfix/main.cf, depending on how you have amavis harnessed in postfix) and change localhost's IP referenced in their configurations to 127.0.32.1 (like in master.cf: smtp inet n - n - - smtpd -o content_filter=smtp-amavis:[127.0.32.1]:10024 ) check that that IP is covered in amavis access control list in /usr/local/etc/amavisd.conf: @inet_acl = qw( 127.0.0.0/8 [::1] ... ) and you can test them one at a time from shell in that jail by telnet 127.0.32.1 10024 and do all SMTP commands, see where you are thrown out. I hope, this helps. Valeri > > The cloned lo interface used by the jail is assigned address 127.0.32.1: > > lo2: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> > inet 127.0.32.1 netmask 0xffffffff > inet6 ::32 prefixlen 128 > nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> > groups: lo > > The postfix and amavisd configuration files refer only to 127.0.0.1 > > The hosts file contains this: > > ::1 localhost localhost.harte-lyne.ca > 127.0.0.1 localhost localhost.harte-lyne.ca > > Does anyone have this working properly inside a jail. What do I need > to do to get it to work? > > > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?944fff0f-6064-ccbb-a36b-f11752aaf2f7>