From owner-freebsd-questions@freebsd.org Thu Jun 28 14:48:59 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF2DD1002CC9 for ; Thu, 28 Jun 2018 14:48:59 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 6F7AE7F12D for ; Thu, 28 Jun 2018 14:48:59 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from point.uchicago.edu (point.uchicago.edu [128.135.52.6]) by kicp.uchicago.edu (Postfix) with ESMTP id 018A17180B5 for ; Thu, 28 Jun 2018 09:48:52 -0500 (CDT) Subject: Re: Posfix and Amavisd-new in FreeBSD jail To: freebsd-questions@freebsd.org References: <4c9d4c7bcb994b1e086ae55ebd0f64b3.squirrel@webmail.harte-lyne.ca> From: Valeri Galtsev Message-ID: <944fff0f-6064-ccbb-a36b-f11752aaf2f7@kicp.uchicago.edu> Date: Thu, 28 Jun 2018 09:48:52 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <4c9d4c7bcb994b1e086ae55ebd0f64b3.squirrel@webmail.harte-lyne.ca> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jun 2018 14:48:59 -0000 On 06/28/18 08:35, James B. Byrne via freebsd-questions wrote: > Dose anyone on the list run Postfix with amavisd inside a FreeBSD > jail? On larger servers I switched to maia (to the contrary to what I said earlier, one can configure and run it, not not only the way port maintainer has it, Thanks to port maintainer !!). One of the servers fully running in jail may at some point get passed to the project owner to [co]-administer it, for this reason it has postfix+clamav+spamassassin+amavisd > I am running into this problem: > > /usr/local/sbin/amavisd[42231]: (!)DENIED ACCESS from IP 127.0.32.1, > policy bank '' In my case jail has localhost IP 127.0.0.1, but I set jails "by the book", I do not use any scripts like ezjail... jail doesn't need to talk to localhos of host system. You may want to go though /usr/local/etc/amavisd.conf /usr/local/etc/postfix/master.cf ( and maybe /usr/local/etc/postfix/main.cf, depending on how you have amavis harnessed in postfix) and change localhost's IP referenced in their configurations to 127.0.32.1 (like in master.cf: smtp inet n - n - - smtpd -o content_filter=smtp-amavis:[127.0.32.1]:10024 ) check that that IP is covered in amavis access control list in /usr/local/etc/amavisd.conf: @inet_acl = qw( 127.0.0.0/8 [::1] ... ) and you can test them one at a time from shell in that jail by telnet 127.0.32.1 10024 and do all SMTP commands, see where you are thrown out. I hope, this helps. Valeri > > The cloned lo interface used by the jail is assigned address 127.0.32.1: > > lo2: flags=8049 metric 0 mtu 16384 > options=600003 > inet 127.0.32.1 netmask 0xffffffff > inet6 ::32 prefixlen 128 > nd6 options=21 > groups: lo > > The postfix and amavisd configuration files refer only to 127.0.0.1 > > The hosts file contains this: > > ::1 localhost localhost.harte-lyne.ca > 127.0.0.1 localhost localhost.harte-lyne.ca > > Does anyone have this working properly inside a jail. What do I need > to do to get it to work? > > > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++