From owner-freebsd-questions@FreeBSD.ORG Sun Apr 11 02:33:34 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD8C71065678 for ; Sun, 11 Apr 2010 02:33:34 +0000 (UTC) (envelope-from perikillo@gmail.com) Received: from mail-yw0-f193.google.com (mail-yw0-f193.google.com [209.85.211.193]) by mx1.freebsd.org (Postfix) with ESMTP id 71BC18FC15 for ; Sun, 11 Apr 2010 02:33:34 +0000 (UTC) Received: by ywh31 with SMTP id 31so888400ywh.3 for ; Sat, 10 Apr 2010 19:33:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:content-type; bh=D+4t41/MS2W/pYMEOH1EX6n0h61d6ckG9PkLIDscRbc=; b=ep/G7m4VMJVcY7MJBAGuxOaHQu5BfWQys6Pq4GStNKHTxr4DmV0LpQxbPsO5H4jK4+ cr8LxWKpz4k75+IQXHCWBDcXPWVcTUfrJJuXi4DLhIeuGMzP6jy/pw+4JxO7EhCcxrQK zV7+DrOG2hcI75Mra64ykMHMA/v+UelFvzkok= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=v1RBK8SiLkj8XuMVeNZ0KFOq8UKMMw7c6vbqbdv+09Z+An2WPLRsxkkjoVzyeWzsZi 3E4tRKvxVcKz6cTMQG5yKlvO3roMWMua3IQy78M+Zk8vjn/51Zfnwbu2R64/mujqbyKQ oUBxBHYsxy2oC+2iBrgy9OxZlE70VT8HI3SLA= MIME-Version: 1.0 Received: by 10.150.229.15 with HTTP; Sat, 10 Apr 2010 19:33:33 -0700 (PDT) In-Reply-To: References: Date: Sat, 10 Apr 2010 19:33:33 -0700 Received: by 10.150.100.9 with SMTP id x9mr1984551ybb.99.1270953213643; Sat, 10 Apr 2010 19:33:33 -0700 (PDT) Message-ID: From: perikillo To: FreeBSD Mailing List Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: FreeBSD 8: Postfix policyd-weight not working!!! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Apr 2010 02:33:34 -0000 On Thu, Apr 8, 2010 at 3:29 PM, perikillo wrote: > > > On Thu, Apr 8, 2010 at 2:57 PM, Noel Jones wrote: > >> On Thu, Apr 8, 2010 at 9:29 AM, perikillo wrote: >> > Hi people. >> > >> > I'm working in my first spam gateway, using Postfix + policyd-weight. >> > >> > I have 2 jails for this, the jail-A is the mail server, where the >> mailboxes >> > exist, they are on each user home directory: >> > >> > /home/user-1 >> > /home/user-2 >> > /home/user-3 >> > ... >> > /home/user-N >> > >> > This jail-A have samba+ldap=PDC, nss_ldap+pam_ldap working + >> > dovecot+postfix working to. >> > >> > id test >> > uid=10003(test) gid=513(Domain Users) groups=513(Domain Users) >> > id root >> > uid=0(root) gid=0(wheel) groups=0(wheel),5(operator),512(Domain Admins) >> > >> > I can add users without a issue using smbldap-tools. >> > >> > I have test dovecot+postfix and I can send emails with that jail. >> > >> > Now I want to setup my spam gateway, is another jail called jail-B, I >> have >> > setup nss_ldap+pam_ldap to contact my PDC(jail-A) and is working: >> > >> > id user1 >> > uid=10002(user1) gid=513(Domain Users) groups=513(Domain Users) >> > id test >> > uid=10003(test) gid=513(Domain Users) groups=513(Domain Users) >> > >> > Now, the part is the one is not working is postfix+ policyd-weight. >> > >> > Went I test with other machine in the network using telnet, for some >> reason >> > once postfix accept the mail wants to send the email to the outside not >> > internally. I have setup transport to send the email jail-A but I don't >> see >> > any task doing this, check: >> > >> > Apr 8 07:02:01 filtro postfix/qmgr[6723]: 97002BB47C2: from=> >, >> > size=409, nrcpt=1 (queue active) >> > Apr 8 07:02:04 filtro postfix/smtpd[6727]: connect from filtro.X.org >> > [192.168.49.7] >> > Apr 8 07:02:31 filtro postfix/smtp[6725]: connect to X.org[X.Y.Z.W]:25: >> > Operation timed out >> > Apr 8 07:02:31 filtro postfix/smtp[6725]: 97002BB47C2: to=> >, >> > relay=none, delay=869, delays=839/0.03/30/0, dsn=4.4.1, status=deferred >> > (connect to X.org[X.Y.Z.W]:25: Operation timed out) >> >> You say that X.org should be delivered locally. Postfix doesn't think >> X.org is a local domain. >> >> > Apr 8 07:10:00 filtro postfix/sendmail[6763]: fatal: root(0): No >> recipient >> > addresses found in message header >> >> This appears that you've used "sendmail -t" to inject some mail, and >> there was no To: header. >> Don't rely on headers for mail routing. >> >> >> > >> > X.Y.Z.W --> Public address. >> > >> > My postfix settings are this: >> > >> > alias_maps = hash:/etc/aliases >> > command_directory = /usr/local/sbin >> > config_directory = /usr/local/etc/postfix >> > daemon_directory = /usr/local/libexec/postfix >> > data_directory = /var/db/postfix >> > debug_peer_level = 2 >> > home_mailbox = Maildir/ >> > html_directory = /usr/local/share/doc/postfix >> > inet_interfaces = all >> > local_destination_concurrency_limit = 2 >> > mail_owner = postfix >> > mailq_path = /usr/local/bin/mailq >> > manpage_directory = /usr/local/man >> > mydomain = X.org >> > myhostname = filtro.X.org >> >> You might want to add >> mydestination = $mydomain $myhostname localhost >> >> >> > myorigin = $mydomain >> > newaliases_path = /usr/local/bin/newaliases >> > queue_directory = /var/spool/postfix >> > readme_directory = /usr/local/share/doc/postfix >> > relay_domains = $transport_maps >> >> Bad idea. If you add a transport for eg. hotmail, you become an >> instant open relay. Don't reuse transport_maps this way. >> >> If mail is delivered locally on this box, relay_domains should be >> explicitly set empty. >> relay_domains = >> >> >> > sample_directory = /usr/local/etc/postfix >> > sendmail_path = /usr/local/sbin/sendmail >> > setgid_group = maildrop >> > smtpd_delay_reject = yes >> > smtpd_helo_required = yes >> > smtpd_recipient_restrictions = permit_mynetworks, >> > reject_unauth_destination, reject_non_fqdn_recipient, >> > reject_invalid_helo_hostname, check_policy_service >> > inet:[192.168.49.7]:12525 >> > soft_bounce = no >> > transport_maps = hash:/usr/local/etc/postfix/transport >> > unknown_local_recipient_reject_code = 550 >> > >> > Now, my transport file is: >> > >> > nis.X.org smtp:[192.168.49.6] ----->jail-A >> > >> > Is created: transport.db >> > >> > Another think, in the log I don't see went is touching "policyd-weight: >> > 12525" or this is just for the outside connections? >> >> Mail that's permitted by "permit_mynetworks" or submitted via the >> sendmail(1) interface won't trigger the policy server in your config. >> >> > Thanks Noel for your quick answer, just would like to inform u that this is > a spam server not a email server, once this server accept the email, he need > to send it to the real mail server, is other machine in the network(other > jail). > > This is why I'm using the transport stuff, if exist a more secure way > please let me know, spam server + email server exist in the same > network(jails). > > The test was made with telnet, about the sendmail, I don't know went I > setup something about sendmail, I just have been working with postfix. > > Thanks again!!! > > >> -- Noel Jones >> > > Fix it: alias_maps = hash:/etc/aliases command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix content_filter = amavisfeed:[127.0.0.3]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = /usr/local/share/doc/postfix inet_interfaces = all local_destination_concurrency_limit = 2 mail_owner = postfix mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man mydomain = X.org myhostname = filtro.X.org myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix relay_domains = $transport_maps sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, reject_invalid_helo_hostname, check_policy_service inet:[127.0.0.3]:12525 soft_bounce = no transport_maps = hash:/usr/local/etc/postfix/transport unknown_local_recipient_reject_code = 550 smtp inet n - n - - smtpd amavisfeed unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes # -o max_use=20 127.0.0.3:10025 inet n - n - - smtpd -o content_filter= -o receive_overrride_options=no_unknown_recipient_checks -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o strict_rfc821_envelopes=yes One of my issues was that this jail had 192.168.49.7 and amavisd didn't like it, as soon as I change the settings above and change my jail to 127.0.0.3 everything start working. Thanks!!!