Problems invoking amavis from postfix

classic Classic list List threaded Threaded
26 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Problems invoking amavis from postfix

Robert Moskowitz
I am building a new system on CentOS7 that has postfix 2.10.1 and amavis-new 2.11.1

I am working from my notes of 2 years ago when I last did this successfully so either something has changed since then (quite likely), or I am missing something from my notes (also quite likely).

For main.cf I run:

postconf -e 'content_filter = amavis:[127.0.0.1]:10024'

Then I append to the default master.cf (working from my understanding that the last instruction in master.cf encountered is the one applied, rather than trying to edit what is there):

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtpd     pass  -       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
	-o smtpd_recipient_restrictions=
pickup    unix  n       -       n       60      1       pickup
	-o content_filter=
relay     unix  -       -       n       -       -       smtp
	-o fallback_relay=
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
# spam/virus section
#
amavis unix	-	-	y	-	2	lmtp
	-o lmtp_data_done_timeout=1200
	-o lmtp_send_xforward_command=yes
	-o disable_dns_lookups=yes
	-o max_use=20
127.0.0.1:10025 inet n	-	n	-	-	smtpd
	-o content_filter=
	-o smtpd_delay_reject=no
	-o smtpd_client_restrictions=permit_mynetworks,reject
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o smtpd_data_restrictions=reject_unauth_pipelining
	-o smtpd_end_of_data_restrictions=
	-o smtpd_restriction_classes=
	-o mynetworks=127.0.0.0/8
	-o smtpd_error_sleep_time=0
	-o smtpd_soft_error_limit=1001
	-o smtpd_hard_error_limit=1000
	-o smtpd_client_connection_count_limit=0
	-o smtpd_client_connection_rate_limit=0
	-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
	-o local_header_rewrite_clients=
	-o smtpd_milters=
	-o local_recipient_maps=
	-o relay_recipient_maps=
#
# Dovecot LDA
dovecot	unix	-	n	n	-	-	pipe
  flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
#
# Vacation mail
vacation unix	-	n	n	-	-	pipe
  flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

Dovecot is working just fine, BTW.  So I run a couple of tests:

sendmail -i [hidden email] < sample-virus-simple.txt

Feb  7 12:52:57 klovia postfix/pickup[11341]: 9347458EC: uid=0 from=<root>
Feb  7 12:52:57 klovia postfix/cleanup[11458]: 9347458EC: message-id=[hidden email]
Feb  7 12:52:57 klovia postfix/qmgr[6089]: 9347458EC: from=[hidden email], size=430, nrcpt=1 (queue active)
Feb  7 12:52:58 klovia dovecot: lda([hidden email]): sieve: msgid=[hidden email]: stored mail into mailbox 'INBOX'
Feb  7 12:52:58 klovia postfix/pipe[11465]: 9347458EC: to=[hidden email], relay=dovecot, delay=4.3, delays=3.4/0.08/0/0.77, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb  7 12:52:58 klovia postfix/qmgr[6089]: 9347458EC: removed


sendmail -i [hidden email] < sample-spam-GTUBE-junk.txt

Feb  7 12:54:08 klovia postfix/pickup[11341]: 860DE58EC: uid=0 from=<root>
Feb  7 12:54:08 klovia postfix/cleanup[11458]: 860DE58EC: message-id=[hidden email]
Feb  7 12:54:08 klovia postfix/qmgr[6089]: 860DE58EC: from=[hidden email], size=941, nrcpt=1 (queue active)
Feb  7 12:54:09 klovia dovecot: lda([hidden email]): sieve: msgid=[hidden email]: stored mail into mailbox 'INBOX'
Feb  7 12:54:09 klovia postfix/pipe[11465]: 860DE58EC: to=[hidden email], relay=dovecot, delay=0.89, delays=0.37/0.02/0/0.5, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb  7 12:54:09 klovia postfix/qmgr[6089]: 860DE58EC: removed


Both right to INBOX.  Obviously I am missing something.  I have spent the day reading over stuff, but I am missing what I am missing.

I hope someone here can lend a hand.  I suspect it is a 'small' oversight as that all it takes.

thanks


Oh, and here is the status of amavisd:

# systemctl -l status amavisd
● amavisd.service - Amavisd-new is an interface between MTA and content checkers.
   Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-02-07 08:16:59 EST; 7h ago
     Docs: http://www.ijs.si/software/amavisd/#doc
  Process: 5715 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=0/SUCCESS)
 Main PID: 6327 (/usr/sbin/amavi)
   CGroup: /system.slice/amavisd.service
           ├─6327 /usr/sbin/amavisd (master)                                                                                                                                                                                   
           ├─6336 /usr/sbin/amavisd (virgin child)                                                                                                                                                                             
           └─6337 /usr/sbin/amavisd (virgin child)                                                                                                                                                                             

Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Found decoder for    .lha  at /usr/bin/7z
Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Found decoder for    .iso  at /usr/bin/7z
Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Found decoder for    .exe  at /usr/bin/unarj
Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Using primary internal av scanner code for ClamAV-clamd
Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Deleting db files __db.002,snmp.db,nanny.db,__db.001,__db.003 in /var/spool/amavisd/db
Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Creating db in /var/spool/amavisd/db/; BerkeleyDB 0.51, libdb 5.3
Feb 07 08:17:00 klovia.htt-consult.com amavis[6327]: initializing Mail::SpamAssassin (0)
Feb 07 08:17:08 klovia.htt-consult.com amavis[6327]: SpamControl: init_pre_fork on SpamAssassin done
Feb 07 08:17:08 klovia.htt-consult.com amavis[6327]: extra modules loaded after daemonizing/chrooting: /usr/lib/perl5/vendor_perl/auto/Net/SSLeay/autosplit.ix, /usr/lib/perl5/vendor_perl/auto/Net/SSLeay/randomize.al, /usr/share/perl5/Net/libnet.cfg, IO/Socket/SSL.pm, Mail/SpamAssassin/Plugin/FreeMail.pm, Mail/SpamAssassin/Plugin/SpamCop.pm, Net/Cmd.pm, Net/Config.pm, Net/SMTP.pm, Net/SSLeay.pm

Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Robert Moskowitz
I have dug some more and not found anything to help.  I went through http://www.postfix.org/docs.html where 2 of the amavis howtos are no longer available.  I have replicated the main.cf and master.cf as shown in http://www.shisaa.jp/postset/mailserver-1.html and still no apparent running of amavis on the test messages.

I have tried to get debugging working on postfix.  After reading http://www.postfix.org/DEBUG_README.html, I have tried appending -v to the smtpd lines in master.cf and not seen any more detail.  All I am seeing is:

Feb  8 11:11:45 klovia postfix/pickup[14472]: 3DD4059DA: uid=0 from=<root>
Feb  8 11:11:45 klovia postfix/cleanup[14478]: 3DD4059DA: message-id=[hidden email]
Feb  8 11:11:45 klovia postfix/qmgr[14473]: 3DD4059DA: from=[hidden email], size=430, nrcpt=1 (queue active)
Feb  8 11:11:45 klovia dovecot: lda([hidden email]): sieve: msgid=[hidden email]: stored mail into mailbox 'INBOX'
Feb  8 11:11:45 klovia postfix/pipe[14484]: 3DD4059DA: to=[hidden email], relay=dovecot, delay=1.1, delays=0.8/0.05/0/0.22, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb  8 11:11:45 klovia postfix/qmgr[14473]: 3DD4059DA: removed

Something is wrong, but I have yet to find it.

Any and all help greatly appreciated.

On 2/7/19 4:16 PM, Robert Moskowitz wrote:
I am building a new system on CentOS7 that has postfix 2.10.1 and amavis-new 2.11.1

I am working from my notes of 2 years ago when I last did this successfully so either something has changed since then (quite likely), or I am missing something from my notes (also quite likely).

For main.cf I run:

postconf -e 'content_filter = amavis:[127.0.0.1]:10024'

Then I append to the default master.cf (working from my understanding that the last instruction in master.cf encountered is the one applied, rather than trying to edit what is there):

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtpd     pass  -       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
	-o smtpd_recipient_restrictions=
pickup    unix  n       -       n       60      1       pickup
	-o content_filter=
relay     unix  -       -       n       -       -       smtp
	-o fallback_relay=
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
# spam/virus section
#
amavis unix	-	-	y	-	2	lmtp
	-o lmtp_data_done_timeout=1200
	-o lmtp_send_xforward_command=yes
	-o disable_dns_lookups=yes
	-o max_use=20
127.0.0.1:10025 inet n	-	n	-	-	smtpd
	-o content_filter=
	-o smtpd_delay_reject=no
	-o smtpd_client_restrictions=permit_mynetworks,reject
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o smtpd_data_restrictions=reject_unauth_pipelining
	-o smtpd_end_of_data_restrictions=
	-o smtpd_restriction_classes=
	-o mynetworks=127.0.0.0/8
	-o smtpd_error_sleep_time=0
	-o smtpd_soft_error_limit=1001
	-o smtpd_hard_error_limit=1000
	-o smtpd_client_connection_count_limit=0
	-o smtpd_client_connection_rate_limit=0
	-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
	-o local_header_rewrite_clients=
	-o smtpd_milters=
	-o local_recipient_maps=
	-o relay_recipient_maps=
#
# Dovecot LDA
dovecot	unix	-	n	n	-	-	pipe
  flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
#
# Vacation mail
vacation unix	-	n	n	-	-	pipe
  flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

Dovecot is working just fine, BTW.  So I run a couple of tests:

sendmail -i [hidden email] < sample-virus-simple.txt

Feb  7 12:52:57 klovia postfix/pickup[11341]: 9347458EC: uid=0 from=<root>
Feb  7 12:52:57 klovia postfix/cleanup[11458]: 9347458EC: message-id=[hidden email]
Feb  7 12:52:57 klovia postfix/qmgr[6089]: 9347458EC: from=[hidden email], size=430, nrcpt=1 (queue active)
Feb  7 12:52:58 klovia dovecot: lda([hidden email]): sieve: msgid=[hidden email]: stored mail into mailbox 'INBOX'
Feb  7 12:52:58 klovia postfix/pipe[11465]: 9347458EC: to=[hidden email], relay=dovecot, delay=4.3, delays=3.4/0.08/0/0.77, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb  7 12:52:58 klovia postfix/qmgr[6089]: 9347458EC: removed


sendmail -i [hidden email] < sample-spam-GTUBE-junk.txt

Feb  7 12:54:08 klovia postfix/pickup[11341]: 860DE58EC: uid=0 from=<root>
Feb  7 12:54:08 klovia postfix/cleanup[11458]: 860DE58EC: message-id=[hidden email]
Feb  7 12:54:08 klovia postfix/qmgr[6089]: 860DE58EC: from=[hidden email], size=941, nrcpt=1 (queue active)
Feb  7 12:54:09 klovia dovecot: lda([hidden email]): sieve: msgid=[hidden email]: stored mail into mailbox 'INBOX'
Feb  7 12:54:09 klovia postfix/pipe[11465]: 860DE58EC: to=[hidden email], relay=dovecot, delay=0.89, delays=0.37/0.02/0/0.5, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb  7 12:54:09 klovia postfix/qmgr[6089]: 860DE58EC: removed


Both right to INBOX.  Obviously I am missing something.  I have spent the day reading over stuff, but I am missing what I am missing.

I hope someone here can lend a hand.  I suspect it is a 'small' oversight as that all it takes.

thanks


Oh, and here is the status of amavisd:

# systemctl -l status amavisd
● amavisd.service - Amavisd-new is an interface between MTA and content checkers.
   Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-02-07 08:16:59 EST; 7h ago
     Docs: http://www.ijs.si/software/amavisd/#doc
  Process: 5715 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=0/SUCCESS)
 Main PID: 6327 (/usr/sbin/amavi)
   CGroup: /system.slice/amavisd.service
           ├─6327 /usr/sbin/amavisd (master)                                                                                                                                                                                   
           ├─6336 /usr/sbin/amavisd (virgin child)                                                                                                                                                                             
           └─6337 /usr/sbin/amavisd (virgin child)                                                                                                                                                                             

Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Found decoder for    .lha  at /usr/bin/7z
Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Found decoder for    .iso  at /usr/bin/7z
Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Found decoder for    .exe  at /usr/bin/unarj
Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Using primary internal av scanner code for ClamAV-clamd
Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Deleting db files __db.002,snmp.db,nanny.db,__db.001,__db.003 in /var/spool/amavisd/db
Feb 07 08:16:59 klovia.htt-consult.com amavis[6327]: Creating db in /var/spool/amavisd/db/; BerkeleyDB 0.51, libdb 5.3
Feb 07 08:17:00 klovia.htt-consult.com amavis[6327]: initializing Mail::SpamAssassin (0)
Feb 07 08:17:08 klovia.htt-consult.com amavis[6327]: SpamControl: init_pre_fork on SpamAssassin done
Feb 07 08:17:08 klovia.htt-consult.com amavis[6327]: extra modules loaded after daemonizing/chrooting: /usr/lib/perl5/vendor_perl/auto/Net/SSLeay/autosplit.ix, /usr/lib/perl5/vendor_perl/auto/Net/SSLeay/randomize.al, /usr/share/perl5/Net/libnet.cfg, IO/Socket/SSL.pm, Mail/SpamAssassin/Plugin/FreeMail.pm, Mail/SpamAssassin/Plugin/SpamCop.pm, Net/Cmd.pm, Net/Config.pm, Net/SMTP.pm, Net/SSLeay.pm


Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Wietse Venema
Robert Moskowitz:
> Something is wrong, but I have yet to find it.
> Any and all help greatly appreciated.

If you could summarize in one line what is wrong.

- You configured amavis via 'content_filter' but it is not being used?
  In that case, what is the output from:

  postconf -n content_filter
  postconf -P "*/*/content_filter"

  "postconf -P" requires Postfix 2.11 or later (released five years
  ago, it is no longer supported).

- Something else? amavis via Milter API, but it is not being used?

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Dominic Raferd
In reply to this post by Robert Moskowitz
On Fri, 8 Feb 2019 at 16:18, Robert Moskowitz <[hidden email]> wrote:

>
> I have dug some more and not found anything to help.  I went through http://www.postfix.org/docs.html where 2 of the amavis howtos are no longer available.  I have replicated the main.cf and master.cf as shown in http://www.shisaa.jp/postset/mailserver-1.html and still no apparent running of amavis on the test messages.
>
> I have tried to get debugging working on postfix.  After reading http://www.postfix.org/DEBUG_README.html, I have tried appending -v to the smtpd lines in master.cf and not seen any more detail.  All I am seeing is:
>
> Feb  8 11:11:45 klovia postfix/pickup[14472]: 3DD4059DA: uid=0 from=<root>
> Feb  8 11:11:45 klovia postfix/cleanup[14478]: 3DD4059DA: message-id=<[hidden email]>
> Feb  8 11:11:45 klovia postfix/qmgr[14473]: 3DD4059DA: from=<[hidden email]>, size=430, nrcpt=1 (queue active)
> Feb  8 11:11:45 klovia dovecot: lda([hidden email]): sieve: msgid=<[hidden email]>: stored mail into mailbox 'INBOX'
> Feb  8 11:11:45 klovia postfix/pipe[14484]: 3DD4059DA: to=<[hidden email]>, relay=dovecot, delay=1.1, delays=0.8/0.05/0/0.22, dsn=2.0.0, status=sent (delivered via dovecot service)
> Feb  8 11:11:45 klovia postfix/qmgr[14473]: 3DD4059DA: removed
>
> Something is wrong, but I have yet to find it.
>
> Any and all help greatly appreciated.

Try sending to amavis via smtp, not lmtp, this is the way I have it
set up in master.cf (extract only):

...
amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
...

and check for the setting of inet_socket_port in amavis, which needs
to be 10024 (set as default in debian, but not in original
amavisd-new):
grep -r \$inet_socket_port /etc/amavis

You will need to restart amavis after any configuration changes, and
maybe reload postfix too (it's easy enough).
Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Robert Moskowitz
In reply to this post by Wietse Venema
Wietse, thanks for responding.

On 2/8/19 11:31 AM, Wietse Venema wrote:
> Robert Moskowitz:
>> Something is wrong, but I have yet to find it.
>> Any and all help greatly appreciated.
> If you could summarize in one line what is wrong.

It does not seem that amavis-new is being called by postfix.  The test
Eicar message goes right through into INBOX.

>
> - You configured amavis via 'content_filter' but it is not being used?
>    In that case, what is the output from:
>
>    postconf -n content_filter

content_filter = amavisfeed:[127.0.0.1]:10024

>    postconf -P "*/*/content_filter"
>
>    "postconf -P" requires Postfix 2.11 or later (released five years
>    ago, it is no longer supported).

And CentOS7 is still on 2.10.1

> - Something else? amavis via Milter API, but it is not being used?

Besides the content_filter in main.cf, I have the 'typical' lines in
master.cf:

amavisfeed unix    -    -    y    -    2    lmtp
     -o lmtp_data_done_timeout=1200
     -o lmtp_send_xforward_command=yes
     -o disable_dns_lookups=yes
     -o max_use=20
127.0.0.1:10025 inet n    -    n    -    -    smtpd
     -o content_filter=
     -o smtpd_delay_reject=no
     -o smtpd_client_restrictions=permit_mynetworks,reject
     -o smtpd_helo_restrictions=
     -o smtpd_sender_restrictions=
     -o smtpd_recipient_restrictions=permit_mynetworks,reject
     -o smtpd_data_restrictions=reject_unauth_pipelining
     -o smtpd_end_of_data_restrictions=
     -o smtpd_restriction_classes=
     -o mynetworks=127.0.0.0/8
     -o smtpd_error_sleep_time=0
     -o smtpd_soft_error_limit=1001
     -o smtpd_hard_error_limit=1000
     -o smtpd_client_connection_count_limit=0
     -o smtpd_client_connection_rate_limit=0
         -o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
     -o local_header_rewrite_clients=
     -o smtpd_milters=
     -o local_recipient_maps=
     -o relay_recipient_maps=

I suspect there is something else I have left out.

>
> Wietse
>

Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Robert Moskowitz
In reply to this post by Dominic Raferd


On 2/8/19 11:36 AM, Dominic Raferd wrote:

> On Fri, 8 Feb 2019 at 16:18, Robert Moskowitz <[hidden email]> wrote:
>> I have dug some more and not found anything to help.  I went through http://www.postfix.org/docs.html where 2 of the amavis howtos are no longer available.  I have replicated the main.cf and master.cf as shown in http://www.shisaa.jp/postset/mailserver-1.html and still no apparent running of amavis on the test messages.
>>
>> I have tried to get debugging working on postfix.  After reading http://www.postfix.org/DEBUG_README.html, I have tried appending -v to the smtpd lines in master.cf and not seen any more detail.  All I am seeing is:
>>
>> Feb  8 11:11:45 klovia postfix/pickup[14472]: 3DD4059DA: uid=0 from=<root>
>> Feb  8 11:11:45 klovia postfix/cleanup[14478]: 3DD4059DA: message-id=<[hidden email]>
>> Feb  8 11:11:45 klovia postfix/qmgr[14473]: 3DD4059DA: from=<[hidden email]>, size=430, nrcpt=1 (queue active)
>> Feb  8 11:11:45 klovia dovecot: lda([hidden email]): sieve: msgid=<[hidden email]>: stored mail into mailbox 'INBOX'
>> Feb  8 11:11:45 klovia postfix/pipe[14484]: 3DD4059DA: to=<[hidden email]>, relay=dovecot, delay=1.1, delays=0.8/0.05/0/0.22, dsn=2.0.0, status=sent (delivered via dovecot service)
>> Feb  8 11:11:45 klovia postfix/qmgr[14473]: 3DD4059DA: removed
>>
>> Something is wrong, but I have yet to find it.
>>
>> Any and all help greatly appreciated.
> Try sending to amavis via smtp, not lmtp, this is the way I have it
> set up in master.cf (extract only):
>
> ...
> amavis unix - - y - 2 smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> ...

FWIW, my current, 4 year old system works with lmtp and all the docs I
have read say to use lmtp, but I will give this a try.

>
> and check for the setting of inet_socket_port in amavis, which needs
> to be 10024 (set as default in debian, but not in original
> amavisd-new):
> grep -r \$inet_socket_port /etc/amavis


# grep -r \$inet_socket_port /etc/amavisd
/etc/amavisd/amavisd.conf:               # option(s) -p overrides
$inet_socket_port and $unix_socketname
/etc/amavisd/amavisd.conf:$inet_socket_port = 10024;   # listen on this
local TCP port(s)
/etc/amavisd/amavisd.conf:# $inet_socket_port = [10024,10026];  # listen
on multiple TCP ports

So that is right.  And I have tested this with 'telnet localhost 10024'.

>
> You will need to restart amavis after any configuration changes, and
> maybe reload postfix too (it's easy enough).
>

Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Wietse Venema
In reply to this post by Robert Moskowitz
Robert Moskowitz:

> Wietse, thanks for responding.
>
> On 2/8/19 11:31 AM, Wietse Venema wrote:
> > Robert Moskowitz:
> >> Something is wrong, but I have yet to find it.
> >> Any and all help greatly appreciated.
> > If you could summarize in one line what is wrong.
>
> It does not seem that amavis-new is being called by postfix.  The test
> Eicar message goes right through into INBOX.

Never overlook the impossible: what is logged when you execute
"postfix reload"?  Does that configuration directory match the
location of the main.cf and master.cf files that you report here?

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Robert Moskowitz


On 2/8/19 12:05 PM, Wietse Venema wrote:

> Robert Moskowitz:
>> Wietse, thanks for responding.
>>
>> On 2/8/19 11:31 AM, Wietse Venema wrote:
>>> Robert Moskowitz:
>>>> Something is wrong, but I have yet to find it.
>>>> Any and all help greatly appreciated.
>>> If you could summarize in one line what is wrong.
>> It does not seem that amavis-new is being called by postfix.  The test
>> Eicar message goes right through into INBOX.
> Never overlook the impossible: what is logged when you execute
> "postfix reload"?  Does that configuration directory match the
> location of the main.cf and master.cf files that you report here?

I suspect it is something 'obvious', but I don't think it is this:

# postfix reload
postfix/postfix-script: refreshing the Postfix mail system
# tail /var/log/maillog -n10
Feb  8 11:52:22 klovia postfix/pickup[14557]: D519D5B15: uid=0 from=<root>
Feb  8 11:52:22 klovia postfix/cleanup[14563]: D519D5B15:
message-id=<[hidden email]>
Feb  8 11:52:22 klovia postfix/qmgr[14558]: D519D5B15:
from=<[hidden email]>, size=430, nrcpt=1 (queue active)
Feb  8 11:52:23 klovia dovecot: lda([hidden email]): sieve:
msgid=<[hidden email]>: stored mail
into mailbox 'INBOX'
Feb  8 11:52:23 klovia postfix/pipe[14570]: D519D5B15:
to=<[hidden email]>, relay=dovecot, delay=0.72,
delays=0.22/0.05/0/0.45, dsn=2.0.0, status=sent (delivered via dovecot
service)
Feb  8 11:52:23 klovia postfix/qmgr[14558]: D519D5B15: removed
Feb  8 12:00:53 klovia clamd[6346]: SelfCheck: Database status OK.
Feb  8 12:10:53 klovia clamd[6346]: SelfCheck: Database status OK.
Feb  8 12:18:32 klovia postfix/postfix-script[14641]: refreshing the
Postfix mail system
Feb  8 12:18:32 klovia postfix/master[14289]: reload -- version 2.10.1,
configuration /etc/postfix

And /etc/postfix is where I have my edited mail.cf and master.cf.


Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Robert Moskowitz
In reply to this post by Wietse Venema


On 2/8/19 12:05 PM, Wietse Venema wrote:

> Robert Moskowitz:
>> Wietse, thanks for responding.
>>
>> On 2/8/19 11:31 AM, Wietse Venema wrote:
>>> Robert Moskowitz:
>>>> Something is wrong, but I have yet to find it.
>>>> Any and all help greatly appreciated.
>>> If you could summarize in one line what is wrong.
>> It does not seem that amavis-new is being called by postfix.  The test
>> Eicar message goes right through into INBOX.
> Never overlook the impossible: what is logged when you execute
> "postfix reload"?  Does that configuration directory match the
> location of the main.cf and master.cf files that you report here?

Here is some more information (asked in a private mail):

# postconf smtpd_milters content_filter smtpd_proxy_filter

smtpd_milters =
content_filter = amavisfeed:[127.0.0.1]:10024
smtpd_proxy_filter =

#postconf -Mxf

pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       - trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
Smtpd      pass  -       -       n       -       -       smtpd -v
submission inet  n       -       n       -       -       smtpd -v
     -o syslog_name=postfix/submission -o smtpd_tls_wrappermode=no
     -o smtpd_tls_security_level = encrypt -o smtpd_sasl_auth_enable=yes -o
smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination

     -o milter_macro_daemon_name=ORIGINATING
pickup     unix  n       -       n       60      1       pickup
     -o content_filter=
relay      unix  -       -       n       -       -       smtp
     -o fallback_relay=
maildrop   unix  -       n       n       -       -       pipe
     flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe
     flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
     ($recipient)
ifmail     unix  -       n       n       -       -       pipe
     flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe
     flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop
     $recipient
amavisfeed unix  -       -       y       -       2       lmtp
     -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes
     -o disable_dns_lookups=yes -o max_use=20
127.0.0.1:10025 inet n   -       n       -       -       smtpd
     -o content_filter= -o smtpd_delay_reject=no
     -o smtpd_client_restrictions=permit_mynetworks,reject
     -o smtpd_helo_restrictions= -o smtpd_sender_restrictions=
     -o smtpd_recipient_restrictions=permit_mynetworks,reject
     -o smtpd_data_restrictions=reject_unauth_pipelining
     -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes=
     -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0
     -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000
     -o smtpd_client_connection_count_limit=0
     -o smtpd_client_connection_rate_limit=0
     -o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
     -o local_header_rewrite_clients= -o smtpd_milters= -o
local_recipient_maps=
     -o relay_recipient_maps=
dovecot    unix  -       n       n       -       -       pipe
     flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d
     ${recipient}
vacation   unix  -       n       n       -       -       pipe
     flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f
${sender} --
     ${recipient}


Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Wietse Venema
In reply to this post by Robert Moskowitz
Robert Moskowitz:
> > Never overlook the impossible: what is logged when you execute
> > "postfix reload"?  Does that configuration directory match the
> > location of the main.cf and master.cf files that you report here?
>
> I suspect it is something 'obvious', but I don't think it is this:

One more:

ps ax|grep master

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Viktor Dukhovni
In reply to this post by Robert Moskowitz
On Fri, Feb 08, 2019 at 12:24:06PM -0500, Robert Moskowitz wrote:

[ Please avoid sending text with Unicode non-breaking spaces
  instead of ordinary spaces. ]

> Here is some more information (asked in a private mail):
>
> # postconf smtpd_milters content_filter smtpd_proxy_filter
>
> smtpd_milters =
> content_filter = amavisfeed:[127.0.0.1]:10024
> smtpd_proxy_filter =
>
> #postconf -Mxf
>
> pickup         unix   n             -             n             60           1             pickup
> pickup         unix   n             -             n             60           1             pickup
>         -o content_filter=

The "pickup" service is defined twice in master.c, the second
instance (last one wins) disables content filtering for mail submitted
locally via sendmail(1).

On Fri, Feb 08, 2019 at 12:21:06PM -0500, Robert Moskowitz wrote:

> Feb  8 11:52:22 klovia postfix/pickup[14557]: D519D5B15: uid=0 from=<root>

Your test probe was sent via sendmail(1).  Nothing to see here,
move along...

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Dominic Raferd
On Fri, 8 Feb 2019 at 17:33, Viktor Dukhovni <[hidden email]> wrote:

> > #postconf -Mxf
> >
> > pickup         unix   n             -             n             60           1             pickup
> > pickup         unix   n             -             n             60           1             pickup
> >         -o content_filter=
>
> The "pickup" service is defined twice in master.c, the second
> instance (last one wins) disables content filtering for mail submitted
> locally via sendmail(1).

I have to say - great catch ;-)
Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Robert Moskowitz
In reply to this post by Wietse Venema


On 2/8/19 12:32 PM, Wietse Venema wrote:
> Robert Moskowitz:
>>> Never overlook the impossible: what is logged when you execute
>>> "postfix reload"?  Does that configuration directory match the
>>> location of the main.cf and master.cf files that you report here?
>> I suspect it is something 'obvious', but I don't think it is this:
> One more:
>
> ps ax|grep master

13500 ?        Ss     0:11 /usr/sbin/amavisd (master)
14289 ?        Ss     0:01 /usr/libexec/postfix/master -w
14729 ttySAC2  S+     0:00 grep --color=auto master


Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Robert Moskowitz
In reply to this post by Dominic Raferd


On 2/8/19 12:42 PM, Dominic Raferd wrote:

> On Fri, 8 Feb 2019 at 17:33, Viktor Dukhovni <[hidden email]> wrote:
>
>>> #postconf -Mxf
>>>
>>> pickup         unix   n             -             n             60           1             pickup
>>> pickup         unix   n             -             n             60           1             pickup
>>>          -o content_filter=
>> The "pickup" service is defined twice in master.c, the second
>> instance (last one wins) disables content filtering for mail submitted
>> locally via sendmail(1).
> I have to say - great catch ;-)
>
Like I said, I am obviously missing something simple I am not doing.

I pulled out that 2nd pickup entry (and I know where I picked up doing
this, sigh):

Feb  8 13:22:30 klovia postfix/master[14289]: reload -- version 2.10.1,
configuration /etc/postfix
Feb  8 13:22:49 klovia postfix/pickup[14743]: E01D25B15: uid=0 from=<root>
Feb  8 13:22:49 klovia postfix/cleanup[14751]: E01D25B15:
message-id=<[hidden email]>
Feb  8 13:22:50 klovia postfix/qmgr[14744]: E01D25B15:
from=<[hidden email]>, size=430, nrcpt=1 (queue active)
Feb  8 13:22:50 klovia amavis[13505]: (13505-02) LMTP [127.0.0.1]:10024
/var/spool/amavisd/tmp/amavis-20190208T132250-13505-c4dwb85j:
<[hidden email]> -> <[hidden email]> SIZE=430
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost
(klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP
for <[hidden email]>; Fri,  8 Feb 2019 13:22:50 -0500 (EST)
Feb  8 13:22:50 klovia amavis[13505]: (13505-02) Checking: ry67P_Ijljpy
[127.0.0.1] <[hidden email]> -> <[hidden email]>
Feb  8 13:22:50 klovia clamd[6346]:
/var/spool/amavisd/tmp/amavis-20190208T132250-13505-c4dwb85j/parts/p002:
Eicar-Test-Signature FOUND
Feb  8 13:22:50 klovia clamd[6346]:
/var/spool/amavisd/tmp/amavis-20190208T132250-13505-c4dwb85j/parts/p001:
Eicar-Test-Signature FOUND
Feb  8 13:22:50 klovia amavis[13505]: (13505-02) Blocked INFECTED
(Eicar-Test-Signature) {DiscardedInbound,Quarantined}, [127.0.0.1]
<[hidden email]> -> <[hidden email]>, Message-ID:
<[hidden email]>, mail_id:
ry67P_Ijljpy, Hits: -, size: 430, 383 ms
Feb  8 13:22:50 klovia postfix/lmtp[14755]: E01D25B15:
to=<[hidden email]>, relay=127.0.0.1[127.0.0.1]:10024,
delay=3, delays=2.5/0.04/0.01/0.39, dsn=2.7.0, status=sent (250 2.7.0
Ok, discarded, id=13505-02 - INFECTED: Eicar-Test-Signature)
Feb  8 13:22:50 klovia postfix/qmgr[14744]: E01D25B15: removed


thank you, thank you, thank you...


Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Viktor Dukhovni
> On Feb 8, 2019, at 1:26 PM, Robert Moskowitz <[hidden email]> wrote:
>
> Like I said, I am obviously missing something simple I am not doing.
>
> I pulled out that 2nd pickup entry (and I know where I picked up doing this, sigh):

Be careful to not introduce loops.  That override to skip content filters
with pickup(8) is required if you even decide to use "simple content filters"
as described in FILTER_README.  If all your filters are SMTP or LMTP, and
you want to filter local submission, then it is safe to remove the overide.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

PATCH: Problems invoking amavis from postfix

Wietse Venema
In reply to this post by Viktor Dukhovni
Viktor Dukhovni:
> > pickup         unix   n             -             n             60           1             pickup
> > pickup         unix   n             -             n             60           1             pickup
> >         -o content_filter=
>
> The "pickup" service is defined twice in master.c, the second
> instance (last one wins) disables content filtering for mail submitted
> locally via sendmail(1).

That was easy enough to fix:

Feb  8 13:42:53 spike postfix/master[53597]: warning: duplicate master.cf entry for service "pickup" (public/pickup)-- using the last entry

--- ./src/master/master_conf.c- 2019-02-08 13:39:50.000000000 -0500
+++ ./src/master/master_conf.c 2019-02-08 13:36:28.000000000 -0500
@@ -117,6 +117,14 @@
  }
 
  /*
+ * Warn about duplicate entry.
+ */
+ else if ((serv->flags & MASTER_FLAG_MARK) == 0) {
+    msg_warn("duplicate master.cf entry for service \"%s\" (%s)"
+     "-- using the last entry", serv->ext_name, serv->name);
+ }
+
+ /*
  * Update an existing service entry. Make the current generation of
  * child processes commit suicide whenever it is convenient. The next
  * generation of child processes will run with the new configuration
Reply | Threaded
Open this post in threaded view
|

Re: Problems invoking amavis from postfix

Robert Moskowitz
In reply to this post by Viktor Dukhovni


On 2/8/19 1:42 PM, Viktor Dukhovni wrote:

>> On Feb 8, 2019, at 1:26 PM, Robert Moskowitz <[hidden email]> wrote:
>>
>> Like I said, I am obviously missing something simple I am not doing.
>>
>> I pulled out that 2nd pickup entry (and I know where I picked up doing this, sigh):
> Be careful to not introduce loops.  That override to skip content filters
> with pickup(8) is required if you even decide to use "simple content filters"
> as described in FILTER_README.  If all your filters are SMTP or LMTP, and
> you want to filter local submission, then it is safe to remove the overide.
>
Digging back into my notes from 2 years ago, avoiding the loop was why I
added the content_filter override AFTER I had tested the antivirus
scanning.  Grumble, grumble.

I am going to leave it out for now.  I will revisit this when I start
working on using MILTER and adding DKIM and such.  For now, I have to
get this system upgrade completed.  Getting close.


Reply | Threaded
Open this post in threaded view
|

Re: PATCH: Problems invoking amavis from postfix

Robert Moskowitz
In reply to this post by Wietse Venema


On 2/8/19 1:44 PM, Wietse Venema wrote:
> Viktor Dukhovni:
>>> pickup         unix   n             -             n             60           1             pickup
>>> pickup         unix   n             -             n             60           1             pickup
>>>          -o content_filter=
>> The "pickup" service is defined twice in master.c, the second
>> instance (last one wins) disables content filtering for mail submitted
>> locally via sendmail(1).
> That was easy enough to fix:

When I was working on this 2 years ago, I thought it was kind of cool
that instead of editing master.cf entries to fix them, I could just
append a whole new entry with the 'right' content.

Much easier to automate changes (as we had nothing like postconf -e for
changing master.cf).  If I read the patch right, you are providing a
warning of the double entry.  Perhaps a better patch would warn and drop
all but the last entry?


>
> Feb  8 13:42:53 spike postfix/master[53597]: warning: duplicate master.cf entry for service "pickup" (public/pickup)-- using the last entry
>
> --- ./src/master/master_conf.c- 2019-02-08 13:39:50.000000000 -0500
> +++ ./src/master/master_conf.c 2019-02-08 13:36:28.000000000 -0500
> @@ -117,6 +117,14 @@
>   }
>  
>   /*
> + * Warn about duplicate entry.
> + */
> + else if ((serv->flags & MASTER_FLAG_MARK) == 0) {
> +    msg_warn("duplicate master.cf entry for service \"%s\" (%s)"
> +     "-- using the last entry", serv->ext_name, serv->name);
> + }
> +
> + /*
>   * Update an existing service entry. Make the current generation of
>   * child processes commit suicide whenever it is convenient. The next
>   * generation of child processes will run with the new configuration
>

Reply | Threaded
Open this post in threaded view
|

Re: PATCH: Problems invoking amavis from postfix

Wietse Venema
Robert Moskowitz:

>
>
> On 2/8/19 1:44 PM, Wietse Venema wrote:
> > Viktor Dukhovni:
> >>> pickup         unix   n             -             n             60           1             pickup
> >>> pickup         unix   n             -             n             60           1             pickup
> >>>          -o content_filter=
> >> The "pickup" service is defined twice in master.c, the second
> >> instance (last one wins) disables content filtering for mail submitted
> >> locally via sendmail(1).
> > That was easy enough to fix:
>
> When I was working on this 2 years ago, I thought it was kind of cool
> that instead of editing master.cf entries to fix them, I could just
> append a whole new entry with the 'right' content.
>
> Much easier to automate changes (as we had nothing like postconf -e for
> changing master.cf).? If I read the patch right, you are providing a
> warning of the double entry.? Perhaps a better patch would warn and drop
> all but the last entry?

Why do you think it was keeping both pickup entries?

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: PATCH: Problems invoking amavis from postfix

Viktor Dukhovni
In reply to this post by Robert Moskowitz
> On Feb 8, 2019, at 2:07 PM, Robert Moskowitz <[hidden email]> wrote:
>
> Much easier to automate changes (as we had nothing like postconf -e for changing master.cf).  If I read the patch right, you are providing a warning of the double entry.  Perhaps a better patch would warn and drop all but the last entry?

It is not the job of master(8) to edit master.cf.  Indeed that file
might reside in read-only storage.

If you meant "use only the last one", as Wietse also notes, that's the
current behaviour.

--
        Viktor.

12