Question about FILTER

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Question about FILTER

Klaus Tachtler
Hi List,

I have implemented alterMIME for adding a disclaimer and X-Header to  
outgoing email.

I have written a script like described here:  
http://www.postfix.org/FILTER_README.html#simple_filter

It works fine so far, BUT if I try to add a disclaimer and the  
X-Header for LOCAL generated email I run into a problem with "Too many  
hops" and I understand why, but I have no solution for that.

When I configure in master.cf:

pickup    unix  n       -       n       60      1       pickup
   -o content_filter=altermime:

the "Too many hops" problem occurs, because the alterMIME shell script  
insert the email again and again, because the sendmail.postfix binary  
give up the email to pickup.

What can I do, to solve this situation?

Hope of inspiration from the list... thank you!


Klaus.

p.s. My complete implementation of the alterMIME was dokumented here  
(sorry, only in German, but the configuration coammands speaks for  
itself):

https://dokuwiki.tachtler.net/doku.php?id=tachtler:postfix_centos_7_-_altermime_einsetzen



Here is my master.cf:
=====================

--- START ---

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
...
...
...
# Tachtler - new -
# Outgoing traffic from trusted networks, with amavisd-new (altermime).
192.168.1.60:smtp      inet  n       -       n       -       -       smtpd
   -o content_filter=
   -o smtpd_proxy_filter=192.168.0.70:10024
   -o smtpd_client_connection_count_limit=4
   -o smtpd_proxy_options=speed_adjust
192.168.0.60:smtp      inet  n       -       n       -       -       smtpd
   -o content_filter=
   -o smtpd_proxy_filter=192.168.0.70:10024
   -o smtpd_client_connection_count_limit=4
   -o smtpd_proxy_options=speed_adjust
127.0.0.1:smtp      inet  n       -       n       -       -       smtpd
   -o content_filter=
   -o smtpd_proxy_filter=192.168.0.70:10024
   -o smtpd_client_connection_count_limit=4
   -o smtpd_proxy_options=speed_adjust
# Tachtler - new -
# Outgoing traffic, BACK from amavisd-new from smtpd_proxy_filter.
192.168.0.60:10025     inet  n       -       n       -       -       smtpd
   # Tachtler - alterMIME
   -o content_filter=altermime:
   -o smtpd_proxy_filter=
   -o smtpd_milters=
   -o  
smtpd_authorized_xforward_hosts=127.0.0.0/8,192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,88.217.171.167/32
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_relay_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o smtpd_data_restrictions=
   -o  
mynetworks=0.0.0.0/32,127.0.0.0/8,192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,88.217.171.167/32
   -o receive_override_options=no_unknown_recipient_checks
# Tachtler - new -
# Outgoing traffic, BACK from amavisd-new from content_filter.
192.168.0.60:10027     inet  n       -       n       -       -       smtpd
   # Tachtler - alterMIME
   -o content_filter=altermime:
   -o smtpd_proxy_filter=
   -o smtpd_milters=
   -o  
smtpd_authorized_xforward_hosts=127.0.0.0/8,192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,88.217.171.167/32
   -o smtpd_delay_reject=no
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_relay_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o smtpd_data_restrictions=reject_unauth_pipelining
   -o smtpd_end_of_data_restrictions=
   -o smtpd_restriction_classes=
   -o  
mynetworks=0.0.0.0/32,127.0.0.0/8,192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,88.217.171.167/32
   -o smtpd_error_sleep_time=0
   -o smtpd_soft_error_limit=1001
   -o smtpd_hard_error_limit=1000
   -o smtpd_client_connection_count_limit=0
   -o smtpd_client_connection_rate_limit=0
   -o  
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
   -o local_header_rewrite_clients=
...
...
...
# Tachtler - enabled -
submission inet n       -       n       -       -       smtpd
   -o syslog_name=postfix/submission
   -o content_filter=lmtp:[192.168.0.70]:10026
   -o lmtp_use_tls=yes
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
   -o smtpd_recipient_restrictions=
   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
...
...
...
pickup    unix  n       -       n       60      1       pickup
   # Tachtler - alterMIME - DISABLE content_filter, because of error:  
Too many hops!
   -o content_filter=
...
...
...
# Tachtler - alterMIME
altermime unix  -       n       n       -       4       pipe
   flags=Rq user=altermime null_sender=  
argv=/etc/postfix/altermime/altermime.sh -f ${sender} -- ${recipient}

--- END ---



--

------------------------------------------
e-Mail  : [hidden email]
Homepage: http://www.tachtler.net
DokuWiki: http://www.dokuwiki.tachtler.net
------------------------------------------

attachment0 (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Question about FILTER

Noel Jones-2
On 4/29/2017 1:10 AM, Klaus Tachtler wrote:

> Hi List,
>
> I have implemented alterMIME for adding a disclaimer and X-Header to
> outgoing email.
>
> I have written a script like described here:
> http://www.postfix.org/FILTER_README.html#simple_filter
>
> It works fine so far, BUT if I try to add a disclaimer and the
> X-Header for LOCAL generated email I run into a problem with "Too
> many hops" and I understand why, but I have no solution for that.
>
> When I configure in master.cf:
>
> pickup    unix  n       -       n       60      1       pickup
>   -o content_filter=altermime:
>
> the "Too many hops" problem occurs, because the alterMIME shell
> script insert the email again and again, because the
> sendmail.postfix binary give up the email to pickup.
>
> What can I do, to solve this situation?

Replace the "sendmail" command in your filter script with a command
line SMTP program such as mini_sendmail, and deliver your filter
output to a separate smtp listener -- maybe port 10028 -- with "-o
content_filter="

Other possible solutions include using multiple postfix instances,
or using amavisd-new as your content filter, which has (some)
support for altermime.



  -- Noel Jones



>
> Hope of inspiration from the list... thank you!
>
>
> Klaus.
>
> p.s. My complete implementation of the alterMIME was dokumented here
> (sorry, only in German, but the configuration coammands speaks for
> itself):
>
> https://dokuwiki.tachtler.net/doku.php?id=tachtler:postfix_centos_7_-_altermime_einsetzen
>
>
>
>
> Here is my master.cf:
> =====================
>
> --- START ---
>
> #
> ==========================================================================
>
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> #
> ==========================================================================
>
> ...
> ...
> ...
> # Tachtler - new -
> # Outgoing traffic from trusted networks, with amavisd-new (altermime).
> 192.168.1.60:smtp      inet  n       -       n       -       -      
> smtpd
>   -o content_filter=
>   -o smtpd_proxy_filter=192.168.0.70:10024
>   -o smtpd_client_connection_count_limit=4
>   -o smtpd_proxy_options=speed_adjust
> 192.168.0.60:smtp      inet  n       -       n       -       -      
> smtpd
>   -o content_filter=
>   -o smtpd_proxy_filter=192.168.0.70:10024
>   -o smtpd_client_connection_count_limit=4
>   -o smtpd_proxy_options=speed_adjust
> 127.0.0.1:smtp      inet  n       -       n       -       -       smtpd
>   -o content_filter=
>   -o smtpd_proxy_filter=192.168.0.70:10024
>   -o smtpd_client_connection_count_limit=4
>   -o smtpd_proxy_options=speed_adjust
> # Tachtler - new -
> # Outgoing traffic, BACK from amavisd-new from smtpd_proxy_filter.
> 192.168.0.60:10025     inet  n       -       n       -       -      
> smtpd
>   # Tachtler - alterMIME
>   -o content_filter=altermime:
>   -o smtpd_proxy_filter=
>   -o smtpd_milters=
>   -o
> smtpd_authorized_xforward_hosts=127.0.0.0/8,192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,88.217.171.167/32
>
>   -o smtpd_client_restrictions=
>   -o smtpd_helo_restrictions=
>   -o smtpd_sender_restrictions=
>   -o smtpd_relay_restrictions=
>   -o smtpd_recipient_restrictions=permit_mynetworks,reject
>   -o smtpd_data_restrictions=
>   -o
> mynetworks=0.0.0.0/32,127.0.0.0/8,192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,88.217.171.167/32
>
>   -o receive_override_options=no_unknown_recipient_checks
> # Tachtler - new -
> # Outgoing traffic, BACK from amavisd-new from content_filter.
> 192.168.0.60:10027     inet  n       -       n       -       -      
> smtpd
>   # Tachtler - alterMIME
>   -o content_filter=altermime:
>   -o smtpd_proxy_filter=
>   -o smtpd_milters=
>   -o
> smtpd_authorized_xforward_hosts=127.0.0.0/8,192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,88.217.171.167/32
>
>   -o smtpd_delay_reject=no
>   -o smtpd_client_restrictions=
>   -o smtpd_helo_restrictions=
>   -o smtpd_sender_restrictions=
>   -o smtpd_relay_restrictions=
>   -o smtpd_recipient_restrictions=permit_mynetworks,reject
>   -o smtpd_data_restrictions=reject_unauth_pipelining
>   -o smtpd_end_of_data_restrictions=
>   -o smtpd_restriction_classes=
>   -o
> mynetworks=0.0.0.0/32,127.0.0.0/8,192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,88.217.171.167/32
>
>   -o smtpd_error_sleep_time=0
>   -o smtpd_soft_error_limit=1001
>   -o smtpd_hard_error_limit=1000
>   -o smtpd_client_connection_count_limit=0
>   -o smtpd_client_connection_rate_limit=0
>   -o
> receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
>
>   -o local_header_rewrite_clients=
> ...
> ...
> ...
> # Tachtler - enabled -
> submission inet n       -       n       -       -       smtpd
>   -o syslog_name=postfix/submission
>   -o content_filter=lmtp:[192.168.0.70]:10026
>   -o lmtp_use_tls=yes
>   -o smtpd_tls_security_level=encrypt
>   -o smtpd_sasl_auth_enable=yes
>   -o smtpd_reject_unlisted_recipient=no
> #  -o smtpd_client_restrictions=$mua_client_restrictions
> #  -o smtpd_helo_restrictions=$mua_helo_restrictions
> #  -o smtpd_sender_restrictions=$mua_sender_restrictions
>   -o smtpd_recipient_restrictions=
>   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
>   -o milter_macro_daemon_name=ORIGINATING
> ...
> ...
> ...
> pickup    unix  n       -       n       60      1       pickup
>   # Tachtler - alterMIME - DISABLE content_filter, because of error:
> Too many hops!
>   -o content_filter=
> ...
> ...
> ...
> # Tachtler - alterMIME
> altermime unix  -       n       n       -       4       pipe
>   flags=Rq user=altermime null_sender=
> argv=/etc/postfix/altermime/altermime.sh -f ${sender} -- ${recipient}
>
> --- END ---
>
>
>
> --
>
> ------------------------------------------
> e-Mail  : [hidden email]
> Homepage: http://www.tachtler.net
> DokuWiki: http://www.dokuwiki.tachtler.net
> ------------------------------------------


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Reply | Threaded
Open this post in threaded view
|

Re: Question about FILTER

Klaus Tachtler
Hi Noel,

thank you for your informatin of using mini_sendmail. I was searching  
for something like that, a program where I can specify a smtp-server  
and call it using a script and the email in text from.

I will give them a try.

Actually I use AMaViS and the alterMIME support, but I want to change  
from AMaViS to RSpamD in the future, but actually RSpamD doesn't  
support alterMIME or any other MIME support.


Thanky you!
Klaus.

> On 4/29/2017 1:10 AM, Klaus Tachtler wrote:
>> Hi List,
>>
>> I have implemented alterMIME for adding a disclaimer and X-Header to
>> outgoing email.
>>
>> I have written a script like described here:
>> http://www.postfix.org/FILTER_README.html#simple_filter
>>
>> It works fine so far, BUT if I try to add a disclaimer and the
>> X-Header for LOCAL generated email I run into a problem with "Too
>> many hops" and I understand why, but I have no solution for that.
>>
>> When I configure in master.cf:
>>
>> pickup    unix  n       -       n       60      1       pickup
>>   -o content_filter=altermime:
>>
>> the "Too many hops" problem occurs, because the alterMIME shell
>> script insert the email again and again, because the
>> sendmail.postfix binary give up the email to pickup.
>>
>> What can I do, to solve this situation?
>
> Replace the "sendmail" command in your filter script with a command
> line SMTP program such as mini_sendmail, and deliver your filter
> output to a separate smtp listener -- maybe port 10028 -- with "-o
> content_filter="
>
> Other possible solutions include using multiple postfix instances,
> or using amavisd-new as your content filter, which has (some)
> support for altermime.
>
>
>
>   -- Noel Jones
>
>
>
>>
>> Hope of inspiration from the list... thank you!
>>
>>
>> Klaus.
>>
>> p.s. My complete implementation of the alterMIME was dokumented here
>> (sorry, only in German, but the configuration coammands speaks for
>> itself):
>>
>> https://dokuwiki.tachtler.net/doku.php?id=tachtler:postfix_centos_7_-_altermime_einsetzen
>>
>>
>>
>>
>> Here is my master.cf:
>> =====================
>>
>> --- START ---
>>
>> #
>> ==========================================================================
>>
>> # service type  private unpriv  chroot  wakeup  maxproc command + args
>> #               (yes)   (yes)   (yes)   (never) (100)
>> #
>> ==========================================================================
>>
>> ...
>> ...
>> ...
>> # Tachtler - new -
>> # Outgoing traffic from trusted networks, with amavisd-new (altermime).
>> 192.168.1.60:smtp      inet  n       -       n       -       -
>> smtpd
>>   -o content_filter=
>>   -o smtpd_proxy_filter=192.168.0.70:10024
>>   -o smtpd_client_connection_count_limit=4
>>   -o smtpd_proxy_options=speed_adjust
>> 192.168.0.60:smtp      inet  n       -       n       -       -
>> smtpd
>>   -o content_filter=
>>   -o smtpd_proxy_filter=192.168.0.70:10024
>>   -o smtpd_client_connection_count_limit=4
>>   -o smtpd_proxy_options=speed_adjust
>> 127.0.0.1:smtp      inet  n       -       n       -       -       smtpd
>>   -o content_filter=
>>   -o smtpd_proxy_filter=192.168.0.70:10024
>>   -o smtpd_client_connection_count_limit=4
>>   -o smtpd_proxy_options=speed_adjust
>> # Tachtler - new -
>> # Outgoing traffic, BACK from amavisd-new from smtpd_proxy_filter.
>> 192.168.0.60:10025     inet  n       -       n       -       -
>> smtpd
>>   # Tachtler - alterMIME
>>   -o content_filter=altermime:
>>   -o smtpd_proxy_filter=
>>   -o smtpd_milters=
>>   -o
>> smtpd_authorized_xforward_hosts=127.0.0.0/8,192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,88.217.171.167/32
>>
>>   -o smtpd_client_restrictions=
>>   -o smtpd_helo_restrictions=
>>   -o smtpd_sender_restrictions=
>>   -o smtpd_relay_restrictions=
>>   -o smtpd_recipient_restrictions=permit_mynetworks,reject
>>   -o smtpd_data_restrictions=
>>   -o
>> mynetworks=0.0.0.0/32,127.0.0.0/8,192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,88.217.171.167/32
>>
>>   -o receive_override_options=no_unknown_recipient_checks
>> # Tachtler - new -
>> # Outgoing traffic, BACK from amavisd-new from content_filter.
>> 192.168.0.60:10027     inet  n       -       n       -       -
>> smtpd
>>   # Tachtler - alterMIME
>>   -o content_filter=altermime:
>>   -o smtpd_proxy_filter=
>>   -o smtpd_milters=
>>   -o
>> smtpd_authorized_xforward_hosts=127.0.0.0/8,192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,88.217.171.167/32
>>
>>   -o smtpd_delay_reject=no
>>   -o smtpd_client_restrictions=
>>   -o smtpd_helo_restrictions=
>>   -o smtpd_sender_restrictions=
>>   -o smtpd_relay_restrictions=
>>   -o smtpd_recipient_restrictions=permit_mynetworks,reject
>>   -o smtpd_data_restrictions=reject_unauth_pipelining
>>   -o smtpd_end_of_data_restrictions=
>>   -o smtpd_restriction_classes=
>>   -o
>> mynetworks=0.0.0.0/32,127.0.0.0/8,192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,88.217.171.167/32
>>
>>   -o smtpd_error_sleep_time=0
>>   -o smtpd_soft_error_limit=1001
>>   -o smtpd_hard_error_limit=1000
>>   -o smtpd_client_connection_count_limit=0
>>   -o smtpd_client_connection_rate_limit=0
>>   -o
>> receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
>>
>>   -o local_header_rewrite_clients=
>> ...
>> ...
>> ...
>> # Tachtler - enabled -
>> submission inet n       -       n       -       -       smtpd
>>   -o syslog_name=postfix/submission
>>   -o content_filter=lmtp:[192.168.0.70]:10026
>>   -o lmtp_use_tls=yes
>>   -o smtpd_tls_security_level=encrypt
>>   -o smtpd_sasl_auth_enable=yes
>>   -o smtpd_reject_unlisted_recipient=no
>> #  -o smtpd_client_restrictions=$mua_client_restrictions
>> #  -o smtpd_helo_restrictions=$mua_helo_restrictions
>> #  -o smtpd_sender_restrictions=$mua_sender_restrictions
>>   -o smtpd_recipient_restrictions=
>>   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
>>   -o milter_macro_daemon_name=ORIGINATING
>> ...
>> ...
>> ...
>> pickup    unix  n       -       n       60      1       pickup
>>   # Tachtler - alterMIME - DISABLE content_filter, because of error:
>> Too many hops!
>>   -o content_filter=
>> ...
>> ...
>> ...
>> # Tachtler - alterMIME
>> altermime unix  -       n       n       -       4       pipe
>>   flags=Rq user=altermime null_sender=
>> argv=/etc/postfix/altermime/altermime.sh -f ${sender} -- ${recipient}
>>
>> --- END ---
>>
>>
>>
>> --
>>
>> ------------------------------------------
>> e-Mail  : [hidden email]
>> Homepage: http://www.tachtler.net
>> DokuWiki: http://www.dokuwiki.tachtler.net
>> ------------------------------------------
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus

----- Ende der Nachricht von Noel Jones <[hidden email]> -----




--

------------------------------------------
e-Mail  : [hidden email]
Homepage: http://www.tachtler.net
DokuWiki: http://www.dokuwiki.tachtler.net
------------------------------------------

attachment0 (3K) Download Attachment