master.cf services and postfix architecture

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

master.cf services and postfix architecture

Marek Kozlowski-2
:-)

I've had some problems with using unionmaps. Finally it showed that they
were caused by improper configuration of services in the `master.cf'. So
I have decided to improve my knowledge by studying how postfix services
really work and cooperate more thoroughly. I've started with:

http://www.postfix.org/OVERVIEW.html

And there is one thing which is not clear for me:

Let's assume that services defined in `master.cf' are as follows:
-----------------------------------------------------------------------
smtp      inet  n       -       n       -       -       smtpd
  -o content_filter=spamassassin
  -o receive_override_options=no_address_mappings
smtpd     pass  -       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
[...]
spamassassin unix -     n       n       -       -       pipe
  user=nobody argv=/usr/bin/vendor_perl/spamc -f -e /usr/sbin/sendmail
-oi -f ${sender} ${recipient}
------------------------------------------------------------------------

I've checked the log and it seems that mail incoming from remote servers
addressed to local users is processed according to the following chain:

smtpd -> cleanup (with trivial rewrite) -> gmgr -> spamd -> [sendmail]
-> pickup -> cleanup -> qmgr -> local

Generally it is as illustrated on pictures at:

        http://www.postfix.org/OVERVIEW.html

Except one thing. This transition:

        gmgr -> spamd

according to the config must be in fact:

        gmgr -> smtp -> spamd

My question is:

Why does `qmgr' for the first time use `stmp' delivery agent and the
second time `local'. If the recipient is local why does it chooses
`smtp' which (as far as I understand) is designed for remote delivery.
It's fine and it works but why?

Best regards,
Marek


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: master.cf services and postfix architecture

Viktor Dukhovni

> On Feb 26, 2017, at 11:37 AM, Marek Kozlowski <[hidden email]> wrote:
>
> Let's assume that services defined in `master.cf' are as follows:
> -----------------------------------------------------------------------
> smtp      inet  n       -       n       -       -       smtpd
>  -o content_filter=spamassassin
>  -o receive_override_options=no_address_mappings

Mail that comes in via SMTP is (initially) force-routed to the
above specified content_filter transport.

> spamassassin unix -     n       n       -       -       pipe
>  user=nobody argv=/usr/bin/vendor_perl/spamc -f -e /usr/sbin/sendmail
>  -oi -f ${sender} ${recipient}

That transport executes the "spamc" program, which, by the looks of
things, re-injects the message with any modifications via sendmail(1).

> I've checked the log and it seems that mail incoming from remote servers
> addressed to local users is processed according to the following chain:
>
> smtpd -> cleanup (with trivial rewrite) -> qmgr -> spamd -> [sendmail]
> -> pickup -> cleanup -> qmgr -> local

Well, actually "spamc" rather than "spamd".  The former communicates
with the latter, but is ultimately resposible for actually delivering
the email onward.

> This transition:
>
> qmgr -> spamd
>
> according to the config must be in fact:
>
> qmgr -> smtp -> spamd

There is no such "must".  When using "advanced" filters, the communication
to the filter is via SMTP, when using simple filters, it is via pipe(8)
executing the filter script.

> Why does `qmgr' for the first time use `smtp' delivery agent

It does not.  It uses the content_filter transport if added upstream
to the queue file, or otherwise whatever transport table or address
class implies.

> and the second time `local'.

The re-injected message has no content_filter recorded in the queue file.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: master.cf services and postfix architecture

Marek Kozlowski-2
On 02/26/2017 06:18 PM, Viktor Dukhovni wrote:

>
>> On Feb 26, 2017, at 11:37 AM, Marek Kozlowski <[hidden email]> wrote:
>>
>> Let's assume that services defined in `master.cf' are as follows:
>> -----------------------------------------------------------------------
>> smtp      inet  n       -       n       -       -       smtpd
>>  -o content_filter=spamassassin
>>  -o receive_override_options=no_address_mappings
>
> Mail that comes in via SMTP is (initially) force-routed to the
> above specified content_filter transport.
Can you explain more precisely what you mean by saying "(initially)
force-routed "?
According to my tests and logs it happens AFTER (the first invocation
of) the `cleanup' service.

>> Why does `qmgr' for the first time use `smtp' delivery agent
>
> It does not.  It uses the content_filter transport if added upstream
> to the queue file, or otherwise whatever transport table or address
> class implies.

But in the above configuration the `content_filter' is added only to
`stmp'..?

Best regards,
Marek


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: master.cf services and postfix architecture

Viktor Dukhovni

> On Feb 26, 2017, at 12:26 PM, Marek Kozlowski <[hidden email]> wrote:
>
>>> smtp      inet  n       -       n       -       -       smtpd
>>> -o content_filter=spamassassin
>>> -o receive_override_options=no_address_mappings
>>
>> Mail that comes in via SMTP is (initially) force-routed to the
>> above specified content_filter transport.
>
> Can you explain more precisely what you mean by saying "(initially)
> force-routed "?

The first time the message hits the queue (prior to re-injection).
Since smtpd(8) added a content_filter setting to the queue file,
normal transport selection is preƫmpted by the content filter.

> According to my tests and logs it happens AFTER (the first invocation
> of) the `cleanup' service.

Of course, since the flow is smtpd(8) -> cleanup(8) -> incoming queue
where qmgr(8) finds the message and schedules delivery via the appropriate
agent.

>>> Why does `qmgr' for the first time use `smtp' delivery agent
>>
>> It does not.  It uses the content_filter transport if added upstream
>> to the queue file, or otherwise whatever transport table or address
>> class implies.
>
> But in the above configuration the `content_filter' is added only to
> `smtp'..?

No, the filter is added on *input* via SMTP, that is the "smtp inet"
service provided by smtpd(8).  Don't confuse input with output.

   * SMTP input:  smtp inet ... smtpd
   * SMTP output: smtp unix ... smtp

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: master.cf services and postfix architecture

Marek Kozlowski-2
On 02/26/2017 06:40 PM, Viktor Dukhovni wrote:
[...]

Thank you (and Wietse) very much for clarification!

Best regars,
Marek


smime.p7s (4K) Download Attachment