[Postfixbuch-users] Postfix als Relay vor Exchange und Amavis

Andre Ballensiefen | silversurfer7 GmbH ballensiefen at silversurfer7.de
Do Apr 24 09:59:35 CEST 2008


Hallo zusammen,

hier erst mal die Systemkonfiguration:

Frontend-MTA:	Debian Etch
			Postfix 2.3.8
			Amavis 2.4.2


Das System ist so konfiguriert, das alle eMails über den Postfix reinkommen dann an Amavis zugestellt werden. Dieser prüft mit Spamassassin und Kaspersky AntiVirus die Mails gibt diese zurück an Postfix. Dann je nach Domain relay an internen Exchange oder lokalen cyrus. Soweit die Konfiguration.

Bis vor 3 Wochen lief alles so wie es soll. Amavis hat die Mails mit dem berühmten X-SPAM-STATUS: YES versehen und die Outlook regeln konnten bei den spam_lovers die Mail in den Junk sortieren.

Dann kam Tag X wo nach dem Relay an den Exchange der X-SPAM Status nicht mehr im Header stand.
Wenn die Mail an Cyrus zugestellt wird ist der Status drin.

Auf den ersten Blick eine Exchange Einstellung. Allerdings wurde an der Config nichts geändert. Windows Update läuft auch nicht. Beide Server laufen noch so wie Sie im Oktober 2007 konfiguriert wurden.

Deshalb gehe ich mal davon aus, das beim Relay irgendetwas schief läuft.
Gibt es beim Postfix / Amavis eine Option die besagt "Lösche alle header bevor diese Relayed werden" ?

Hier die Config Dateien

main.cf

#
# general
#
myhostname = mail.xxx.de
mydomain = xxx.de
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain, maggie.xxx.de, mysql:/etc/postfix/mysql-mydestination.cf
mynetworks = 192.168.100.0/24 127.0.0.0/8
relay_domains = yyy.de, $mydestination
relay_recipient_maps = hash:/etc/postfix/relay_recipients
transport_maps = hash:/etc/postfix/transport
mailbox_transport = cyrus
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf, hash:/etc/postfix/virtual_aliases
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
alias_maps = $alias_database
smtpd_banner = $myhostname ESMTP $mail_name
#
# sasl auth
# for clients
#
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = no
smtpd_sender_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        permit

smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_invalid_hostname,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_non_fqdn_sender,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining,
        permit_sasl_authenticated,
        reject_unauth_destination,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client bl.spamcop.net,
        permit


smtpd_data_restrictions =
        reject_unauth_pipelining,
        permit

content_filter = amavisd-new:[127.0.0.1]:10024

#
# SASL TLS
# for server
#
smtp_use_tls = yes
#
# SASL TLS
# for clients
#
smtpd_use_tls = yes
smtpd_sasl_local_domain =
smtpd_sasl_auth_only = yes
smtpd_tls_note_starttls_offer = yes
smtpd_tls_cert_file = /etc/ssl/certs/smtps.pem
smtpd_tls_key_file = /etc/ssl/certs/smtps.pem
smtpd_tls_CAfile = /etc/ssl/certs/smtps.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom


master.cf

smtp      inet  n       -       n       -       -       smtpd
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

...

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

...

maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

...

cyrus     unix -        n       n       -       -       pipe
 flags= user=cyrus argv=/usr/sbin/cyrdeliver -r ${sender} -m ${extension} ${user}

...

amavisd-new     unix    -       -       n       -       2       smtp
        -o smtp_data_done_timeout=1200s
        -o disable_dns_lookups=yes

127.0.0.1:10025 inet    n       -       n       -       -       smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8		



amavis-conf

$QUARANTINEDIR = "$MYHOME/virusmails";

$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$log_level = 1;
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output, etc

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # default listenting socket

$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = 5.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 4.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?

# Quota limits to avoid bombs (like 42.zip)

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes

$final_virus_destiny      = D_DISCARD;  # (data not lost, see virus quarantine)
$final_banned_destiny     = D_DISCARD;  # D_REJECT when front-end MTA
$final_spam_destiny       = D_DISCARD;
$final_bad_header_destiny = D_PASS;     # False-positive prone (for spam)

$virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default
$spam_lovers{lc('user at yyy.de')} = 1;

# Leave empty (undef) to add no header
$X_HEADER_LINE = "Debian $myproduct_name at $mydomain";


Danke im Voraus.


Andre



Mehr Informationen über die Mailingliste Postfixbuch-users