RE: [Postfixbuch-users] Mailheader verändern - LÖSUNG
Marcel Hartmann
mail at marcel-hartmann.com
Do Jun 2 13:06:48 CEST 2005
Hallo Thomas,
> > Danke für Deine Bemühungen mit den header_checks.
> > Ich habe auch diese variante ausprobiert und bei mir sieht
> der Header
> > immernoch so aus:
> >
> > [...]
> >
> > kann es sein, das man die Datei /etc/postfix/Header_Checks mit chmod
> > bearbeiten muss vorher?
> > Das der Postfix darauf auch zugreifen kann? evtl. chown
> > postmaster:postmaster /etc/postfix/header_checks; ?
>
> möglich, halte ich aber für unwahrscheinlich, da ich es auch
> nciht gebraucht
> habe.
> Wie sieht denn Deine /etc/postfix/master.cf aus.
> Kann mir jetzt nur noch vorstellen, dass da, falls Du amavisd-new oder
> ähnliches laufen hast, die header_checks für die letzte
> Ausführung des smtpd
> deaktiviert sind.
>
> Den Tabulator zwischen der RegExp und dem IGNORE hast Du aber
> schon gesetzt
> (und KEIN Lehrzeichen etc noch dazwischen?)
> Du hast das auch nicht evtl. per Cut'n'Paste aus meiner Mail
> rauskopiert?
Hehe, Nein. Ich habe alles fein beachtet! ;-)
Hier nun meine configs:
1. master.cf
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o
smtpd_etrn_restrictions=reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags= user=cyrus argv=/usr/lib/cyrus-imapd/deliver -r ${sender} -m
${extension} ${user}
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
# amavis smtp listener
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
# postfix auf port 10025 fuer amavis laufen lassen
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks
-o smtp_send_xforward_command=yes
2. main.cf
Auszug:
# ergänzungen für virtual aliass maps
virtual_alias_maps = hash:/etc/postfix/virtual,
mysql:/etc/postfix/mysql-virtual.cf
# rewriting der outgoing mails, hier werden die konten test0001 in user.name
at virtualdomain.tld umgeschrieben
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
# SMTP Authentication with SASL and PAM
smtpd_sasl_auth_enable = yes
# dns rbls !! Spam wird gar nicht erst angenommen und durchsucht!
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_rbl_client ix.dnsbl.manitu.net
reject_rbl_client cbl.abuseat.org
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client list.dsbl.org
reject_rbl_client relays.ordb.org
reject_rbl_client opm.blitzed.org
reject_rbl_client dnsbl.njabl.org
permit
# aussortieren von gefährlichen Dateiendungen
# mime checks fuer anhaenge mit exe etc. diese werden geblockt
mime_header_checks=pcre:/etc/postfix/body_checks
# HeaderCkecks um den Mailheader etwas zu verändern, die amavis10024 und
10025
# Dinge sollen raus aus dem Header
header_checks = pcre:/etc/postfix/header_checks
# mailserver welche mailssenden wollen ohne ehlo werden abgelehnt
smtpd_helo_required = yes
# alle user müssen sich anmelden bevor sie mails senden dürfen
smtpd_sasl_security_options = noanonymous
# wegen der virtuellen domains wird keine hauptdomain angegeben
smtpd_sasl_local_domain =
# falls etwas schief läuft bei der anmeldung bricht er dann nicht ab
broken_sasl_auth_clients = yes
# quota für outgoing smtp und inbox
# quota 40 und 250 MB
message_size_limit = 40480000
mailbox_size_limit = 256000000
# tls support ssl
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# content filter amavisd-new mit seinen tools
content_filter = smtp-amavis:[127.0.0.1]:10024
3. /etc/postfix/header_checks
/^Received: from.*(127\.0\.0\.1|localhost)/ IGNORE
4. amavisd.conf auszug:
$max_servers = 2; # number of pre-forked children (2..15 is
common)
$daemon_user = "amavis"; # (no default; customary: vscan or amavis)
$daemon_group = "amavis"; # (no default; customary: vscan or amavis)
$mydomain = 'snitch.de'; # a convenient default for other settings
$MYHOME = "/var/amavis";
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to be created
manually
$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR
$QUARANTINEDIR = "/var/virusmails";
$db_home = "$MYHOME/db";
@local_domains_maps = ( [".$mydomain"] );
$log_level = 0; # verbosity 0..5
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 0; # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.critical';
$LOGFILE = "/var/log/amavis.log";
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and
nanny)
$enable_global_cache = 1;
$inet_socket_port = 10024;
$sa_tag_level_deflt = 3.0; # add spam info headers if at, or above that
level
$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.3; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is
larger
$sa_local_tests_only = 0; # only tests which do not require internet
access?
$sa_auto_whitelist = 1;
$virus_admin = undef; # "virusalert\@$mydomain"; #
notifications recip.
$mailfrom_notify_admin = undef; # "virusalert\@$mydomain"; #
notifications sender
$mailfrom_notify_recip = undef; # "virusalert\@$mydomain"; #
notifications sender
$mailfrom_notify_spamadmin = undef; # "spam\@$mydomain"; # notifications
sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if
undef
@addr_extension_virus_maps = ('virus');
@addr_extension_spam_maps = ('spam');
@addr_extension_banned_maps = ('banned');
@addr_extension_bad_header_maps = ('badh');
$MAXLEVELS = 14;
$MAXFILES = 1500;
#$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not
enforced)
#$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not
enforced)
$MIN_EXPANSION_QUOTA = undef;
$MAX_EXPANSION_QUOTA = undef;
$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus = 0; # MIME-wrap passed infected mail
$defang_banned = 1; # MIME-wrap passed mail containing banned name
# OTHER MORE COMMON SETTINGS (defaults may suffice):
$myhostname = 'mailrelay.snitch.de'; # must be a fully-qualified domain
name!
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;
config mit Antivir als Primary und Clamd als secondyra Scanner, und
spamassasin natürlich ;)
Gruß,
Marcel Hartmann
Mehr Informationen über die Mailingliste Postfixbuch-users