[Postfixbuch-users] content filter

edv edv at dw-bonn.de
Di Apr 29 12:54:06 CEST 2008 

Hallo Liste,

Ich benutze die Version 2.3.8-2 von Debian (Etch).

Als Content-Filter setze ich proxsmtpd mit spamc und clamsmtpd ein. Die Filter kommen in einer Access-Map (check_recipient_access) zum Einsatz, also kein globaler Content-Filter (content_filter=).

Mein Problem besteht jetzt nun darin, dass Emails die über ein PIPELINING versendet werden nicht gefiltert werden, also wenn jemand mehrere Empfänger deklariert. Gleiches gilt auch für CC und BCC.

Es scheint als würde Postfix keine Treffer in den Maps finden :-(
Auch eine Deklaration in header_checks und body_checks scheint nicht zu funktionieren.

Wenn ich statdessen das ganze aber global filtern lassen klappt es.
Das möchte ich aber nicht. Auch möchte ich deswegen keinen zweiten Mailserver einsetzten.
Ausserdem benutze ich für jeden Benutzer eine eigene user_prefs für spamassassin.

Fals ihr eine Lösung für das Problem habt, wäre ich euch dankbar.

Die Postfix-Konfigurationen:

###########################master.cf

smtp                  inet  n       -       -       -       -       smtpd
0.0.0.0:125      inet  n       -       -       -       -       smtpd
  -o smtpd_end_of_data_restrictions=check_recipient_access,hash:/etc/postfix/virus_filter_recipient_access
  -o smtpd_authorized_xforward_hosts=127.0.0.1
0.0.0.0:225      inet  n       -       -       -       -       smtpd
  -o smtpd_end_of_data_restrictions=check_recipient_access,hash:/etc/postfix/spam_filter_recipient_access
  -o smtpd_authorized_xforward_hosts=127.0.0.1
virus_filter        unix  -       -       -       -       -       smtp
  -o smtp_send_xforward_command=yes
spam_filter       unix  -       -       -       -       -       smtp
  -o smtp_send_xforward_command=yes


###########################main.cf

myhostname = exa.example.de
mydestination = exa.example.de
myorigin = /etc/mailname
mynetworks = 127.0.0.1
masquerade_domains = exa.example.de
masquerade_exceptions =
mailbox_size_limit = 0
recipient_delimiter = +
smtpd_helo_required = yes
remote_header_rewrite_domain = exa.example.de
header_checks = pcre:/etc/postfix/header_checks
mime_header_checks = pcre:/etc/postfix/mime_header_checks
nested_header_checks = pcre:/etc/postfix/nested_header_checks
body_checks = pcre:/etc/postfix/body_checks


# Maps
smtp_generic_maps = hash:/etc/postfix/smtp_generic
canonical_maps = hash:/etc/postfix/canonical
sender_canonical_maps = hash:/etc/postfix/sender_canonical
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
sender_bcc_maps = hash:/etc/postfix/sender_bcc
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_alias_maps = hash:/etc/postfix/virtual_alias
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent_relayhost
transport_maps = hash:/etc/postfix/transport
smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password
smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login


# SMTPD Restrictions
smtpd_client_restrictions =
        check_client_access hash:/etc/postfix/client_access,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unknown_client_hostname,
        reject_rbl_client zen.spamhaus.org

smtpd_helo_restrictions =
        reject_invalid_helo_hostname,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname

smtpd_sender_restrictions =
        reject_non_fqdn_sender,
        check_client_access hash:/etc/postfix/client_sender_access,
        reject_unauthenticated_sender_login_mismatch,
        reject_authenticated_sender_login_mismatch,
        check_sender_access hash:/etc/postfix/sender_access,
        permit_mynetworks,
        permit_sasl_authenticated

smtpd_recipient_restrictions =
        reject_non_fqdn_recipient,
        check_recipient_access hash:/etc/postfix/recipient_access,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination

smtpd_data_restrictions =
        reject_unauth_pipelining

smtpd_end_of_data_restrictions =
        check_recipient_access hash:/etc/postfix/end_of_data_recipient_access


# SMTP Auth
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_security_options = noanonymous


# SMTPD Auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes


# TLS parameters
smtpd_use_tls = yes
smtp_use_tls = yes
smtpd_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_protocols = TLSv1
tls_export_cipherlist = DHE-RSA-AES256-SHA
smtpd_tls_mandatory_ciphers = export
smtp_tls_mandatory_ciphers = export
smtpd_tls_cert_file = /etc/ssl/certs/generalstone_cert.pem
smtpd_tls_key_file = /etc/ssl/private/generalstone_privkey.pem
smtpd_tls_CApath = /etc/ssl/certs
smtp_tls_CApath = /etc/ssl/certs
smtpd_tls_session_cache_database = hash:${queue_directory}/smtpd_tls_session_cache
smtp_tls_session_cache_database = hash:${queue_directory}/smtp_tls_session_cache


/etc/postfix/end_of_data_recipient_access:
     postmaster at exa.example.de FILTER virus_filter:localhost:10025


/etc/postfix/virus_filter_recipient_access:
     postmaster at exa.example.de FILTER spam_filter:localhost:10026

Mehr Informationen über die Mailingliste Postfixbuch-users