amavis is blocking everything!

Hi all,

After upgraded to a 1G memory, i decided to switch on amavis, i followed instruction on

and configured Amavis.

Since then all emails went to postfix were blocked by amavis with this in the log:
amavis[14192]: (!)DENIED ACCESS from IP MYEXTERNALIP, policy bank ''
postfix/smtp[12204]: 2D7342A701E8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.12, delays=0.11/0.01/0/0, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting).

I do have the following postconf turn on:

Code:

smtpd_client_restrictions = permit_mynetworks, reject_unknown_client
smtpd_data_restrictions = reject_unauth_pipelining, permit_sasl_authenticated
smtpd_delay_reject = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_unknown_hostname, reject_non_fqdn_hostname, permit
smtpd_milters = inet:localhost:20209
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender,permit_mynetworks, permit

Is any of the above an issue to what I have configured for amavis?

 

Search the forum

http://www.howtoforge.com/forums/showthread.php?t=40189

 

Yep, done all that, found one problem:
my domain name is not listed in /etc/hosts under 127.0.0.1 but rather in its own ip
so after i changed it to :
127.0.0.1 news.mymda.com mail localhost localhost.localdomain
DOMAINIP news.mymda.com mail

I still get blocked, here's my netstat -tap:

tcp 0 0 news.mymda.com:10024 *:* LISTEN 7749/amavisd (maste
tcp 0 0 news.mymda.com:10025 *:* LISTEN 26417/master
tcp 0 0 news.mymda.com:dyna-access *:* LISTEN 9439/clamd
tcp 0 0 news.mymda.com:783 *:* LISTEN 9510/spamd.pid
tcp 0 0 news.mymda.com:20209 *:* LISTEN 5774/dkim-filter
tcp 0 0 *:ssh *:* LISTEN 27888/sshd

 

btw, thanks for the replies, really appreciated!!!!

 

So it's all working now?

 

nope, still blocked!

 

Have you added your external ip to mynetworks in main.cf?

can you copy the content of these files in a reply:

/etc/postfix/main.cf
/etc/postfix/master.cf

and any of the amavis config files you have edited.

 

thought mynetworks default to myhostname + mynetworks?

here there are:
main.cf

Code:

readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
myhostname = news.mymda.com
mynetworks = 127.0.0.0/8
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/mymda
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtp_bind_address = EXTERNALIP
relay_domains =
receive_override_options = no_address_mappings
smtpd_milters = inet:localhost:20209
non_smtpd_milters = inet:localhost:20209
milter_protocol = 3
milter_default_action = accept
maximal_queue_lifetime = 10m
bounce_template_file = /etc/postfix/bounce.cf
queue_run_delay = 2000s
minimal_backoff_time = 2000s
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_client_restrictions = permit_mynetworks, reject_unknown_client
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_unknown_hostname, reject_non_fqdn_hostname, permit
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender,permit_mynetworks, permit
bounce_queue_lifetime = 10m
smtpd_data_restrictions = reject_unauth_pipelining, permit_sasl_authenticated
content_filter = amavis:[127.0.0.1]:10024

changes to master.cf and amavis.conf
master.cf

Code:

...amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1

amavisd.conf

Code:

$mydomain = 'localhost.localdomain';
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.0;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = $sa_tag2_level_deflt;  # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
@lookup_sql_dsn =
   ( ['DBI:mysql:database=mail;host=localhost;port=3306', 'mail_admin', 'mail_admin_password'] );
$sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT("@",domain) IN (%k)';
$sql_select_white_black_list = undef;  # undef disables SQL white/blacklisting
$recipient_delimiter = '+';                # (default is '+')
$replace_existing_extension = 1;        # (default is false)
$localpart_is_case_sensitive = 0;        # (default is false)
$recipient_delimiter = undef;  # undef disables address extensions altogether
$final_virus_destiny      = D_REJECT;
$final_banned_destiny     = D_REJECT;
$final_spam_destiny       = D_BOUNCE;
$final_bad_header_destiny = D_PASS;
['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"],
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

 

Looking at the how-to and your config files, i see differences, so i assume you follow the how-to again and do exactly what it tells you to do. See if everything works and then start making adjustments..

f.e.

postconf -e 'virtual_mailbox_base = /home/vmail'

your's is /home/mymda

and i also see no milter config params, your config has.

 

em, virtual box is fine, worked before i turn on amavis, milter is dkml, was working,
anyway i will try again, will post the solution if i found out what went wrong.

thanks