We're receiving some inbound mail from this domain we would like to receive. Unfortunately it's getting rejected by one of the content filters. Is there any way to tell which one so I can adjust it? Turn on additional logging in postfix or amavisd perhaps? Any ideas are appreciated! Thanks. Here's an excerpt from the log: Code: Mar 5 14:58:28 SRVNAME postfix/qmgr[12632]: D7E3720D55D2: from=<[email protected]>, size=3243, nrcpt=1 (queue active) Mar 5 14:58:28 SRVNAME amavis[30941]: (30941-18) Passed CLEAN {RelayedInbound}, [199.231.xxx.xxx]:57645 [216.170.xxx.xxx] <[email protected]> -> <[email protected]>, Queue-ID: A59E420D55C8, Message-ID: <005001d3b4c4$b9d65ee0$2d831ca0$@com>, mail_id: CkLx7DuzZK5X, Hits: -1.12, size: 2577, queued_as: D7E3720D55D2, 8159 ms Mar 5 14:58:43 SRVNAME postfix/smtps/smtpd[31992]: NOQUEUE: filter: RCPT from cpe-65-31-xxx-xxx.xx.xx.xx.com[65.31.xxx.xxx]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to= [email protected]> proto=ESMTP helo=<[192.168.xxx.xxx]>
The email received Hits: -1.12, so unless your kill score is below -1.12 (which is quite unlikely), then the amavis filter is not causiing this. maybe you run some manual content filter rules in postfix (header filter / content filter)?
Thanks till. Spam kill level is set to 5.00. I have these lines with the word "header", "body" and/or "content" active in /etc/postfix/main.cf Code: smtpd_sasl_authenticated_header = yes header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks content_filter = amavis:[127.0.0.1]:10024 Examining the contents of those files, they are all empty. Other ideas?
I took a look at /etc/postfix/master.cf and have these at the bottom of the file. Are the 2 entries for localhost both for amavisd (I'm guessing, send to and receive back from amavisd)? I believe the mail log typically indicates if the email message triggers the SPF policy so I don't think that's it. The SPF policy on their domain is set to "?all" which is neutral. Code: amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks spfpolicy unix - n n - 0 spawn user=nobody argv=/usr/bin/perl /usr/local/bin/postfix-policyd-spf-perl 127.0.0.1:10027 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o milter_default_action=accept -o milter_macro_daemon_name=ORIGINATING -o disable_dns_lookups=yes