Hi all Couple of probs. 1. Do I need to do the "Apply Relay Recipients" section for Exchange (page 4)? It only mentions Exchange 2000/2003, I am running Windows Server 2008R2 and Exchange 2010. I can't get the spamsnake to retrieve a list of usernames/passwords. I've changed all the usernames/passwords in the getadsmtp.pl file but it returns the error "error:The wrong password was supplied or the SASL credentials could not be processed" 2. Monitoring my mail.log is showing the following errors and no mail is getting through to the Baruwa web interface.. Code: Dec 18 20:24:03 spamsnake postfix/smtpd[3970]: connect from ***.*****.**.uk[***.***.**.**] Dec 18 20:24:04 spamsnake postfix/spawn[3978]: warning: command /usr/bin/perl exit status 2 Dec 18 20:24:04 spamsnake postfix/smtpd[3970]: warning: premature end-of-input on private/policy while reading input attribute name Dec 18 20:24:05 spamsnake postfix/spawn[3978]: warning: command /usr/bin/perl exit status 2 Dec 18 20:24:05 spamsnake postfix/smtpd[3970]: warning: premature end-of-input on private/policy while reading input attribute name Dec 18 20:24:05 spamsnake postfix/smtpd[3970]: warning: problem talking to server private/policy: Connection reset by peer Dec 18 20:24:05 spamsnake postfix/smtpd[3970]: NOQUEUE: reject: RCPT from ***.****.**.**[***.***.**.**]: 451 4.3.5 Server configuration problem; from=<colin@**.**.**> to=<colin@**.**.**> proto=ESMTP helo=<***.***.**.**> Dec 18 20:24:05 spamsnake postfix/smtpd[3970]: disconnect from **.***.**.**[***.***.**.**] Dec 18 20:27:25 spamsnake postfix/anvil[3973]: statistics: max connection rate 1/60s for (smtp:***.***.**.**) at Dec 18 20:24:03 Dec 18 20:27:25 spamsnake postfix/anvil[3973]: statistics: max connection count 1 for (smtp:***.***.**.**) at Dec 18 20:24:03 Dec 18 20:27:25 spamsnake postfix/anvil[3973]: statistics: max cache size 1 at Dec 18 20:24:03 The only other stuff left for me to do is setup email disclaimers, Webmin, etc, nothing that appears vital to make this thing work! Please help, I feel like I'm almost there but just need to sort these issues out! Thanks in advance. Colin
Looks like the SPF entry is incorrect. Post your master.cf and main.cf. I'm not sure if the script works with Exchange 2010, but you can use the look_ahead feature as an alternate. You cannot implement both, so it's either relay_recipient hash or look_ahead. If you plan to use relay_recipients hash, then you should disable look_ahead. Give this page a look: http://thelowedown.wordpress.com/2008/02/16/postfix-gateway-to-exchange/ Otherwise, setup main.cf as described under the postfix section in the guide and enable look_ahead. Read through the guide carefully, as some things are optional. That is up to you to install should you need those features.
Hi Rocky, thanks for the reply. Here is my main.cf as requested Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = ESMTP SpamSnake biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = spamsnake.colskinet.co.uk alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = colskinet.co.uk mydestination = relayhost = mynetworks = 127.0.0.0/8, 192.168.1.0/24 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html message_size_limit = 10485760 local_transport = error:No local mail delivery local_recipient_maps = relay_domains = mysql:/etc/postfix/mysql-relay_domains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-relay_recipients.cf transport_maps = mysql:/etc/postfix/mysql-transports.cf virtual_alias_maps = hash:/etc/postfix/virtual disable_vrfy_command = yes strict_rfc821_envelopes = no smtpd_delay_reject = yes smtpd_recipient_limit = 100 smtpd_helo_required = yes smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, permit smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, permit smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining smtpd_restriction_classes = spf_policy, rbl_policy, grey_policy, whitelist_policy spf_policy = check_policy_service unix:private/policy rbl_policy = reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net grey_policy = check_policy_service unix:private/greyfix whitelist_policy = check_sender_access mysql:/etc/postfix/mysql-global_whitelist.cf header_checks = regexp:/etc/postfix/header_checks verify_recipient = reject_unknown_recipient_domain, reject_unverified_recipient look_ahead = check_recipient_access hash:/etc/postfix/access unverified_recipient_reject_code = 550 address_verify_map = btree:/var/lib/postfix/verify Here is my master.cf Code: # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd -o content_filter=dfilt: #submission inet n - - - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - - - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/lib/post greyfix unix - n n - - spawn user=nobody argv=/usr/local/sbin/greyfix --greylist-delay 60 -/ 24 dfilt unix - n n - - pipe flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} -- ${recipient} Colin
I've now fixed this and got the system up and running. The problem was with some code in my "master.cf" file It read : Code: policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/lib/post When it should have read : Code: policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl I'd simply not copied the entire line! I had an issue of "[email protected]" being accepted but "[email protected]" being rejected (450 4.1.1 error) - I assume the case sensitive issue was the problem here? I've removed "reject_unknown_recipient_domain" from main.cf and this seems to have stopped the problem. I've replaced it with "check_relay_domains" - is that the right thing to do? Thanks Colin
Yes, SPF entry in master.cf was incorrect, glad you caught it. The system should allow the mail regardless of case, because the domain is specified. Are you using relay recipients or look_ahead? Also, have you followed my little writeup on how to create the domain admin and the entries for domains and transports? It's under the Baruwa section. Without that section being completed, the system won't relay messages since the relay domains aren't present.
My /etc/postfix/access file has the following: Code: colskinet.co.uk verify_recipient But look_ahead is also listed in the "smtpd_recipient_restrictions" section of master.cf. I notice there's also a line in that file with "look_ahead = check_recipient_access hash:/etc/postfix/access" That what you were wanting to know? This part confused me somewhat! Edit - yes - the whole Baruwa section went without any problems, and I added my domain to it. Colin
Ok, yes, so you can skip the entire relay_recipient script section because your system is setup for look_ahead. Your setup will send a dummy mail to your exchange to verify(look_ahead) to make sure the user exists. If the user doesn't exist, exchange will reply saying so and postfix will drop the connection. However, you must have exchange setup to act that way if the user doesn't exist.
