Hi. Yesterday i just prepared, now i try to activate on 2 servers, 1 Debian 9 and 1 Debian 10. I activate rspamd in system and alot of jobque happens, so its doing something. Files is written in /etc/rspamd/local/users (644 on all files), all accounts and spamfilters. Amavis is still in use, but nothing shows up in rspamd gui, no history. No change in master.cf I can see that main.cf is changed in some way, but: root@mail1:/etc/postfix# cat /etc/postfix/main.cf | grep rspamd root@mail1:/etc/postfix# cat /etc/postfix/main.cf | grep amavis content_filter = amavis:[127.0.0.1]:10024 I can not stop amvis according to guide since the mailq builds up then. What to look for here ? What changes should ispconfig do to activate rspamd ?
ISPConfig enables rspamd in postfix main.cf. Maybe you have customized main.cf that is not compatible with the new ISPConfig version? The word to search for in main.cf is milter, not rspamd. root@server1:/tmp# grep milter /etc/postfix/main.cf smtpd_milters = inet:localhost:11332 non_smtpd_milters = inet:localhost:11332 milter_protocol = 6 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_default_action = accept and the amavis content filter is removed: root@server1:/tmp# grep amavis /etc/postfix/main.cf root@server1:/tmp#
Here is the PHP code that changes the config, just as info: Code: if($mail_config['content_filter'] == 'rspamd'){ exec("postconf -X 'receive_override_options'"); exec("postconf -X 'content_filter'"); exec("postconf -e 'smtpd_milters = inet:localhost:11332'"); exec("postconf -e 'non_smtpd_milters = inet:localhost:11332'"); exec("postconf -e 'milter_protocol = 6'"); exec("postconf -e 'milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}'"); exec("postconf -e 'milter_default_action = accept'"); exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated'"); $new_options = array(); $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions")); foreach ($options as $key => $value) { if (!preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) { $new_options[] = $value; } } exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'"); // get all domains that have dkim enabled if ( substr($mail_config['dkim_path'], strlen($mail_config['dkim_path'])-1) == '/' ) { $mail_config['dkim_path'] = substr($mail_config['dkim_path'], 0, strlen($mail_config['dkim_path'])-1); } $dkim_domains = $app->db->queryAllRecords('SELECT `dkim_selector`, `domain` FROM `mail_domain` WHERE `dkim` = ? ORDER BY `domain` ASC', 'y'); $fpp = fopen('/etc/rspamd/local.d/dkim_domains.map', 'w'); $fps = fopen('/etc/rspamd/local.d/dkim_selectors.map', 'w'); foreach($dkim_domains as $dkim_domain) { fwrite($fpp, $dkim_domain['domain'] . ' ' . $mail_config['dkim_path'] . '/' . $dkim_domain['domain'] . '.private' . "\n"); fwrite($fps, $dkim_domain['domain'] . ' ' . $dkim_domain['dkim_selector'] . "\n"); } fclose($fpp); fclose($fps); unset($dkim_domains); }
Hi. No milter in any main.cf. Sure we have changed the main.cf with diffrent recipient_restrictions and other. Should not ispconfig add this code at the end in file ? # ls -lah /etc/postfix/main.cf -rw-r--r-- 1 root root 6,2K sep 12 09:05 /etc/postfix/main.cf I will add manually and test. Should i purge my old SPF filter ? I guess rspamd does that better ? nano /etc/postfix/main.cf #Add policy-spf_time_limit = 3600s #add i: smtpd_recipient_restrictions check_policy_service unixrivate/policy-spf nano /etc/postfix/master.cf # add: policy-spf unix - n n - - spawn user=nobody argv=/usr/bin/policyd-spf
I guess this should also go away from master.cf: amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes
This should not matter, but you can probably remove it. ispconfig leaves it there by default as amavis could not be activated again otherwise.
Nope, could not remove amavis from master.cf, all emails end up in que. postfix/error[1689]: CA5D7720EEA: to=<xxx>, relay=none, delay=0.72, delays=0.69/0/0/0.03, dsn=4.3.0, status=deferred (mail transport unavailable) Is there something missing in master.cf also that ispconfig thats my system did not aply ?
No, master.cf is not relevant for rspamd and as I posted above, ispconfig does not remove these lines from master.cf. So better just don't touch master.cf at all.
In header i still get amavis: X-Virus-Scanned: Debian amavisd-new at Authentication-Results: XXXX.XX (amavisd-new); dkim=pass (1024-bit key) Received: from XXXX.XX ([127.0.0.1]) by localhost (XXXX.XXX [127.0.0.1]) (amavisd-new, port 10026)
Then you probably did not run these postconf commands from the code I posted above: postconf -X 'receive_override_options' postconf -X 'content_filter'
Ofcourse, always restart postfix after changes. Now i did: postconf -X 'receive_override_options' postconf -X 'content_filter' systemctl restart postfix But still amavis in headers. 2 questions: Why did it not change my main.cf ? i cant understand what failed. Can i run this php file again manually to see the errors maybee ? (whats its name?)
The receive_override_options and content_filter line were removed from main.cf now? I don't know, this did not happen on any other system yet. The issue is might related to manual changes that you made in your postfix config. No, you can not run it without switching everything back to amavisd. the code is part of the ISPConfig postfix server plugin.
I think i found it: This line also was missing: postconf -e 'smtpd_sender_restrictions..... Now amavis is gone from headers. Thanks for help so far.
To summon for others that may have same problem with Amavis still running, do this: postconf -X 'receive_override_options' postconf -X 'content_filter' postconf -e 'smtpd_milters = inet:localhost:11332' postconf -e 'non_smtpd_milters = inet:localhost:11332' postconf -e 'milter_protocol = 6' postconf -e 'milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}' postconf -e 'milter_default_action = accept' postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated' systemctl restart postfix tail -f /var/log/mail.log Check for errors and amavis, should not occur.