Hi, I'm running Mandriva 2008 One and I've attempted to follow this how-to guide: http://www.howtoforge.com/mandriva_postfix_antispam_antivirus_exchange I'm trying to configure Postfix to scan inbound and outbound smtp mail on my network. We use Exchange 2003 internally on a Windows 2003 domain. I also have an ISA firewall sat at the border, so the Mandriva machine is behind this ISA box. I have email flowing just fine without using the Mandriva box. So when I have Exchange setup to route external SMTP through the ISA server using the IP of the ISA server as a smarthost, it all works fine inbound and outbound. As soon as I set the smarthost IP on the Exchange server to point to the Mandriva machine, email stops flowing. I'm a total newb with Linux, so please be gentle ;-) I don't even know where to look on the Mandriva box to see if mail is being received into any of the queues? I have tried telnetting to the Mandriva box using port 25, and I think it connects - I don't see any message saying it couldn't establish a connection - but I also don't see what I would class as an SMTP connected notice? I have disabled the firewall on the Mandriva box - as a temporary measure, to see if that made a difference but unfortunately it hasn't so far. Any help you can offer is greatly appreciated!!! Thanks and kind regards, Greg.
Thanks for the advice ;-) I found the following logs in the folder you mentioned: /var/log/mail/info.log: Code: Oct 25 09:28:16 tlvmmail1 spamd[5868]: prefork: child states: II Oct 25 09:28:16 tlvmmail1 spamd[5868]: prefork: child states: II Oct 25 09:28:16 tlvmmail1 postfix/postfix-script[7445]: stopping the Postfix mail system Oct 25 09:28:16 tlvmmail1 postfix/master[6961]: terminating on signal 15 Oct 25 09:29:47 tlvmmail1 postfix/postfix-script[5684]: starting the Postfix mail system Oct 25 09:29:47 tlvmmail1 postfix/master[5685]: daemon started -- version 2.4.5, configuration /etc/postfix Oct 25 09:29:48 tlvmmail1 amavis[5146]: starting. /usr/sbin/amavisd at tlvmmail1 amavisd-new-2.5.2 (20070627), Unicode aware Oct 25 09:29:48 tlvmmail1 amavis[5146]: Perl version 5.008008 Oct 25 09:29:50 tlvmmail1 spamd[4948]: config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": use_dcc1 Oct 25 09:29:50 tlvmmail1 spamd[4948]: config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": dcc_timeout 10 Oct 25 09:29:50 tlvmmail1 spamd[4948]: config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": dcc_home /var/lib/dcc Oct 25 09:29:50 tlvmmail1 spamd[4948]: config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": dcc_path /usr/bin/dccproc Oct 25 09:29:51 tlvmmail1 spamd[4948]: logger: removing stderr method Oct 25 09:30:00 tlvmmail1 spamd[5818]: rules: meta test FM_DDDD_TIMES_2 has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score Oct 25 09:30:00 tlvmmail1 spamd[5818]: rules: meta test FM_SEX_HOSTDDDD has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score Oct 25 09:30:00 tlvmmail1 spamd[5818]: rules: meta test HS_PHARMA_1 has dependency 'HS_SUBJ_ONLINE_PHARMACEUTICAL' with a zero score Oct 25 09:30:01 tlvmmail1 spamd[5818]: spamd: server started on port 783/tcp (running version 3.2.3) Oct 25 09:30:01 tlvmmail1 spamd[5818]: spamd: server pid: 5818 Oct 25 09:30:01 tlvmmail1 spamd[5818]: spamd: server successfully spawned child process, pid 6048 Oct 25 09:30:01 tlvmmail1 spamd[5818]: spamd: server successfully spawned child process, pid 6049 Oct 25 09:30:01 tlvmmail1 spamd[5818]: prefork: child states: II /var/log/mail/warnings.log: Code: Oct 25 09:29:47 tlvmmail1 postfix/postfix-script[5603]: warning: group or other writable: /etc/postfix/./main.cf Oct 25 09:29:47 tlvmmail1 postfix/postfix-script[5625]: warning: group or other writable: /etc/postfix/./main.cf~ Oct 25 09:29:47 tlvmmail1 postfix/postfix-script[5641]: warning: group or other writable: /etc/postfix/./main.cf.orig Oct 25 09:29:53 tlvmmail1 spamd[5818]: razor2: razor2 check failed: No such file or directory razor2: Can't read conf file: /root/.razor/razor-agent.conf at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/Razor2.pm line 326. The /var/log/mail/errors.log file was empty. I assume that this means the config is not quite right yet? Any advice based on the above logfile contents is greatly appreciated! Thanks and kind regards, Greg.
OK, I've fixed all those errors and I'm making some progress It now appears as though my problem lies with Amavisd. Having Googled for this, I should be able to telnet to 127.0.01 on port 10025 - but this is not working. I've tried to amend the amavisd.conf file and now when I issue the command amavisd reload, I get the following error: The amavisd daemon is apparently not running, no PID file /var/lib/amavis/amavisd.pid Any ideas why that's occurring and how I should fix it? Should I just re-install Amavisd and start over? Thanks, Greg.
Thanks for following up with some more advice ;-) I did manage to get Amavisd to run now and I can telnet to 127.0.0.1 10025, but it seems like the email relaying is not configured correctly. I now get the following error in the /var/log/mail/info/log file: Code: Oct 26 14:24:15 tlvmmail1 postfix/smtpd[7868]: connect from tlvsmail1.tlab.local[172.xxx.xxx.xxx] Oct 26 14:24:18 tlvmmail1 postfix/smtpd[7868]: D54D730AA1: client=tlvsmail1.tlab.local[172.xxx.xxx.xxx] Oct 26 14:24:18 tlvmmail1 postfix/cleanup[7871]: D54D730AA1: message-id=<[email protected]> Oct 26 14:24:18 tlvmmail1 postfix/qmgr[7235]: D54D730AA1: from=<[email protected]>, size=2510, nrcpt=1 (queue active) Oct 26 14:24:18 tlvmmail1 postfix/smtpd[7868]: disconnect from tlvsmail1.tlab.local[172.xxx.xxx.xxx] Oct 26 14:24:20 tlvmmail1 amavis[7103]: (07103-03) Blocked MTA-BLOCKED, [172.xxx.xxx.xxx] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: YB4u1Zy7PilA, Hits: 2.176, size: 2510, 1956 ms Oct 26 14:24:20 tlvmmail1 postfix/smtp[7872]: D54D730AA1: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10025, delay=2.1, delays=0.08/0.02/0.09/1.9, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 From MTA([127.0.0.1]:10026) during fwd-connect (Negative greeting: at (eval 52) line 442, <GEN8> line 504.): id=07103-03 (in reply to end of DATA command)) Any ideas what needs changing? Thanks, Greg.
OK, I've made a bit of progress by enabling this section in the master.cf file: 127.0.0.1:10026 inet n - n - - smtpd (As you can see from the post below). I now get an undeliverable message in my Outlook when I send a test message. Here's the contents of the undeliverable: Code: This is the mail system at host tlvmmail1.tlab.local. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <gregn>: host tlfw1.tlab.local[172.31.3.28] said: 550 5.7.1 Unable to relay for [email protected] (in reply to RCPT TO command) Reporting-MTA: dns; tlvmmail1.tlab.local X-Postfix-Queue-ID: A454F30A99 X-Postfix-Sender: rfc822; [email protected] Arrival-Date: Sun, 28 Oct 2007 18:43:02 +0000 (GMT) Final-Recipient: rfc822; [email protected] Original-Recipient: rfc822;[email protected] Action: failed Status: 5.7.1 Remote-MTA: dns; tlfw1.tlab.local Diagnostic-Code: smtp; 550 5.7.1 Unable to relay for [email protected] Here's the contents of the master.cf: Code: # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - y - - smtpd pickup fifo n - y 60 1 pickup -o content_filter= -o receive_override_options= cleanup unix n - y - 0 cleanup qmgr fifo n - y 300 1 qmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o fallback_relay= showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache cyrus unix - n n - - lmtp -o lmtp_cache_connection=yes cyrus-chroot unix - - y - - lmtp -o lmtp_cache_connection=yes cyrus-inet unix - - y - - lmtp -o lmtp_cache_connection=yes -o lmtp_sasl_auth_enable=yes -o lmtp_sasl_password_maps=hash:/etc/postfix/cyrus_lmtp_sasl_pass -o lmtp_sasl_security_options=noanonymous 127.0.0.1:10026 inet n - n - - smtpd -o content_filter= -o smtpd_restriction_classes= -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_end_of_data_restrictions= -o smtpd_etrn_restrictions= -o smtpd_data_restrictions= -o smtpd_delay_reject=no -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes Here's the contents of the main.cf file: Code: readme_directory = /usr/share/doc/postfix/README_FILES html_directory = /usr/share/doc/postfix/html sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop command_directory = /usr/sbin manpage_directory = /usr/share/man daemon_directory = /usr/lib/postfix newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq queue_directory = /var/spool/postfix mail_owner = postfix inet_interfaces = all mynetworks_style = host smtpd_banner = $myhostname ESMTP $mail_name unknown_local_recipient_reject_code = 550 smtp-filter_destination_concurrency_limit = 2 lmtp-filter_destination_concurrency_limit = 2 smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2 recipient_delimiter = + owner_request_special = no alias_maps = hash:/etc/postfix/aliases content_filter = smtp-amavis:[127.0.0.1]:10025 receive_override_options = no_address_mappings header_checks = regexp:/etc/postfix/header_checks message_size_limit = 1024000 relay_domains = vmceuro.com, tlab.local, remote.tlab.local mydomain = vmceuro.com myhostname = tlvmmail1.tlab.local mynetworks = 127.0.0.0/8, 172.31.3.0/24, vmceuro.com, 10.250.10.0/24, tlab.local, remote.tlab.local, 192.168.240.0/24 transport_maps = hash:/etc/postfix/transport queue_minfree = 0 maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, opm.blitzed.org, dun.dnsrbl.net smtpd_helo_restrictions = permit_mynetworks, warn_if_reject, reject_non_fqdn_hostname, reject_maps_rbl smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient smtpd_sender_restrictions = reject_unauth_pipelining, reject_unknown_sender_domain, reject_non_fqdn_sender relay_recipient_maps = hash:/etc/postfix/exchange_recipients delay_warning_time = 2h myorigin = vmceuro.com mydestination = $myhostname, localhost.$mydomain debug_peer_level = 1 mail_spool_directory = /var/spool/mail alias_database = hash:/etc/postfix/aliases relayhost = tlfw1.tlab.local Here's the contents of the /var/log/mail/info.log: Code: Oct 28 18:43:00 tlvmmail1 postfix/smtpd[6563]: connect from tlvsmail1.tlab.local[172.31.3.34] Oct 28 18:43:00 tlvmmail1 postfix/smtpd[6563]: 1CF0E30A8B: client=tlvsmail1.tlab.local[172.31.3.34] Oct 28 18:43:00 tlvmmail1 postfix/cleanup[6566]: 1CF0E30A8B: message-id=<3927C4FEE97FAF4F9BF223B02624190E24FF> Oct 28 18:43:00 tlvmmail1 postfix/qmgr[5681]: 1CF0E30A8B: from=<gregn>, size=2553, nrcpt=1 (queue active) Oct 28 18:43:00 tlvmmail1 postfix/smtpd[6563]: disconnect from tlvsmail1.tlab.local[172.31.3.34] Oct 28 18:43:02 tlvmmail1 postfix/smtpd[6571]: connect from tlvmmail1.tlab.local[127.0.0.1] Oct 28 18:43:02 tlvmmail1 postfix/smtpd[6571]: A454F30A99: client=tlvmmail1.tlab.local[127.0.0.1] Oct 28 18:43:02 tlvmmail1 postfix/cleanup[6566]: A454F30A99: message-id=<3927C4FEE97FAF4F9BF223B02624190E24FF> Oct 28 18:43:02 tlvmmail1 postfix/qmgr[5681]: A454F30A99: from=<gregn>, size=3202, nrcpt=1 (queue active) Oct 28 18:43:02 tlvmmail1 postfix/smtpd[6571]: disconnect from tlvmmail1.tlab.local[127.0.0.1] Oct 28 18:43:02 tlvmmail1 amavis[6005]: (06005-01) Passed CLEAN, [172.31.3.34] <gregn> -> <gregn>, Message-ID: <3927C4FEE97FAF4F9BF223B02624190E24FF>, mail_id: oiXyScjU-H77, Hits: 2.321, size: 2553, queued_as: A454F30A99, 2578 ms Oct 28 18:43:02 tlvmmail1 postfix/smtp[6567]: 1CF0E30A8B: to=<gregn>, relay=127.0.0.1[127.0.0.1]:10025, delay=2.6, delays=0.02/0.01/0.03/2.6, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as A454F30A99) Oct 28 18:43:02 tlvmmail1 postfix/qmgr[5681]: 1CF0E30A8B: removed Oct 28 18:43:02 tlvmmail1 postfix/smtp[6572]: A454F30A99: to=<gregn>, relay=tlfw1.tlab.local[172.31.3.28]:25, delay=0.11, delays=0.01/0.03/0.01/0.06, dsn=5.7.1, status=bounced (host tlfw1.tlab.local[172.31.3.28] said: 550 5.7.1 Unable to relay for [email protected] (in reply to RCPT TO command)) Oct 28 18:43:02 tlvmmail1 postfix/cleanup[6566]: BF0EF30A92: message-id=<20071028184302> Oct 28 18:43:02 tlvmmail1 postfix/qmgr[5681]: BF0EF30A92: from=<>, size=5161, nrcpt=1 (queue active) Oct 28 18:43:02 tlvmmail1 postfix/bounce[6573]: A454F30A99: sender non-delivery notification: BF0EF30A92 Oct 28 18:43:02 tlvmmail1 postfix/qmgr[5681]: A454F30A99: removed Oct 28 18:43:02 tlvmmail1 postfix/smtp[6572]: BF0EF30A92: to=<gregn>, relay=172.31.3.34[172.31.3.34]:25, delay=0.11, delays=0.01/0/0/0.1, dsn=2.6.0, status=sent (250 2.6.0 <20071028184302> Queued mail for delivery) Oct 28 18:43:02 tlvmmail1 postfix/qmgr[5681]: BF0EF30A92: removed The server tlfw1.tlab.local is the ISA firewall, and the rules on the ISA box allow SMTP relaying from the inside network (which the Linux box is in). Thanks, Greg.
The [email protected] address is the delivery address (i.e. the TO address) for the email I sent out. The from address is the [email protected] address and this is a Microsoft Exchange mailbox. There are no mailboxes on the Linux box. All I want the Linux box to do is to scan inbound and outbound emails for viruses and spam. As long as the mails are clean, the Linux box should just forward to the appropriate next hop - either the ISA firewall for outbound mail, or the Exchange server for inbound mail. The mail that generated this delivery failure notice was an outbound mail from the Exchange mailbox to an external email address in a totally separate Exchange email system. Thanks, Greg.
OK, I've managed to get this working how I want now by changing these settings in the main.cf file: Code: mynetworks_style = host changed to: Code: mynetworks_style = subnet and: Code: mynetworks = 127.0.0.0/8, 172.31.3.0/24, vmceuro.com, 10.250.10.0/24, tlab.local, remote.tlab.local, 192.168.240.0/24 changed to: Code: mynetworks = 127.0.0.0/8, 172.31.3.0/24, 10.250.10.0/24, 192.168.240.0/24 I also had to tweak the email relaying settings on my ISA server to allow the Linux server IP address. I'm all set now, so thanks very much for your help and advice ;-) Kind Regards, Greg.
