spamassassin/clamav setup problem

Hello,

I have setup my ubuntu 8.04 LTS server as guided in "The Perfect Server (by Falko)". I have not installed ISPConfig.

Since, this howto do not include spamassassin and clamav setup, I have setup them, as guided in "Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 8.04 LTS)".

I am not using MySQL as well as virtual users, I am using system users, therefore I jumped directly to "9 Install amavisd-new, SpamAssassin, And ClamAV" part of the said howto.

Now, my mails transmitted into internal network, do not get delivered to destinations. If I comment out the added lines in postfix's main.cf and master.cf, it works fine without spamassasin / clamav interaction.

I know, there should be some silly matter which needs to be configured but cannot figure it out myself. Any suggestions welcome.

Dipesh

 

What's in your mail log?

What's in /etc/postfix/main.cf and /etc/postfix/master.cf?

 

Hello,

Sorry for re-opening the thread after a long time. Since, the setup is on my production server, I have not been able to run test cases as much.

Please check my postfix config files as under:

=======================
main.cf
=======================
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
#
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtp_generic_maps = hash:/etc/postfix/generic
myorigin = /etc/mailname
mydestination = hostname.domain.com, localhost.domain.com, localhost.localdomain, localhost, domain.com
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command =
mailbox_size_limit = 0
message_size_limit = 25600000
recipient_delimiter = +
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
sender_bcc_maps = hash:/etc/postfix/sender_bcc
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings


=====================
master.cf
=====================
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restictions=
-o smtpd_recipient_restictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1
==================

I have noticed that while sending mails postfix do not read sender_dependent_relayhost_maps and smtp_generic_maps if amavis-new is there in postfix config files. Mails sent to local users do not deliver at all - and mail que status is "mail transport unavailable". Whereas for mails sent to out of the world, it does not being relayed through my ISP mail server, and therefore almost all recipient server reject it.

At present I have comented out the lines related to amavis, and content filter, and the set up is running very fine.

Please help me out.

Thanks in advance.

Dipesh

 

What's in your mail log when you try to send a mail to one of your accounts?

 

Hello Falko,

Following are logs:

1. When I sent mail to local user:

2a. When I sent mail to my yahoo id:

2b. Headers received at yahoo:

3. When I sent mail to yahoo, after commenting out the lines related to content-filter and amavis into main.cf and master.cf

and headers received at yahoo

4. Following is generic maps:

5. Following is sender_dependant_relay_maps:

Hope this would suffice the need for investigation, if any more information is required, please tell.

Dipesh

 

Please create a PTR record for the server.

 

Hello Falko,

The Static IP 59.96.84.206 has been provided by my ISP, and following details has been given by him:

Moreover, if the said error occurs it means that my mail has not been relayed and fired directly. Similarly, what about internal emails?

Regards,

Dipesh

 

Does 2020503.mx2.banlab.com use valid nameservers in /etc/resolv.conf?

 

Hello Falko,

Thanks for showing interest to solve my problem.

At this point, I think we are going towards something wrong way. So please let me give a brief idea about my system and environment.

The host banrjt.banlabs.net is my ubuntu server which has been situated at my office. About more than 50 machines running Windows XP / vista are connected to the same. I have been using ubuntu server as mail server for my internal mails.

The domain banlab.com is being hosted at my ISP for webhosting as well as email hosting. We have some 15 different mail ids at banlab.com.

I use getmail (http://www.howtoforge.com/debian_etch_getmail) to fetch mails from ISP POP Mailboxes. (*@banlab.com). The mails are fetched for [email protected] and there I use .forward for forwarding the mails to associated internal user accounts.

To send mails internal (i.e. [email protected] to [email protected]), I do not need to configure anything, it works fine. To send mails to outside world, I use sender_dependant_relay_maps, to relay through ISP mail servers (i.e. smtp.banlab.com). Further I use generic maps (http://www.postfix.org/ADDRESS_REWRITING_README.html#generic) to rewrite from: address for outside world.

All these setup runs without any problem, if I remove

Code:

#content_filter = amavis:[127.0.0.1]:10024
#receive_override_options = no_address_mappings

from /etc/postfix/main.cf and

Code:

#amavis unix - - - - 2 smtp
	-o smtp_data_done_timeout=1200
	-o smtp_send_xforward_command=yes

#127.0.0.1:10025 inet n - - - - smtpd
	-o content_filter=
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_client_restrictions=
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restictions=
	-o smtpd_recipient_restictions=permit_mynetworks,reje ct
	-o mynetworks=127.0.0.0/8
	-o strict_rfc821_envelopes=yes
	-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
	-o smtpd_bind_address=127.0.0.1

from /etc/postfix/master.cf

Now coming again to my problem, if I enable above lines in main.cf and master.cf. In the above mentioned log entry 1, you may notice that...
i. The mail is originated by [email protected] (generic map: [email protected] [email protected])for [email protected] (generic map: [email protected] [email protected])
ii. The mail is transported as from [email protected] to [email protected], that means it didn't recognised that the mail is internal, and therefore passed through generic maps.
iii. The mail transported as from [email protected] but didn't relayed through smtp.banlab.com (sender_dependant_relay_maps: [email protected] smtp.banlab.com)
iv. Due to security measures opted by ISP at banlab.com, the mail was rejected.
v. For this mail sender_bcc is not generated, which recipient_bcc is generated.

The similar things happens for log entry 2a & 2b, the mail is transported directly i.e. without relay, and received at yahoo.

Thanks again for sparing your time to diagnose.

Dipesh

 

* bump *

 

I'm afraid I don't know what's wrong with your system.

 

Thanks Falko for sparing your time to sort out the issues, no matter whether solved or not.

Btw, if you wish, I PM you with access rights to my server, to check the things.

Dipesh