NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2005-09

Per user RBL check, SAV, spam check, virus scanning

From: Gálos András (galosanetinform.hu)
Date: Fri Sep 02 2005 - 04:58:11 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear List Members,

I successfully use some Postfix instances on several machines, but now I
decided to try a database backend to make users easily manage their
settings.

I could reach that:

1. Users can turn on and off in the database that Postfix should use RBLs
when receiving emails for them.

2. Users can turn on and off in the database that Postfix should use Sender
Address Verification (SAV in the subject line) when receiving emails for
them.

3. Users can turn on and off in the database that Postfix should call
Spamassassin to mark spam-like messages after receiving emails for them.

And other settings are also possible with smtpd_restriction_classes, and
storing the class in the database in a per user basis.

That's okay.

But, I'm stucked with one problem, it's around Amavis. I used it in order
before, Postfix forwarded every non locally generated message to amavisd-new
which is setup to call ClamAV, to virus check the message. But now I can't
get it work. Everything works with Spamassassin, but not with ClamAV.

Let me show the recipient classes:

smtpd_restriction_classes = rbl0, rbl1
                              sav0, sav1
                              sa0, sa1
                              clam0,clam1

rbl0 = reject_unauth_pipelining # Dummy, do nothing
rbl1 = reject_rbl_client sbl-xbl.spamhaus.org
          reject_rbl_client dnsbl-1.uceprotect.net
          reject_rbl_client relays.ordb.org
          reject_rbl_client dnsbl.njabl.org
sav0 = reject_unauth_pipelining # Dummy, do nothing
sav1 = reject_unverified_sender
sa0 = reject_unauth_pipelining # Dummy, do nothing
sa1 = check_recipient_access pcre:/etc/postfix/spamassassin
clam0 = reject_unauth_pipelining # Dummy, do nothing
clam1 = check_recipient_access pcre:/etc/postfix/clamav

These classes are called this way:
smtpd_recipient_restrictions = ...
                               permit_mynetworks
                               ...
                               reject_unauth_destination
                               ...
                               check_recipient_access
mysql:/etc/postfix/clamav.cf
                               check_recipient_access
mysql:/etc/postfix/spam_rbl.cf
                               check_recipient_access
mysql:/etc/postfix/spam_sav.cf
                               check_recipient_access
mysql:/etc/postfix/spam_sa.cf
                               permit

The cf files work well and retrieves the per user (or per domain) settings
from the database.
For example /etc/postfix/spam_sa.cf:

hosts = 127.0.0.1
user = postfix
password = xxx
dbname = users
table = postfix_filters
select_field = SpamAssassin
where_field = Recipient
additional_conditions = AND Enabled = '1'

The SpamAssassin field is an enum('sa0', 'sa1'), so contains either sa0 or
sa1. These are the needed classes, and the appropriate one is called.
If it contains sa1, it means SpamAssassin check is needed, so the sa1 line
is used above.
The /etc/postfix/spamassassin file contains:

/.*/
FILTER spamfilter:

So, every message is sent to the spamfilter service. And it works great.

The situation is the same with Amavis, but it doesn't work. The database is
queried well, if clam1 comes out the message is sent to Amavis, I can track
it in the logs:

NOQUEUE: filter: RCPT from somewhere[someIP]: <galosanetinform.hu>:
Recipient address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=...

But that's all. The message is sent to Amavis, but isn't get back. No
"X-Virus-Scanned:" header line is appended, and no virustest is catched.
Amavis itself of course works, if I telnet a message to localhost:10024 it's
scanned, and the header line is appended.

It seems, a copy of the incoming message is sent to Amavis, which gets
silently ignored. And the message goes throug the next steps, gets checked
by Spamassassin (header lines inserted), and then gets delivered to a
maildir.

I'd like to ask your help, please explain to me which is the difference
between the Spamassassin and the Amavis service, that causes that one works
and the other doesn't.
Probably because Spamassassin uses a pipe while Amavis uses smtp?
How could I tell Postfix, that it sould send the message to Amavis and
should continue dealing with the next checks after it received it back on
port 10025?
Should I set Postfix to forward the message to 10024 (for Amavis) in case of
clam1 is in the database, and forward it to port 10025 when clam0 is stored,
and continue the inspection in that port 10025 service?

So, I'm stucked. Everything works fine but the messages are not filtered
through Amavis. They are sent to it, but discarded somehow there, and they
go forward with the next checks (RBL, SAV then Spamassassin), and then
stored in order in maildirs.
In practice, everything works in the per user (and domain) bais, messages
are delivered, but not viruschecked. :(

Waiting for your kind answer, and thank you in advance...
Regards,
Andras Galos

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]