|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Robert Lopez (rlopezcnm
gmail.com)
Date: Mon May 18 2009 - 15:53:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
A new email gateway I am building is sending email with empty subject, empty
body,
and the internal from starts with "Postfix After-Queue Content Filter:.
It is possible an external filter is the culprit, but it appears to me as if
postfix is actually
stripping the missing information, due to some misconfiguration, because
otherwise
it is working as it is supposed to.
My project is to move email gateways off of old hardware to new hardware.
The intent is to keep running all the currently used software on new
hardware.
New rhel-5.3-x86_64 installed.
Sendmail worked fine.
Postfix-2.3.3 replaced sendmail and worked fine.
All local changes used on older servers except on made to main.cf and
master.cf
and postfix still worked fine.
SpamAssassin version 3.2.5 running on Perl version 5.8.8 installed and
worked fine
in stand-alone tests.
ClamAV installed and worked fine in stand-alone tests.
Anomy sanitizer was added and past stand-alone tests.
The last change was made to master.cf.
It was to add this at end of file:
filter unix - n n - - pipe
flags=Rq user=filter argv=/u01/gluescript/filter.sh -f ${sender} --
${recipient}
Where the filter.sh is:
<begin script>
#!/bin/sh
#
# filter.sh
#
# Simple filter to plug Anomy Sanitizer and SpamAssassin
# into the Postfix MTA
#
# From http://advosys.ca/papers/postfix-filtering.html
# Advosys Consulting Inc., Ottawa
#
# For use with:
# Postfix 20010228 or later
# Anomy Sanitizer revision 1.49 or later
# SpamAssassin 2.42 or later
#
# Note: Modify the file locations to match your particular
# server and installation of SpamAssassin.
# File locations:
# (CHANGE AS REQUIRED TO MATCH YOUR SERVER)
INSPECT_DIR=/var/spool/filter
#SENDMAIL="/usr/lib/sendmail -i"
#above should be the same as following
SENDMAIL="/usr/sbin/sendmail.postfix -i"
ANOMY=/u01/anomy
SANITIZER=/u01/anomy/bin/sanitizer.pl
ANOMY_CONF=/u01/anomy/anomy.conf
ANOMY_LOG=/tmp/anomy.log
SPAMASSASSIN=/usr/bin/spamassassin
SPAMC=/usr/bin/spamc
SPAMC_LOG=/tmp/spamc.log
export ANOMY
# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
# Clean up when done or when aborting.
trap "rm -f out.$$" 0 1 2 3 15
cat | $SPAMC 2>>$SPAMC_LOG | $SANITIZER \
$ANOMY_CONF 2>>$ANOMY_LOG > out.$$ || \
{ echo Message content rejected; exit $EX_UNAVAILABLE; }
# Search header only for spam greater then or equal to spam threshold
DROPSPAM=`awk 'BEGIN{RS=""}{print;exit}' out.$$|grep '^X-Spam-Level:
\*\*\*\*\*\*'`
[ "$DROPSPAM" ] && {
rm -f out.$$
#mv out.$$ spamdropped.$$
exit 0
}
## return to postfix via postfix.sendmail
$SENDMAIL "$" < out.$$
exit $?
<end script>
This is when sending email broke.
All email are sent and are delivered to final distinations.
The subject is stripped out.
The body is stripped out.
The From address seen by recepients email program becomes: Postfix
After-Queue Content Filter [<any account>cnm.edu]
Maillog never has any warnin, error, fatal, or panic.
/usr/sbin/sendmail -bv ... always determines "deleverable"
/usr/sbin/sendmail -v ... sends with same (stripped out) results.
All debugging and tracing show nothing because Postfix is not encountering a
bug.
I replaced the glue script above with a number of scripts attempting
to run one filter at a time and the same results resulted.
This script that calls no filter was finally tried:
<begin script>
#!/bin/sh
# Simple shell-based filter. It is meant to be invoked as follows:
# /path/to/script -f sender recipients...
# Localize these. The -G option does nothing before Postfix 2.3.
INSPECT_DIR=/var/spool/filter
SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here.
# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
# Clean up when done or when aborting.
trap "rm -f in.$$" 0 1 2 3 15
# Start processing.
cd $INSPECT_DIR || {
echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
cat >in.$$ || {
echo Cannot save mail to file; exit $EX_TEMPFAIL; }
#$SENDMAIL "$" <in.$$
echo -n $SENDMAIL "$">>out
cat in.$$ >>out
exit $?
<end script>
The results were the same.
This is the postfinger output (munged gateway names:
postfinger - postfix configuration on Mon May 18 14:36:45 MDT 2009
version: 1.30
Warning: postfinger output may show private configuration information,
such as ip addresses and/or domain names which you do not want to show
to the public. If this is the case it is your responsibility to modify
the output to hide this private information. [Remove this warning with
the --nowarn option.]
--System Parameters--
mail_version = 2.3.3
hostname = DDDD
uname = Linux DDDD 2.6.18-128.1.6.el5 #1 SMP Tue Mar 24 12:05:57 EDT 2009
x86_64 x86_64 x86_64 GNU/Linux
--Packaging information--
looks like this postfix comes from RPM package: postfix-2.3.3-2.1.el5_2
--main.cf non-default parameters--
bounce_size_limit = 1
default_process_limit = 400
header_checks = regexp:/etc/postfix/header_checks
local_recipient_maps =
local_transport = error
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_domains = $mydomain, cnm.edu, nmvc.org, nmvirtualcollege.org
message_size_limit = 16777216
mydestination = $myhostname, $mydomain, localhost.localdomain, cnm.edu,
mail.cnm.edu, AAAA.cnm.edu, BBBB.cnm.edu, CCCC.cnm.edu, DDDD.cnm.edu,
EEEE.cnm.edu, FFFF.cnm.edu,nmvc.org, mail.nmvc.org, AAAA.nmvc.org,
BBBB.nmvc.org, CCCC.nmvc.org, nmvirtualcollege.org,
mail.nmvirtualcollege.org, AAAA.nmvirtualcollege.org,
BBBB.nmvirtualcollege.org, CCCC.nmvirtualcollege.org,nmln.net, ideal-nm.org,
ideal-nm.net, idealnm.org, idealnm.net
mydomain = cnm.edu
myhostname = DDDD.cnm.edu
mynetworks = 198.133.182.0/24, 198.133.181.0/24, 198.133.180.0/24,
172.16.0.0/12, 192.168.0.0/16, 10.0.0.0/8, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
notify_classes = resource,software
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
smtpd_client_restrictions = permit_mynetworks
hash:/etc/postfix/whitelist reject_rbl_client zen.spamhaus.org
reject_rbl_client blackholes.five-ten-sg.com=127.0.0.4 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.5 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.6 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.7 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.8 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.9 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.10 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.11 reject_rbl_client
blackholes.five-ten-sg.com=127.0.0.13 reject_rbl_client
bl.spamcop.netreject_rbl_client
dnsbl.njabl.org permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/overquota check_recipient_access
hash:/etc/postfix/filtered_domains permit_mynetworks
reject_unauth_destination check_client_access hash:/etc/postfix/access
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/greylist check_sender_access
hash:/etc/postfix/sender_access permit_mynetworks
reject_unknown_sender_domain
virtual_alias_maps = hash:/etc/postfix/virtualaliases
--master.cf--
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension}
${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
filter unix - n n - - pipe
flags=Rq user=filter argv=/u01/gluescript/filter.sh -f ${sender} --
${recipient}
-- end of postfinger output --
tcpdump shows no problem.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]