[Postfixbuch-users] DISCARD bei Verwendung von smtpd_proxy_filter nicht verfügbar - Alternativen?

Christian Garling christian.garling at cg-networks.de
Do Apr 17 11:03:17 CEST 2014


Hallo zusammen,

Am 16.04.2014 13:49, schrieb Patrick Ben Koetter:
> * Christian Garling <postfixbuch-users at listen.jpberlin.de>:
>> Hallo zusammen,
>>
>> ich benutze Amavis als smtpd_proxy_filter und wollte gerade
>> verschiedene Absenderdomains blocken in dem ich sie mit Action
>> DISCARD in eine von check_sender_access referenzierte Map
>> eingetragen habe. Das Log sagt dazu dann aber:
>>
>> warning: access table hash:/etc/postfix/access_maps/sender: with
>> smtpd_proxy_filter specified, action DISCARD is unavailable
> Discarde NACH dem smtpd_proxy_filter, also beim Reentry mach amavis.
ich stehe gerade noch etwas auf dem Schlauch. Wie bewerkstellige ich das?
>
> p at rick
>
Hier nochmal zur Übersicht meine master.cf:

smtp      inet  n       -       n       -       -       smtpd
         -o smtpd_proxy_filter=127.0.0.1:10024
         -o content_filter=
         -o smtpd_sasl_auth_enable=no
submission inet n       -       n       -       -       smtpd
         -o smtpd_proxy_filter=
         -o content_filter=amavisfeed:[127.0.0.1]:10024
         -o smtpd_tls_security_level=encrypt
         -o smtpd_sasl_auth_enable=yes
         -o smtpd_client_restrictions=permit_sasl_authenticated,reject
         -o milter_macro_daemon_name=ORIGINATING
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       - trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
         -o smtp_fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

amavisfeed unix    -       -       n        -      2     lmtp
      -o lmtp_data_done_timeout=1200
      -o lmtp_send_xforward_command=yes
      -o lmtp_tls_note_starttls_offer=no

127.0.0.1:10025 inet n    -       n       -       -     smtpd
      -o content_filter=
      -o smtpd_delay_reject=no
      -o smtpd_client_restrictions=permit_mynetworks,reject
      -o smtpd_helo_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o smtpd_data_restrictions=reject_unauth_pipelining
      -o smtpd_end_of_data_restrictions=
      -o smtpd_restriction_classes=
      -o mynetworks=127.0.0.0/8
      -o smtpd_error_sleep_time=0
      -o smtpd_soft_error_limit=1001
      -o smtpd_hard_error_limit=1000
      -o smtpd_client_connection_count_limit=0
      -o smtpd_client_connection_rate_limit=0
      -o 
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
      -o local_header_rewrite_clients=
      -o smtpd_milters=
      -o local_recipient_maps=
      -o relay_recipient_maps=

Sowie postconf -n:

address_verify_map = btree:$data_directory/verify_cache
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
body_checks = pcre:/etc/postfix/header_body_checks/body_checks
bounce_queue_lifetime = 3d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_body_checks/header_checks
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 3d
message_size_limit = 33554432
mydestination = localhost, localhost.$mydomain, $myhostname, 
lvps87-230-14-179.dedicated.hosteurope.de
mydomain = cg-networks.de
myhostname = mail.cg-networks.de
mynetworks = 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_domains = hash:/etc/postfix/relay_domains
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_recipient_access 
hash:/etc/postfix/access_maps/role_accounts, check_client_access 
hash:/etc/postfix/access_maps/hostname, check_client_access 
cidr:/etc/postfix/access_maps/ip.cidr, check_helo_access 
hash:/etc/postfix/access_maps/helo, check_helo_access 
pcre:/etc/postfix/access_maps/helo.pcre, check_sender_access 
hash:/etc/postfix/access_maps/sender, check_recipient_access 
hash:/etc/postfix/access_maps/recipient, reject_non_fqdn_sender, 
reject_non_fqdn_recipient, reject_unknown_sender_domain, 
reject_unknown_recipient_domain, reject_invalid_hostname, 
permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, 
check_policy_service inet:127.0.0.1:12525, check_policy_service 
inet:127.0.0.1:10023, reject_unverified_recipient, 
reject_unauth_pipelining,                check_policy_service 
inet:127.0.0.1:12340,                                permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/mail/mail.cg-networks.de.crt
smtpd_tls_key_file = /etc/pki/mail/mail.cg-networks.de.key
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
soft_bounce = no
transport_maps = hash:/etc/postfix/transport, $relay_domains
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps

Gruß, Christian



Mehr Informationen über die Mailingliste Postfixbuch-users