Loading ...
Sorry, an error occurred while loading the content.

Re: Creating a dummy filter

Expand Messages
  • Noel Jones
    ... The DUNNO solution described earlier will work for any setup that doesn t use content_filter = something in main.cf or the receiving smtpd listener. So
    Message 1 of 17 , Sep 1, 2008
    • 0 Attachment
      Camron W. Fox wrote:
      > Stefan Palme wrote:
      >> On Fri, 2008-08-29 at 09:39 -1000, Camron W. Fox wrote:
      >>> Noel Jones wrote:
      >>>> Camron W. Fox wrote:
      >>>>> Alle,
      >>>>>
      >>>>> We would like to filter all internal email so that it bypasses
      >>>>> SpamAssassin. We have set up per_client_filters using:
      >>>>>
      >>>>> smtpd_client_restrictions =
      >>>>> check_client_access cidr:/etc/postfix/per_client_filter
      >>>>>
      >>>>> == per_client_filter:
      >>>>> 0.0.0.0/0 FILTER spamassassin:
      >>>>> 10.0.0.0/8 FILTER dummy:
      >>>>> ...
      >>>>>
      >>>> Note that order matters in a cidr: table. First match wins;
      >>>> everything matches 0.0.0.0/0. Put the catchall last, more specific
      >>>> entries earlier.
      >>>> http://www.postfix.org/cidr_table.5.html
      >>>>
      >>>>> The spamassasin filter works fine, but how do we create a dummy
      >>>>> filter that just does a bypass of all the internal emails?
      >>>>>
      >>>> Why send them through a filter at all if you don't want them
      >>>> filtered? Use DUNNO as the table result.
      >>>>
      >>>> 10.0.0.0/8 DUNNO
      >>>> 0.0.0.0/0 FILTER...
      >>>>
      >>> Noel,
      >>>
      >>> So this will accomplish what we want?
      >>>
      >>> 10.0.0.0/0 DUNNO
      >>> 0.0.0.0/0 FILTER spamassassin:
      >>
      >>
      >> Maybe not exactly. We have a similar setup. The problem here is,
      >> that mails handed out to spamassassin (in our case its amavisd-new)
      >> is reinjected by amavisd-new to postfix via localhost:10025. All
      >> mails bypassing amavisd-new must be "manually" reinjected to port
      >> 10025 to accomplish address rewriting etc. (all the stuff that is
      >> done AFTER content filtering).
      >>
      >> So your setup would look like this:
      >>
      >> 10.0.0.0/0 FILTER smtp:[127.0.0.1]:10025
      >> 0.0.0.0/0 FILTER spamassassin:
      >>
      >> Regards
      >> -stefan-
      >>
      >>
      >
      > Stefan,
      >
      > Except we aren't using amavis and spamassassin processes traffic on
      > our DMZ. Virus scanning is done on the interior mail servers with
      > amavisd-new and ClamAV:
      >
      > root@rb4:/etc/postfix [1002/2]# grep spamassassin master.cf
      > smtp inet n - n - - smtpd -o
      > content_filter=spamassassin
      > spamassassin
      > unix - n n - - pipe
      > user=nobody argv=/usr/bin/spamc -e /usr/lib/sendmail -oi -f ${sender}
      > ${recipient}
      >
      > Best Regards,
      > Camron
      >
      > Camron W. Fox
      > Hilo Office
      > High Performance Computing Group
      > Fujitsu America, INC.
      > E-mail: cwfox@...
      >

      The DUNNO solution described earlier will work for any setup
      that doesn't use "content_filter = something" in main.cf or
      the receiving smtpd listener.

      So it should work fine for you.

      --
      Noel Jones
    • Camron W. Fox
      ... Alle, I tested this and it seemed to work with no problems. When I implemented it on the production servers, I started to see these messages: access table
      Message 2 of 17 , Sep 26, 2008
      • 0 Attachment
        Noel Jones wrote:
        > Camron W. Fox wrote:
        >> Stefan Palme wrote:
        >>> On Fri, 2008-08-29 at 09:39 -1000, Camron W. Fox wrote:
        >>>> Noel Jones wrote:
        >>>>> Camron W. Fox wrote:
        >>>>>> Alle,
        >>>>>>
        >>>>>> We would like to filter all internal email so that it bypasses
        >>>>>> SpamAssassin. We have set up per_client_filters using:
        >>>>>>
        >>>>>> smtpd_client_restrictions =
        >>>>>> check_client_access cidr:/etc/postfix/per_client_filter
        >>>>>>
        >>>>>> == per_client_filter:
        >>>>>> 0.0.0.0/0 FILTER spamassassin:
        >>>>>> 10.0.0.0/8 FILTER dummy:
        >>>>>> ...
        >>>>>>
        >>>>> Note that order matters in a cidr: table. First match wins;
        >>>>> everything matches 0.0.0.0/0. Put the catchall last, more specific
        >>>>> entries earlier.
        >>>>> http://www.postfix.org/cidr_table.5.html
        >>>>>
        >>>>>> The spamassasin filter works fine, but how do we create a
        >>>>>> dummy filter that just does a bypass of all the internal emails?
        >>>>>>
        >>>>> Why send them through a filter at all if you don't want them
        >>>>> filtered? Use DUNNO as the table result.
        >>>>>
        >>>>> 10.0.0.0/8 DUNNO
        >>>>> 0.0.0.0/0 FILTER...
        >>>>>
        >>>> Noel,
        >>>>
        >>>> So this will accomplish what we want?
        >>>>
        >>>> 10.0.0.0/0 DUNNO
        >>>> 0.0.0.0/0 FILTER spamassassin:
        >>>
        >>>
        >>> Maybe not exactly. We have a similar setup. The problem here is,
        >>> that mails handed out to spamassassin (in our case its amavisd-new)
        >>> is reinjected by amavisd-new to postfix via localhost:10025. All
        >>> mails bypassing amavisd-new must be "manually" reinjected to port
        >>> 10025 to accomplish address rewriting etc. (all the stuff that is
        >>> done AFTER content filtering).
        >>>
        >>> So your setup would look like this:
        >>>
        >>> 10.0.0.0/0 FILTER smtp:[127.0.0.1]:10025
        >>> 0.0.0.0/0 FILTER spamassassin:
        >>>
        >>> Regards
        >>> -stefan-
        >>>
        >>>
        >>
        >> Stefan,
        >>
        >> Except we aren't using amavis and spamassassin processes traffic
        >> on our DMZ. Virus scanning is done on the interior mail servers with
        >> amavisd-new and ClamAV:
        >>
        >> root@rb4:/etc/postfix [1002/2]# grep spamassassin master.cf
        >> smtp inet n - n - - smtpd -o
        >> content_filter=spamassassin
        >> spamassassin
        >> unix - n n - - pipe
        >> user=nobody argv=/usr/bin/spamc -e /usr/lib/sendmail -oi -f
        >> ${sender} ${recipient}
        >>
        >> Best Regards,
        >> Camron
        >>
        >> Camron W. Fox
        >> Hilo Office
        >> High Performance Computing Group
        >> Fujitsu America, INC.
        >> E-mail: cwfox@...
        >>
        >
        > The DUNNO solution described earlier will work for any setup that
        > doesn't use "content_filter = something" in main.cf or the receiving
        > smtpd listener.
        >
        > So it should work fine for you.
        >

        Alle,

        I tested this and it seemed to work with no problems. When I
        implemented it on the production servers, I started to see these messages:

        access table cidr:/etc/postfix/per_client_filter entry "10.1.2.3"
        requires transport:destination

        I cannot tell if this mail is being bounced or not. Any help would be
        appreciated.

        Best Regards,
        Camron

        --
        Camron W. Fox
        Hilo Office
        High Performance Computing Group
        Fujitsu America, INC.
        E-mail: cwfox@...
      • Sahil Tandon
        ... Typo in your per_client_filter CIDR? Show us. -- Sahil Tandon
        Message 3 of 17 , Sep 26, 2008
        • 0 Attachment
          Camron W. Fox <cwfox@...> wrote:

          > access table cidr:/etc/postfix/per_client_filter entry "10.1.2.3" requires
          > transport:destination

          Typo in your per_client_filter CIDR? Show us.

          --
          Sahil Tandon <sahil@...>
        • Camron W. Fox
          ... Sorry, it was shown in the inline above: 133.40.0.0/16 FILTER DUNNO 0.0.0.0/0 FILTER spamassassin: Best Regards, Camron
          Message 4 of 17 , Sep 26, 2008
          • 0 Attachment
            Sahil Tandon wrote:
            > Camron W. Fox <cwfox@...> wrote:
            >
            >> access table cidr:/etc/postfix/per_client_filter entry "10.1.2.3" requires
            >> transport:destination
            >
            > Typo in your per_client_filter CIDR? Show us.
            >
            Sorry, it was shown in the inline above:

            133.40.0.0/16 FILTER DUNNO
            0.0.0.0/0 FILTER spamassassin:

            Best Regards,
            Camron
          • Sahil Tandon
            ... DUNNO is not a filter; that s why Postfix is complaining. See access(5): http://www.postfix.org/access.5.html -- Sahil Tandon
            Message 5 of 17 , Sep 26, 2008
            • 0 Attachment
              Camron W. Fox <cwfox@...> wrote:

              > Sahil Tandon wrote:
              >> Camron W. Fox <cwfox@...> wrote:
              >>
              >>> access table cidr:/etc/postfix/per_client_filter entry "10.1.2.3"
              >>> requires transport:destination
              >>
              >> Typo in your per_client_filter CIDR? Show us.
              >>
              > Sorry, it was shown in the inline above:
              >
              > 133.40.0.0/16 FILTER DUNNO

              DUNNO is not a filter; that's why Postfix is complaining. See
              access(5):

              http://www.postfix.org/access.5.html

              --
              Sahil Tandon <sahil@...>
            • Camron W. Fox
              ... So it should be this: 133.40.0.0/16 DUNNO 0.0.0.0/0 FILTER spamassassin: Best Regards, Camron -- Camron W. Fox Hilo Office High Performance Computing Group
              Message 6 of 17 , Sep 26, 2008
              • 0 Attachment
                Sahil Tandon wrote:
                > Camron W. Fox <cwfox@...> wrote:
                >
                >> Sahil Tandon wrote:
                >>> Camron W. Fox <cwfox@...> wrote:
                >>>
                >>>> access table cidr:/etc/postfix/per_client_filter entry "10.1.2.3"
                >>>> requires transport:destination
                >>> Typo in your per_client_filter CIDR? Show us.
                >>>
                >> Sorry, it was shown in the inline above:
                >>
                >> 133.40.0.0/16 FILTER DUNNO
                >
                > DUNNO is not a filter; that's why Postfix is complaining. See
                > access(5):
                >
                > http://www.postfix.org/access.5.html
                >
                So it should be this:

                133.40.0.0/16 DUNNO
                0.0.0.0/0 FILTER spamassassin:

                Best Regards,
                Camron

                --
                Camron W. Fox
                Hilo Office
                High Performance Computing Group
                Fujitsu America, INC.
                E-mail: cwfox@...
              • Sahil Tandon
                ... Yes. -- Sahil Tandon
                Message 7 of 17 , Sep 26, 2008
                • 0 Attachment
                  Camron W. Fox <cwfox@...> wrote:

                  >>>>> access table cidr:/etc/postfix/per_client_filter entry "10.1.2.3"
                  >>>>> requires transport:destination
                  >>>> Typo in your per_client_filter CIDR? Show us.
                  >>>>
                  >>> Sorry, it was shown in the inline above:
                  >>>
                  >>> 133.40.0.0/16 FILTER DUNNO
                  >>
                  >> DUNNO is not a filter; that's why Postfix is complaining. See
                  >> access(5):
                  >>
                  >> http://www.postfix.org/access.5.html
                  >>
                  > So it should be this:
                  >
                  > 133.40.0.0/16 DUNNO
                  > 0.0.0.0/0 FILTER spamassassin:

                  Yes.

                  --
                  Sahil Tandon <sahil@...>
                • Camron W. Fox
                  ... So, What happened to the mail that met the FILTER DUNNO criteria of the incorrect config? Best Regards, Camron Camron W. Fox Hilo Office High Performance
                  Message 8 of 17 , Sep 26, 2008
                  • 0 Attachment
                    Sahil Tandon wrote:
                    > Camron W. Fox <cwfox@...> wrote:
                    >
                    >>>>>> access table cidr:/etc/postfix/per_client_filter entry "10.1.2.3"
                    >>>>>> requires transport:destination
                    >>>>> Typo in your per_client_filter CIDR? Show us.
                    >>>>>
                    >>>> Sorry, it was shown in the inline above:
                    >>>>
                    >>>> 133.40.0.0/16 FILTER DUNNO
                    >>> DUNNO is not a filter; that's why Postfix is complaining. See
                    >>> access(5):
                    >>>
                    >>> http://www.postfix.org/access.5.html
                    >>>
                    >> So it should be this:
                    >>
                    >> 133.40.0.0/16 DUNNO
                    >> 0.0.0.0/0 FILTER spamassassin:
                    >
                    > Yes.
                    >
                    So,

                    What happened to the mail that met the "FILTER DUNNO" criteria of the
                    incorrect config?

                    Best Regards,
                    Camron

                    Camron W. Fox
                    Hilo Office
                    High Performance Computing Group
                    Fujitsu America, INC.
                    E-mail: cwfox@...
                  • Sahil Tandon
                    ... Your logs will tell you. You could also see if it s lurking in the mailq. -- Sahil Tandon
                    Message 9 of 17 , Sep 26, 2008
                    • 0 Attachment
                      Camron W. Fox <cwfox@...> wrote:

                      > What happened to the mail that met the "FILTER DUNNO" criteria of the
                      > incorrect config?

                      Your logs will tell you. You could also see if it's lurking in the
                      mailq.

                      --
                      Sahil Tandon <sahil@...>
                    Your message has been successfully submitted and would be delivered to recipients shortly.