Loading ...
Sorry, an error occurred while loading the content.

RE: Milters and Aliasing

Expand Messages
  • Amir A.
    When I mean it doesn t work is that anytime I use any sort of aliases (domain -- domain via Zimbra s GUI) or a simple forwarder (userdne ------- userexists
    Message 1 of 7 , Jan 18, 2013
    • 0 Attachment
      When I mean it doesn't work is that anytime I use any sort of aliases (domain --> domain via Zimbra's GUI) or a simple forwarder (userdne   -------> userexists in /etc/aliases) it never works with a milter however sending to the original/real addresses always works.

      ++++++++++++++++++++++++++++++++++++++++++++

      This a an example of working NON-MILTERED TRANSACTION:

      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: dict_proxy_lookup: table=ldap:/opt/zimbra/conf/ldap-vam.cf flags=lock|fold_fix key=@... -> status=0 result=@...
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: maps_find: virtual_alias_maps: proxy:ldap:/opt/zimbra/conf/ldap-vam.cf(0,lock|fold_fix): @... = @...
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: mail_addr_find: amir@... -> @...


      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: generic_checks: name=reject_unlisted_recipient status=0
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: generic_checks: name=reject_non_fqdn_sender
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: reject_non_fqdn_address: agmailuser@...
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: generic_checks: name=reject_non_fqdn_sender status=0
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: generic_checks: name=reject_unknown_sender_domain
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: reject_unknown_address: agmailuser@...
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: ctable_locate: move existing entry key agmailuser@...
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: reject_unknown_mailhost: gmail.com
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: lookup gmail.com type MX flags 0
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: dns_query: gmail.com (MX): OK
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: dns_get_answer: type MX for gmail.com
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: last message repeated 4 times
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: generic_checks: name=reject_unknown_sender_domain status=0
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: generic_checks: name=permit
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: match_list_match: permit: no match
      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: generic_checks: name=permit status=1

      Jan 16 13:19:52 zimbra postfix/smtpd[13047]: >>> END Recipient address RESTRICTIONS <<<

      +++++++++++++++++++++++++++++++++++++++++++++++++++++++

      This is an example of non-WORKING MILTERED TRANSACTION


      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: dict_proxy_lookup: table=ldap:/opt/zimbra/conf/ldap-vam.cf flags=lock|fold_fix key=amir@... -> status=0 result=amir@...
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: maps_find: virtual_alias_maps: proxy:ldap:/opt/zimbra/conf/ldap-vam.cf(0,lock|fold_fix): amir@... = amir@...
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: mail_addr_find: amir@... -> amir@...



      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: generic_checks: name=reject_unlisted_recipient status=0
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: generic_checks: name=reject_non_fqdn_sender
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: reject_non_fqdn_address: ahotma@...
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: generic_checks: name=reject_non_fqdn_sender status=0
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: generic_checks: name=reject_unknown_sender_domain
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: reject_unknown_address: ahotma@...
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: ctable_locate: move existing entry key ahotma@...
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: reject_unknown_mailhost: hotmail.com
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: lookup hotmail.com type MX flags 0
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: dns_query: hotmail.com (MX): OK
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: dns_get_answer: type MX for hotmail.com
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: last message repeated 4 times
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: generic_checks: name=reject_unknown_sender_domain status=0
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: generic_checks: name=permit
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: match_list_match: permit: no match
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: generic_checks: name=permit status=1

      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: >>> END Recipient address RESTRICTIONS <<<
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: report recipient to all milters (flags=0x0)
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: milter_macro_lookup: "i"
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: milter_macro_lookup: "{rcpt_addr}"
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: ctable_locate: move existing entry key amir@...
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: milter_macro_lookup: result "amir@..."
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: milter_macro_lookup: "{rcpt_host}"
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: ctable_locate: leave existing entry key amir@...
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: milter_macro_lookup: result "5.1.1 User unknown in virtual alias table"
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: milter_macro_lookup: "{rcpt_mailer}"
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: ctable_locate: leave existing entry key amir@...
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: milter_macro_lookup: result "error"
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: milter8_rcpt_event: milter inet:zimbra.dev.somedomain.com:7026: rcpt <amir@...>
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: event: SMFIC_RCPT; macros: {rcpt_addr}=amir@... {rcpt_host}=5.1.1 User unknown in virtual alias table {rcpt_mailer}=error
      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: reply: SMFIR_REPLYCODE data 23 bytes



      Jan 17 11:49:02 zimbra postfix/smtpd[26986]: NOQUEUE: milter-reject: RCPT from mail-ie0-f175.google.com[209.85.223.175]: 550 5.1.1 User unknown; from=<ahotma@...> to=<amir@...> proto=ESMTP helo=<mail-ie0-f175.google.com>












      > Date: Fri, 18 Jan 2013 16:31:36 -0600
      > From: njones@...
      > To: postfix-users@...
      > Subject: Re: Milters and Aliasing
      >
      > On 1/18/2013 3:56 PM, Amir A. wrote:
      > > My Problem:
      > > I have a vanilla Zimbra setup that I have been trying to implement
      > > either Before Queue Mail filtering or Milter Based Filtering.
      > > At first I tried doing a Pre-queue setup with amavisd-new but I ran
      > > into the problem where aliasing wouldn't work.
      >
      > You'll need to quantify "wouldn't work". Give details of what
      > happened vs. what you expected.
      >
      > For the record, there is no underlying incompatibility between
      > aliases and milters/filters.
      >
      > > I tried again after
      > > much testing with j-chkmail as a milter. It seems to work well
      > > enough except when I use any sort of alias.
      >
      > Explain.
      >
      >
      > > I thought it might be
      > > somehow linked to Zimbra's use of LDAP however even an alias in
      > > /etc/aliases doesn't work, it doesn't seem to get past the first
      > > smtpd line
      >
      > explain what you mean here. Note that /etc/aliases only apply
      > during local delivery, ie. domains listed in mydestination and
      > delivered by the postfix local(8) delivery agent.
      >
      > >
      > >
      > > Beginning of master.cf:
      > > smtp inet n - n - - smtpd -vv
      >
      > Verbose logging is more likely to obscure the issue than solve it;
      > remove the -vv.
      >
      > No glaring errors in your config. Without context it's impossible
      > to give more advice.
      >
      >
      > -- Noel Jones
    • Noel Jones
      ... Please do not top-post. Verbose logging ignored. Provide non-verbose unaltered logging, and postconf -n of the non-working configuration, and explain
      Message 2 of 7 , Jan 18, 2013
      • 0 Attachment
        On 1/18/2013 4:51 PM, Amir A. wrote:
        > When I mean it doesn't work is that anytime I use any sort of
        > aliases (domain --> domain via Zimbra's GUI) or a simple forwarder
        > (userdne -------> userexists in /etc/aliases) it never works with
        > a milter however sending to the original/real addresses always works.

        Please do not top-post.
        Verbose logging ignored. Provide non-verbose unaltered logging, and
        'postconf -n' of the non-working configuration, and explain what
        isn't working as expected.

        http://www.postfix.org/DEBUG_README.html#mail




        -- Noel Jones
      • Viktor Dukhovni
        ... This milter rejects the recipient, don t use milters that reject recipient addresses you want to receive. Milters process the original address from the
        Message 3 of 7 , Jan 18, 2013
        • 0 Attachment
          On Fri, Jan 18, 2013 at 05:51:06PM -0500, Amir A. wrote:

          > Jan 17 11:49:02 zimbra postfix/smtpd[26986]: NOQUEUE:
          > milter-reject: RCPT from mail-ie0-f175.google.com[209.85.223.175]:
          > 550 5.1.1 User unknown; from=<ahotma@...>
          > to=<amir@...>
          > proto=ESMTP helo=<mail-ie0-f175.google.com>

          This milter rejects the recipient, don't use milters that reject recipient
          addresses you want to receive. Milters process the original address from
          the RCPT TO: command, not the results of alias expansion. Perhaps your
          milter is expecting something else.

          Don't blame the messenger, Postfix is just reporting the milter
          verdict. This sure does not look like a Postfix problem.

          --
          Viktor.
        • Jose-Marcio Martins da Cruz
          ... j-chkmail (and most milters) doesn t access any user table (aliases, ...). It can do recipient verification if you tell it to do (sometimes useful on a
          Message 4 of 7 , Jan 19, 2013
          • 0 Attachment
            Amir A. wrote:
            > When I mean it doesn't work is that anytime I use any sort of aliases (domain
            > --> domain via Zimbra's GUI) or a simple forwarder (userdne ------->
            > userexists in /etc/aliases) it never works with a milter however sending to the
            > original/real addresses always works.
            >
            > ++++++++++++++++++++++++++++++++++++++++++++
            >
            > This a an example of working NON-MILTERED TRANSACTION:
            >
            > Jan 16 13:19:52 zimbra postfix/smtpd[13047]: dict_proxy_lookup:
            > table=ldap:/opt/zimbra/conf/ldap-vam.cf flags=lock|fold_fix
            > key=@... -> status=0 result=@...
            > Jan 16 13:19:52 zimbra postfix/smtpd[13047]: maps_find: virtual_alias_maps:
            > proxy:ldap:/opt/zimbra/conf/ldap-vam.cf(0,lock|fold_fix):
            > @... = @...
            > Jan 16 13:19:52 zimbra postfix/smtpd[13047]: mail_addr_find:
            > amir@... -> @...

            ...

            > +++++++++++++++++++++++++++++++++++++++++++++++++++++++
            >
            > This is an example of non-WORKING MILTERED TRANSACTION

            ...

            > Jan 17 11:49:02 zimbra postfix/smtpd[26986]: NOQUEUE: milter-reject: RCPT from
            > mail-ie0-f175.google.com[209.85.223.175]: 550 5.1.1 User unknown;
            > from=<ahotma@...> to=<amir@...> proto=ESMTP
            > helo=<mail-ie0-f175.google.com>

            j-chkmail (and most milters) doesn't access any user table (aliases, ...). It
            can do recipient verification if you tell it to do (sometimes useful on a
            gateway). In this case, you shall maintain a table of valid recipients. IMHO,
            this feature is useful on a zimbra server only if it is on a border of your
            domain and you want to detect address harvest.

            If this may be your problem, please post j-chkmail logs related to this, and
            post a question to me or to j-chkmail users list as this isn't a postfix problem.


            --

            Envoyé de ma machine à écrire.
            ---------------------------------------------------------------
            Spam : Classement statistique de messages électroniques -
            Une approche pragmatique
            Chez Amazon.fr : http://amzn.to/LEscRu ou http://bit.ly/SpamJM
            ---------------------------------------------------------------
            Jose Marcio MARTINS DA CRUZ http://www.j-chkmail.org
          • Robert Schetterer
            ... for info spamass-milter has -x: pass email address through alias and virtusertable expansion works nice here Best Regards MfG Robert Schetterer -- [*] sys4
            Message 5 of 7 , Jan 19, 2013
            • 0 Attachment
              Am 19.01.2013 12:46, schrieb Jose-Marcio Martins da Cruz:
              > Amir A. wrote:
              >> When I mean it doesn't work is that anytime I use any sort of aliases
              >> (domain
              >> --> domain via Zimbra's GUI) or a simple forwarder (userdne ------->
              >> userexists in /etc/aliases) it never works with a milter however
              >> sending to the
              >> original/real addresses always works.
              >>
              >> ++++++++++++++++++++++++++++++++++++++++++++
              >>
              >> This a an example of working NON-MILTERED TRANSACTION:
              >>
              >> Jan 16 13:19:52 zimbra postfix/smtpd[13047]: dict_proxy_lookup:
              >> table=ldap:/opt/zimbra/conf/ldap-vam.cf flags=lock|fold_fix
              >> key=@... -> status=0
              >> result=@...
              >> Jan 16 13:19:52 zimbra postfix/smtpd[13047]: maps_find:
              >> virtual_alias_maps:
              >> proxy:ldap:/opt/zimbra/conf/ldap-vam.cf(0,lock|fold_fix):
              >> @... = @...
              >> Jan 16 13:19:52 zimbra postfix/smtpd[13047]: mail_addr_find:
              >> amir@... -> @...
              >
              > ...
              >
              >> +++++++++++++++++++++++++++++++++++++++++++++++++++++++
              >>
              >> This is an example of non-WORKING MILTERED TRANSACTION
              >
              > ...
              >
              >> Jan 17 11:49:02 zimbra postfix/smtpd[26986]: NOQUEUE: milter-reject:
              >> RCPT from
              >> mail-ie0-f175.google.com[209.85.223.175]: 550 5.1.1 User unknown;
              >> from=<ahotma@...> to=<amir@...>
              >> proto=ESMTP
              >> helo=<mail-ie0-f175.google.com>
              >
              > j-chkmail (and most milters) doesn't access any user table (aliases,
              > ...). It can do recipient verification if you tell it to do (sometimes
              > useful on a gateway). In this case, you shall maintain a table of valid
              > recipients. IMHO, this feature is useful on a zimbra server only if it
              > is on a border of your domain and you want to detect address harvest.
              >
              > If this may be your problem, please post j-chkmail logs related to this,
              > and post a question to me or to j-chkmail users list as this isn't a
              > postfix problem.
              >
              >

              for info spamass-milter has

              -x: pass email address through alias and virtusertable expansion

              works nice here


              Best Regards
              MfG Robert Schetterer

              --
              [*] sys4 AG

              http://sys4.de, +49 (89) 30 90 46 64
              Franziskanerstraße 15, 81669 München

              Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
              Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
              Aufsichtsratsvorsitzender: Joerg Heidrich
            Your message has been successfully submitted and would be delivered to recipients shortly.