Loading ...
Sorry, an error occurred while loading the content.

Chained filters.

Expand Messages
  • Bruce Markey
    I m trying to run mail through amavis - then through mailgate. Output of postconf -n alias_database = hash:/etc/postfix/aliases alias_maps =
    Message 1 of 7 , Sep 7, 2013
    • 0 Attachment
      I'm trying to run mail through amavis -> then through mailgate.

      Output of postconf -n

      alias_database = hash:/etc/postfix/aliases
      alias_maps = hash:/etc/postfix/aliases
      append_dot_mydomain = no
      biff = no
      broken_sasl_auth_clients = no
      config_directory = /etc/postfix
      content_filter = amavis:[127.0.0.1]:10024
      delay_warning_time = 4h
      disable_vrfy_command = yes
      inet_interfaces = all
      local_recipient_maps =
      mailbox_size_limit = 0
      maximal_backoff_time = 8000s
      maximal_queue_lifetime = 7d
      minimal_backoff_time = 1000s
      mydestination =
      myhostname = mail.packetaddiction.com
      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
      myorigin = packetaddiction.com
      readme_directory = no
      receive_override_options = no_address_mappings
      recipient_delimiter = +
      relayhost =
      smtp_helo_timeout = 60s
      smtp_tls_note_starttls_offer = yes
      smtp_tls_security_level = may
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
      smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
      smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org,
      reject_rbl_client blackholes.easynet.nl
      smtpd_data_restrictions = reject_unauth_pipelining
      smtpd_delay_reject = yes
      smtpd_hard_error_limit = 12
      smtpd_helo_required = yes
      smtpd_helo_restrictions = permit_mynetworks, warn_if_reject
      reject_non_fqdn_hostname, reject_invalid_hostname, permit
      smtpd_recipient_limit = 16
      smtpd_recipient_restrictions = reject_unauth_pipelining,
      permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient,
      reject_unknown_recipient_domain, reject_unauth_destination, permit
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_local_domain =
      smtpd_sasl_security_options = noanonymous
      smtpd_sender_restrictions = permit_sasl_authenticated,
      permit_mynetworks, warn_if_reject reject_non_fqdn_sender,
      reject_unknown_sender_domain, reject_unauth_pipelining, permit
      smtpd_soft_error_limit = 3
      smtpd_tls_cert_file = /etc/postfix/postfix.cert
      smtpd_tls_key_file = /etc/postfix/postfix.key
      smtpd_tls_loglevel = 1
      smtpd_tls_received_header = yes
      smtpd_tls_security_level = may
      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
      smtpd_tls_session_cache_timeout = 3600s
      smtpd_use_tls = yes
      tls_random_source = dev:/dev/urandom
      unknown_local_recipient_reject_code = 450
      virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
      virtual_gid_maps = static:5000
      virtual_mailbox_base = /var/spool/mail/virtual
      virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
      virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
      virtual_uid_maps = static:5000


      Master.cf:

      gpg-mailgate unix - n n - - pipe
      flags= user=encryption argv=/usr/local/bin/gpg-mailgate.py

      127.0.0.1:10028 inet n - n - 10 smtpd
      -o content_filter=
      -o
      receive_override_options=no_unknown_recipient_checks,no_header_body_checks
      -o smtpd_helo_restrictions=
      -o smtpd_client_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o mynetworks=127.0.0.0/8
      -o smtpd_authorized_xforward_hosts=127.0.0.0/8


      amavis unix - - - - 2 smtp
      -o smtp_data_done_timeout=1200
      -o smtp_send_xforward_command=yes
      -o disable_dns_lookups=yes
      -o max_use=20


      127.0.0.1:10025 inet n - - - - smtpd
      -o content_filter= gpg-mailgate
      -o local_recipient_maps=
      -o relay_recipient_maps=
      -o smtpd_restriction_classes=
      -o smtpd_delay_reject=no
      -o smtpd_client_restrictions=permit_mynetworks, reject
      -o smtpd_helo_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks, reject
      -o smtpd_data_restrictions=reject_unauth_pipelining
      -o smtpd_end_of_data_restrictions=
      -o mynetworks=127.0.0.0/8
      -o smtpd_error_sleep_time=0
      -o smtpd_soft_error_limit=1001
      -o smtpd_hard_error_limit=1000
      -o smtpd_client_connection_count_limit=0
      -o smtpd_client_connection_rate_limit=0
      -o
      receive_override_options=no_header_body_checks,no_unknown_recipient_checks

      It doesn't like the -o content_filter= gpg-mailgate line. Gives me an
      "Unexpected command-line argument"


      Both work on their own but together not so much.

      Thank you.
      Bruce

      --
      Please use PGP, ENCRYPT everything.
      For information about acquiring a secryption.com account, email me.

      My public key: https://www.secryption.com/BruceMarkey.asc or
      https://keyserver.pgp.com
    • Petri Riihikallio
      ... Delete the space after the equals sign. -- Cheers Petri GSM +358 400 505 939
      Message 2 of 7 , Sep 7, 2013
      • 0 Attachment
        > It doesn't like the -o content_filter= gpg-mailgate line. Gives me an "Unexpected command-line argument"


        Delete the space after the equals sign.
        --
        Cheers
        Petri
        GSM +358 400 505 939
      • Bruce Markey
        Petri, That did it, thank you. I thought it was going to be more complicated than that. Thanks Bruce -- Please use PGP, ENCRYPT everything. For information
        Message 3 of 7 , Sep 7, 2013
        • 0 Attachment
          Petri,

          That did it, thank you. I thought it was going to be more complicated
          than that.

          Thanks
          Bruce


          --
          Please use PGP, ENCRYPT everything.
          For information about acquiring a secryption.com account, email me.

          My public key: https://www.secryption.com/BruceMarkey.asc or
          https://keyserver.pgp.com
        • Petri Riihikallio
          ... I just love simple solutions :o) -- Cheers Petri GSM +358 400 505 939
          Message 4 of 7 , Sep 7, 2013
          • 0 Attachment
            > That did it, thank you. I thought it was going to be more complicated than that.


            I just love simple solutions :o)
            --
            Cheers
            Petri
            GSM +358 400 505 939
          • Viktor Dukhovni
            ... The above filter is severely broken, you are not passing it the envelope recipients. Never route messages to header recipients! This creates multiple
            Message 5 of 7 , Sep 7, 2013
            • 0 Attachment
              On Sat, Sep 07, 2013 at 08:20:40AM -0400, Bruce Markey wrote:

              > content_filter = amavis:[127.0.0.1]:10024
              >
              > Master.cf:
              >
              > gpg-mailgate unix - n n - - pipe
              > flags= user=encryption argv=/usr/local/bin/gpg-mailgate.py

              The above filter is severely broken, you are not passing it the
              envelope recipients. Never route messages to header recipients!
              This creates multiple deliveries and often infinite loops.

              --
              Viktor.
            • Bruce Markey
              Viktor, Which part? The amavis or the mailgate. The mailgate one isn t really a filter persay, it just encrypts. Is the chaining the issue or the
              Message 6 of 7 , Sep 7, 2013
              • 0 Attachment
                Viktor,
                Which part? The amavis or the mailgate.

                The mailgate one isn't really a filter persay, it just encrypts.

                Is the chaining the issue or the implementation of one of the pieces.

                Thanks
                Bruce

                Viktor Dukhovni <postfix-users@...> wrote:
                On Sat, Sep 07, 2013 at 08:20:40AM -0400, Bruce Markey wrote:

                content_filter = amavis:[127.0.0.1]:10024

                Master.cf:

                gpg-mailgate unix - n n - - pipe
                flags= user=encryption argv=/usr/local/bin/gpg-mailgate.py

                The above filter is severely broken, you are not passing it the
                envelope recipients. Never route messages to header recipients!
                This creates multiple deliveries and often infinite loops.

                Please use PGP, ENCRYPT everything.
                For information about acquiring a secryption.com account, email me.

                My public key: https://www.secryption.com/BruceMarkey.asc or https://keyserver.pgp.com


              • Viktor Dukhovni
                ... mailgate. ... It also delivers mail to someone. You give it no envelope recipient information, hence it provably can t reliably deliver to the right
                Message 7 of 7 , Sep 7, 2013
                • 0 Attachment
                  On Sat, Sep 07, 2013 at 11:17:55AM -0400, Bruce Markey wrote:

                  > Which part? The amavis or the mailgate.

                  mailgate.

                  > The mailgate one isn't really a filter persay, it just encrypts.

                  It also delivers mail to someone. You give it no envelope recipient
                  information, hence it provably can't reliably deliver to the right
                  mailbox.

                  > Is the chaining the issue or the implementation of one of the pieces.

                  The mailgate filter does not recieve the message envelope. It must
                  encrypt and forward to ONLY the envelope recipients.

                  --
                  Viktor.
                Your message has been successfully submitted and would be delivered to recipients shortly.