Loading ...
Sorry, an error occurred while loading the content.

the after-queue simple filter -- I'm doing it wrong

Expand Messages
  • Jay G. Scott
    RE: the after-queue, simple filter example Just trying to figure out how it works. I have a feeling I don t fully understand the full implications of
    Message 1 of 9 , Jun 10, 2014
    • 0 Attachment
      RE: the after-queue, simple filter example

      Just trying to figure out how it works.
      I have a feeling I don't fully understand the full implications of
      "after-queue".

      From master.cf:
      # custom filter
      filter unix - n n - 10 pipe
      flags=Rq user=filter null_sender=
      argv=/VOLUMES/gizmonics/work/afterqueue/simple -f ${sender} -- ${recipient}

      The user is in
      [root@clemi postfix]# grep -w filter /etc/passwd /etc/group
      /etc/passwd:filter:x:506:506:smtp filter:/var/spool/filter/:/bin/bash
      /etc/group:filter:x:506:

      The user filter owns the directory
      [root@clemi postfix]# ls -ld /var/spool/filter/
      drwxr-xr-x 2 filter filter 4096 Jun 10 14:49 /var/spool/filter/

      The user filter owns the script
      [root@clemi postfix]# ls -l /VOLUMES/gizmonics/work/afterqueue/simple
      -rwxr-xr-x 1 filter filter 814 Jun 10 14:46 /VOLUMES/gizmonics/work/afterqueue/simple

      I've run that from the command line, ie:

      /VOLUMES/gizmonics/work/afterqueue/simple -f gl -- bbb@... < /VOLUMES/gizmonics/work/afterqueue/dull

      and it works when run like that. The simple script does what I expect, and the mail
      does get to bbb's mail file.

      Here's my simple script, which is just the example script from the
      FILTER_README.html page with only two or so lines changed, marked below:


      #!/bin/bash

      # Simple shell-based filter. It is meant to be invoked as follows:
      # /path/to/script -f sender recipients...

      # Localize these. The -G option does nothing before Postfix 2.3.
      INSPECT_DIR=/var/spool/filter
      SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here.

      # Exit codes from <sysexits.h>
      EX_TEMPFAIL=75
      EX_UNAVAILABLE=69

      # Clean up when done or when aborting.
      trap "rm -f in.$$" 0 1 2 3 15

      # Start processing.
      cd $INSPECT_DIR || {
      echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }

      cat >in.$$ || {
      echo Cannot save mail to file; exit $EX_TEMPFAIL; }

      # Specify your content filter here.
      # filter <in.$$ || {
      # echo Message content rejected; exit $EX_UNAVAILABLE; }

      ### this sed line is added, and the $SENDMAIL changed to read from smak.$$
      ### otherwise, it's completely stock.
      sed -e 's/http/hxxp/g' in.$$ > smak.$$

      $SENDMAIL "$@" <smak.$$

      exit $?


      -------
      I've changed master as shown above.
      I've done postfix reload.

      But all of my tests like so:

      mail -s "wogujwrg" bbb@... < test.input.file

      deliver the test.input.file unmodified. Do I not understand what
      "after-queue" means? I've been assuming this would, sooner or later,
      send things to the filter. It looks to me like it's bypassing
      the filter.

      j.

      --
      Jay Scott 512-835-3553 gl@...
      Head of Sun Support, Sr. System Administrator
      Applied Research Labs, Computer Science Div. S224
      University of Texas at Austin
    • Noel Jones
      ... So how is postfix supposed to know to use the filter? Did you set content_filter in main.cf or are you using an access table the responds with FILTER....
      Message 2 of 9 , Jun 10, 2014
      • 0 Attachment
        On 6/10/2014 3:05 PM, Jay G. Scott wrote:
        >
        > RE: the after-queue, simple filter example
        >
        > Just trying to figure out how it works.
        > I have a feeling I don't fully understand the full implications of
        > "after-queue".
        >
        > From master.cf:
        > # custom filter
        > filter unix - n n - 10 pipe
        > flags=Rq user=filter null_sender=
        > argv=/VOLUMES/gizmonics/work/afterqueue/simple -f ${sender} -- ${recipient}
        >
        > The user is in
        > [root@clemi postfix]# grep -w filter /etc/passwd /etc/group
        > /etc/passwd:filter:x:506:506:smtp filter:/var/spool/filter/:/bin/bash
        > /etc/group:filter:x:506:
        >
        > The user filter owns the directory
        > [root@clemi postfix]# ls -ld /var/spool/filter/
        > drwxr-xr-x 2 filter filter 4096 Jun 10 14:49 /var/spool/filter/
        >
        > The user filter owns the script
        > [root@clemi postfix]# ls -l /VOLUMES/gizmonics/work/afterqueue/simple
        > -rwxr-xr-x 1 filter filter 814 Jun 10 14:46 /VOLUMES/gizmonics/work/afterqueue/simple
        >
        > I've run that from the command line, ie:
        >
        > /VOLUMES/gizmonics/work/afterqueue/simple -f gl -- bbb@... < /VOLUMES/gizmonics/work/afterqueue/dull
        >
        > and it works when run like that. The simple script does what I expect, and the mail
        > does get to bbb's mail file.
        >
        > Here's my simple script, which is just the example script from the
        > FILTER_README.html page with only two or so lines changed, marked below:
        >
        >
        > #!/bin/bash
        >
        > # Simple shell-based filter. It is meant to be invoked as follows:
        > # /path/to/script -f sender recipients...
        >
        > # Localize these. The -G option does nothing before Postfix 2.3.
        > INSPECT_DIR=/var/spool/filter
        > SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here.
        >
        > # Exit codes from <sysexits.h>
        > EX_TEMPFAIL=75
        > EX_UNAVAILABLE=69
        >
        > # Clean up when done or when aborting.
        > trap "rm -f in.$$" 0 1 2 3 15
        >
        > # Start processing.
        > cd $INSPECT_DIR || {
        > echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
        >
        > cat >in.$$ || {
        > echo Cannot save mail to file; exit $EX_TEMPFAIL; }
        >
        > # Specify your content filter here.
        > # filter <in.$$ || {
        > # echo Message content rejected; exit $EX_UNAVAILABLE; }
        >
        > ### this sed line is added, and the $SENDMAIL changed to read from smak.$$
        > ### otherwise, it's completely stock.
        > sed -e 's/http/hxxp/g' in.$$ > smak.$$
        >
        > $SENDMAIL "$@" <smak.$$
        >
        > exit $?
        >
        >
        > -------
        > I've changed master as shown above.
        > I've done postfix reload.
        >
        > But all of my tests like so:
        >
        > mail -s "wogujwrg" bbb@... < test.input.file
        >
        > deliver the test.input.file unmodified. Do I not understand what
        > "after-queue" means? I've been assuming this would, sooner or later,
        > send things to the filter. It looks to me like it's bypassing
        > the filter.
        >
        > j.
        >



        So how is postfix supposed to know to use the filter? Did you set
        content_filter in main.cf or are you using an access table the
        responds with FILTER.... or what?



        -- Noel Jones
      • Jay G. Scott
        ... ahhh, I didn t know. The FILTER_README doesn t mention main.cf in connection w/ the simple content filter, just the advanced. I assumed the FILTER_README
        Message 3 of 9 , Jun 10, 2014
        • 0 Attachment
          On Tue, Jun 10, 2014 at 03:37:34PM -0500, Noel Jones wrote:
          > On 6/10/2014 3:05 PM, Jay G. Scott wrote:
          > >
          > > RE: the after-queue, simple filter example
          > >
          > > Just trying to figure out how it works.
          > > I have a feeling I don't fully understand the full implications of
          > > "after-queue".
          > >
          > > From master.cf:
          > > # custom filter
          > > filter unix - n n - 10 pipe
          > > flags=Rq user=filter null_sender=
          > > argv=/VOLUMES/gizmonics/work/afterqueue/simple -f ${sender} -- ${recipient}
          > >
          > > The user is in
          > > [root@clemi postfix]# grep -w filter /etc/passwd /etc/group
          > > /etc/passwd:filter:x:506:506:smtp filter:/var/spool/filter/:/bin/bash
          > > /etc/group:filter:x:506:
          > >
          > > The user filter owns the directory
          > > [root@clemi postfix]# ls -ld /var/spool/filter/
          > > drwxr-xr-x 2 filter filter 4096 Jun 10 14:49 /var/spool/filter/
          > >
          > > The user filter owns the script
          > > [root@clemi postfix]# ls -l /VOLUMES/gizmonics/work/afterqueue/simple
          > > -rwxr-xr-x 1 filter filter 814 Jun 10 14:46 /VOLUMES/gizmonics/work/afterqueue/simple
          > >
          > > I've run that from the command line, ie:
          > >
          > > /VOLUMES/gizmonics/work/afterqueue/simple -f gl -- bbb@... < /VOLUMES/gizmonics/work/afterqueue/dull
          > >
          > > and it works when run like that. The simple script does what I expect, and the mail
          > > does get to bbb's mail file.
          > >
          > > Here's my simple script, which is just the example script from the
          > > FILTER_README.html page with only two or so lines changed, marked below:
          > >
          > >
          > > #!/bin/bash
          > >
          > > # Simple shell-based filter. It is meant to be invoked as follows:
          > > # /path/to/script -f sender recipients...
          > >
          > > # Localize these. The -G option does nothing before Postfix 2.3.
          > > INSPECT_DIR=/var/spool/filter
          > > SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here.
          > >
          > > # Exit codes from <sysexits.h>
          > > EX_TEMPFAIL=75
          > > EX_UNAVAILABLE=69
          > >
          > > # Clean up when done or when aborting.
          > > trap "rm -f in.$$" 0 1 2 3 15
          > >
          > > # Start processing.
          > > cd $INSPECT_DIR || {
          > > echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
          > >
          > > cat >in.$$ || {
          > > echo Cannot save mail to file; exit $EX_TEMPFAIL; }
          > >
          > > # Specify your content filter here.
          > > # filter <in.$$ || {
          > > # echo Message content rejected; exit $EX_UNAVAILABLE; }
          > >
          > > ### this sed line is added, and the $SENDMAIL changed to read from smak.$$
          > > ### otherwise, it's completely stock.
          > > sed -e 's/http/hxxp/g' in.$$ > smak.$$
          > >
          > > $SENDMAIL "$@" <smak.$$
          > >
          > > exit $?
          > >
          > >
          > > -------
          > > I've changed master as shown above.
          > > I've done postfix reload.
          > >
          > > But all of my tests like so:
          > >
          > > mail -s "wogujwrg" bbb@... < test.input.file
          > >
          > > deliver the test.input.file unmodified. Do I not understand what
          > > "after-queue" means? I've been assuming this would, sooner or later,
          > > send things to the filter. It looks to me like it's bypassing
          > > the filter.
          > >
          > > j.
          > >
          >
          >
          >
          > So how is postfix supposed to know to use the filter? Did you set
          > content_filter in main.cf or are you using an access table the
          > responds with FILTER.... or what?
          >

          ahhh, I didn't know. The FILTER_README doesn't mention main.cf
          in connection w/ the simple content filter, just the advanced.
          I assumed the FILTER_README knew what it was doing.
          but it did puzzle me, as my production/commercial filter
          does require something in main.cf.

          i will poke around w/ that.

          j.


          >
          >
          > -- Noel Jones

          --
          Jay Scott 512-835-3553 gl@...
          Head of Sun Support, Sr. System Administrator
          Applied Research Labs, Computer Science Div. S224
          University of Texas at Austin
        • Jay G. Scott
          After trying various combinations of things in main.cf and master.cf, I find that, using the script below, if the mail reaches the filter script, the resulting
          Message 4 of 9 , Jun 10, 2014
          • 0 Attachment
            After trying various combinations of things in
            main.cf and master.cf, I find that, using the script
            below, if the mail reaches the filter script, the
            resulting mail message bounces (too many hops)
            but the filter has processed the input.

            If I turn content_filter off in main.cf the
            mail gets delivered unfiltered, no bounces, no hops.

            main.cf:

            content_filter = filter

            got it filtered, but resulted in the hops bounce.

            What am I missing?

            j.


            On Tue, Jun 10, 2014 at 03:37:34PM -0500, Noel Jones wrote:
            > On 6/10/2014 3:05 PM, Jay G. Scott wrote:
            > >
            > > RE: the after-queue, simple filter example
            > >
            > > Just trying to figure out how it works.
            > > I have a feeling I don't fully understand the full implications of
            > > "after-queue".
            > >
            > > From master.cf:
            > > # custom filter
            > > filter unix - n n - 10 pipe
            > > flags=Rq user=filter null_sender=
            > > argv=/VOLUMES/gizmonics/work/afterqueue/simple -f ${sender} -- ${recipient}
            > >
            > > The user is in
            > > [root@clemi postfix]# grep -w filter /etc/passwd /etc/group
            > > /etc/passwd:filter:x:506:506:smtp filter:/var/spool/filter/:/bin/bash
            > > /etc/group:filter:x:506:
            > >
            > > The user filter owns the directory
            > > [root@clemi postfix]# ls -ld /var/spool/filter/
            > > drwxr-xr-x 2 filter filter 4096 Jun 10 14:49 /var/spool/filter/
            > >
            > > The user filter owns the script
            > > [root@clemi postfix]# ls -l /VOLUMES/gizmonics/work/afterqueue/simple
            > > -rwxr-xr-x 1 filter filter 814 Jun 10 14:46 /VOLUMES/gizmonics/work/afterqueue/simple
            > >
            > > I've run that from the command line, ie:
            > >
            > > /VOLUMES/gizmonics/work/afterqueue/simple -f gl -- bbb@... < /VOLUMES/gizmonics/work/afterqueue/dull
            > >
            > > and it works when run like that. The simple script does what I expect, and the mail
            > > does get to bbb's mail file.
            > >
            > > Here's my simple script, which is just the example script from the
            > > FILTER_README.html page with only two or so lines changed, marked below:
            > >
            > >
            > > #!/bin/bash
            > >
            > > # Simple shell-based filter. It is meant to be invoked as follows:
            > > # /path/to/script -f sender recipients...
            > >
            > > # Localize these. The -G option does nothing before Postfix 2.3.
            > > INSPECT_DIR=/var/spool/filter
            > > SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here.
            > >
            > > # Exit codes from <sysexits.h>
            > > EX_TEMPFAIL=75
            > > EX_UNAVAILABLE=69
            > >
            > > # Clean up when done or when aborting.
            > > trap "rm -f in.$$" 0 1 2 3 15
            > >
            > > # Start processing.
            > > cd $INSPECT_DIR || {
            > > echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
            > >
            > > cat >in.$$ || {
            > > echo Cannot save mail to file; exit $EX_TEMPFAIL; }
            > >
            > > # Specify your content filter here.
            > > # filter <in.$$ || {
            > > # echo Message content rejected; exit $EX_UNAVAILABLE; }
            > >
            > > ### this sed line is added, and the $SENDMAIL changed to read from smak.$$
            > > ### otherwise, it's completely stock.
            > > sed -e 's/http/hxxp/g' in.$$ > smak.$$
            > >
            > > $SENDMAIL "$@" <smak.$$
            > >
            > > exit $?
            > >
            > >
            > > -------
            > > I've changed master as shown above.
            > > I've done postfix reload.
            > >
            > > But all of my tests like so:
            > >
            > > mail -s "wogujwrg" bbb@... < test.input.file
            > >
            > > deliver the test.input.file unmodified. Do I not understand what
            > > "after-queue" means? I've been assuming this would, sooner or later,
            > > send things to the filter. It looks to me like it's bypassing
            > > the filter.
            > >
            > > j.
            > >
            >
            >
            >
            > So how is postfix supposed to know to use the filter? Did you set
            > content_filter in main.cf or are you using an access table the
            > responds with FILTER.... or what?
            >
            >
            >
            > -- Noel Jones

            --
            Jay Scott 512-835-3553 gl@...
            Head of Sun Support, Sr. System Administrator
            Applied Research Labs, Computer Science Div. S224
            University of Texas at Austin
          • Noel Jones
            ... Near the bottom of http://www.postfix.org/FILTER_README.html#simple_filter the document describes how to turn on filtering for mail arriving via SMTP, but
            Message 5 of 9 , Jun 10, 2014
            • 0 Attachment
              On 6/10/2014 5:45 PM, Jay G. Scott wrote:
              >
              > After trying various combinations of things in
              > main.cf and master.cf, I find that, using the script
              > below, if the mail reaches the filter script, the
              > resulting mail message bounces (too many hops)
              > but the filter has processed the input.
              >
              > If I turn content_filter off in main.cf the
              > mail gets delivered unfiltered, no bounces, no hops.
              >
              > main.cf:
              >
              > content_filter = filter
              >
              > got it filtered, but resulted in the hops bounce.
              >
              > What am I missing?
              >
              > j.


              Near the bottom of
              http://www.postfix.org/FILTER_README.html#simple_filter
              the document describes how to turn on filtering for mail arriving
              via SMTP, but leave it turned off as the main.cf default so mail
              won't loop.

              Of course this means you would need to submit mail via SMTP for
              testing; mail submitted via the sendmail(1) interface is not
              filtered. This is necessary since the "simple" filter resubmits the
              mail to postfix via the sendmail command.



              -- Noel Jones
            • Viktor Dukhovni
              ... Reading FILTER_README carefully, and disabling content_filter in master.cf for the pickup service as instructed: pickup fifo n - -
              Message 6 of 9 , Jun 10, 2014
              • 0 Attachment
                On Tue, Jun 10, 2014 at 05:45:02PM -0500, Jay G. Scott wrote:

                > After trying various combinations of things in
                > main.cf and master.cf, I find that, using the script
                > below, if the mail reaches the filter script, the
                > resulting mail message bounces (too many hops)
                > but the filter has processed the input.
                >
                > If I turn content_filter off in main.cf the
                > mail gets delivered unfiltered, no bounces, no hops.
                >
                > main.cf:
                >
                > content_filter = filter
                >
                > got it filtered, but resulted in the hops bounce.
                >
                > What am I missing?

                Reading FILTER_README carefully, and disabling content_filter
                in master.cf for the pickup service as instructed:

                pickup fifo n - - 60 1 pickup
                -o content_filter=

                Simple filter resubmission via sendmail(1) must enter the queue at
                an injection interface that does not apply the content_filter again.

                --
                Viktor.
              • Jay G. Scott
                ... I had two smtp lines in the master.cf file. Splutter. The change to the pickup line (per Dukhovni) also helped me. It s working for me now. Thanks. j. ...
                Message 7 of 9 , Jun 11, 2014
                • 0 Attachment
                  On Tue, Jun 10, 2014 at 08:02:55PM -0500, Noel Jones wrote:
                  > On 6/10/2014 5:45 PM, Jay G. Scott wrote:
                  > >
                  > > After trying various combinations of things in
                  > > main.cf and master.cf, I find that, using the script
                  > > below, if the mail reaches the filter script, the
                  > > resulting mail message bounces (too many hops)
                  > > but the filter has processed the input.
                  > >
                  > > If I turn content_filter off in main.cf the
                  > > mail gets delivered unfiltered, no bounces, no hops.
                  > >
                  > > main.cf:
                  > >
                  > > content_filter = filter
                  > >
                  > > got it filtered, but resulted in the hops bounce.
                  > >
                  > > What am I missing?
                  > >
                  > > j.
                  >
                  >
                  > Near the bottom of
                  > http://www.postfix.org/FILTER_README.html#simple_filter
                  > the document describes how to turn on filtering for mail arriving
                  > via SMTP, but leave it turned off as the main.cf default so mail
                  > won't loop.

                  I had two smtp lines in the master.cf file. Splutter.
                  The change to the pickup line (per Dukhovni) also helped me.

                  It's working for me now.

                  Thanks.

                  j.


                  >
                  > Of course this means you would need to submit mail via SMTP for
                  > testing; mail submitted via the sendmail(1) interface is not
                  > filtered. This is necessary since the "simple" filter resubmits the
                  > mail to postfix via the sendmail command.
                  >
                  >
                  >
                  > -- Noel Jones

                  --
                  Jay Scott 512-835-3553 gl@...
                  Head of Sun Support, Sr. System Administrator
                  Applied Research Labs, Computer Science Div. S224
                  University of Texas at Austin
                • Viktor Dukhovni
                  ... You re supposed to. One is for the Postfix SMTP server (inbound mail): smtp inet n - n - - smtpd the other is for the
                  Message 8 of 9 , Jun 11, 2014
                  • 0 Attachment
                    On Wed, Jun 11, 2014 at 11:37:46AM -0500, Jay G. Scott wrote:

                    > I had two smtp lines in the master.cf file. Splutter.

                    You're supposed to. One is for the Postfix SMTP server
                    (inbound mail):

                    smtp inet n - n - - smtpd

                    the other is for the Postfix SMTP client (outbound mail):

                    smtp unix - - n - - smtp

                    > The change to the pickup line (per Dukhovni) also helped me.
                    >
                    > It's working for me now.

                    Or not, if you've commented out or deleted one of the two standard
                    SMTP services.

                    --
                    Viktor.
                  • Jay G. Scott
                    ... Fixed that, and it s working. Thanks. j. ... -- Jay Scott 512-835-3553 gl@arlut.utexas.edu Head of Sun Support, Sr. System Administrator Applied Research
                    Message 9 of 9 , Jun 11, 2014
                    • 0 Attachment
                      On Wed, Jun 11, 2014 at 04:42:42PM +0000, Viktor Dukhovni wrote:
                      > On Wed, Jun 11, 2014 at 11:37:46AM -0500, Jay G. Scott wrote:
                      >
                      > > I had two smtp lines in the master.cf file. Splutter.
                      >
                      > You're supposed to. One is for the Postfix SMTP server
                      > (inbound mail):
                      >
                      > smtp inet n - n - - smtpd
                      >
                      > the other is for the Postfix SMTP client (outbound mail):
                      >
                      > smtp unix - - n - - smtp
                      >
                      > > The change to the pickup line (per Dukhovni) also helped me.
                      > >
                      > > It's working for me now.
                      >
                      > Or not, if you've commented out or deleted one of the two standard
                      > SMTP services.

                      Fixed that, and it's working.
                      Thanks.

                      j.


                      >
                      > --
                      > Viktor.

                      --
                      Jay Scott 512-835-3553 gl@...
                      Head of Sun Support, Sr. System Administrator
                      Applied Research Labs, Computer Science Div. S224
                      University of Texas at Austin
                    Your message has been successfully submitted and would be delivered to recipients shortly.