<span style="font-family:arial, sans-serif;font-size:13px;background-color:rgb(255, 255, 255)">Hello,<div><br></div><div>I know this has been raised for million times, but my situation is a bit different, googled for weeks but no goal.</div>
<div><br></div><div>I have a Postfix + Amavisd-new + SpamAssassin as a mail gateway to filter out the mails by using whitelist_to and blacklist_to in SpamAssassin only, yes everything is so simply, no virus checking, no others. Just check the recipient address to decide relay or discard.</div>
<div><br></div><div>But the thing is, when there is a multiple-recipient mail, lets say to <a href="mailto:white_user1@test.com" style="color:rgb(0, 0, 204)" target="_blank">white_user1@test.com</a>, <a href="mailto:white_user2@test.com" style="color:rgb(0, 0, 204)" target="_blank">white_user2@test.com</a>,<a href="mailto:black_user3@test.com" style="color:rgb(0, 0, 204)" target="_blank">black_user3@test.com</a>, <a href="mailto:black_user4@test.com" style="color:rgb(0, 0, 204)" target="_blank">black_user4@test.com</a>.</div>
<div><br></div><div>This mail will go to all these 4 users, the mails to black_user are maked as "Passed CLEAN", they are receiving the mails, but they shouldn't.</div><div><br></div><div>transfer_destination_recipient_limit has set to 1 already</div>
<div>in <a href="http://main.cf/" style="color:rgb(0, 0, 204)" target="_blank">main.cf</a></div><div>smtp-amavis_destination_recipient_limit = 1</div><div><br></div><div>This parameter is working, I can see the mail is splitted into 4 copies, sending to amavis one by one.</div>
<div><br></div><div>The mystic behavior is, if I telnet to <a href="http://127.0.0.1:25/" style="color:rgb(0, 0, 204)" target="_blank">127.0.0.1:25</a>, and send a multiple recipients mail, it is working fine, white_users are getting the mails, black_users are not receiving (Blocked SPAM).</div>
<div><br></div><div>If I send the same mail via SqWebmail or Outlook, all 4 users are receiving the mails (Passed CLEAN).</div><div><br></div><div>In all other cases, sending mails to 1 white user, 1 black user, or multiple white users or multiple black users are fine. No matter from telnet or webmail.</div>
<div><br></div><div>Please can anyone give me some idea? Many thanks! Sorry for the long mail :/</div><div><br></div><div>Thanks & Regards,</div><div>Joe</div><div><br></div><div><br></div><div><br></div><div>System:</div>
<div>Redhat EL 5.5</div><div>postfix-2.8.2-1.rhel5</div>
<div>amavisd-new-2.6.4-4.el5.rf</div><div>spamassassin-3.2.5-1.el5</div><div><br></div><div><br></div><div>Config:</div><div># postconf -n</div><div><div>alias_database = hash:/etc/postfix/aliases</div><div>alias_maps = hash:/etc/postfix/aliases</div>
<div>command_directory = /usr/sbin</div><div>config_directory = /etc/postfix</div><div>content_filter = smtp-amavis:[127.0.0.1]:10024</div><div>daemon_directory = /usr/libexec/postfix</div><div>data_directory = /var/lib/postfix</div>
<div>debug_peer_level = 2</div><div>home_mailbox = Maildir/</div><div>html_directory = /usr/share/doc/postfix-2.8.2-documentation/html</div><div>inet_interfaces = all</div><div>mail_owner = postfix</div><div>mailbox_command =</div>
<div>mailq_path = /usr/bin/mailq.postfix</div><div>manpage_directory = /usr/share/man</div><div>mydomain = <a href="http://test.com/" style="color:rgb(0, 0, 204)" target="_blank">test.com</a></div><div>myhostname = <a href="http://name.test.com/" style="color:rgb(0, 0, 204)" target="_blank">name.test.com</a></div>
<div>mynetworks = <a href="http://127.0.0.0/8" style="color:rgb(0, 0, 204)" target="_blank">127.0.0.0/8</a>, <a href="http://172.0.0.0/8" style="color:rgb(0, 0, 204)" target="_blank">172.0.0.0/8</a>, <a href="http://57.0.0.0/8" style="color:rgb(0, 0, 204)" target="_blank">57.0.0.0/8</a>, <a href="http://0.0.0.0/0" style="color:rgb(0, 0, 204)" target="_blank">0.0.0.0/0</a></div>
<div>mynetworks_style = class</div><div>myorigin = <a href="http://name.test.com/" style="color:rgb(0, 0, 204)" target="_blank">name.test.com</a></div><div>newaliases_path = /usr/bin/newaliases.postfix</div><div>queue_directory = /var/spool/postfix</div>
<div>readme_directory = /usr/share/doc/postfix-2.8.2-documentation/readme</div><div>relay_domains = $mydestination</div><div>relayhost = <a href="http://mail.test.com/" style="color:rgb(0, 0, 204)" target="_blank">mail.test.com</a></div>
<div>sample_directory = /etc/postfix</div><div>sendmail_path = /usr/sbin/sendmail.postfix</div><div>setgid_group = postdrop</div><div>unknown_local_recipient_reject_code = 550</div></div><div><br></div><div><br></div><div>
# amavisd.conf</div><div><div>use strict;</div><div>$max_servers = 2; # num of pre-forked children (2..30 is common), -m</div><div>$daemon_user = "amavis"; # (no default; customary: vscan or amavis), -u</div>
<div>$daemon_group = "amavis"; # (no default; customary: vscan or amavis), -g</div><div>$mydomain = '<a href="http://example.com/" style="color:rgb(0, 0, 204)" target="_blank">example.com</a>'; # a convenient default for other settings</div>
<div>$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T</div><div>$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc.</div><div>$QUARANTINEDIR = "/var/virusmails";</div>
<div>$db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D</div><div>$log_level = 0; # verbosity 0..5, -d</div><div>$log_recip_templ = undef; # disable by-recipient level-0 log entries</div>
<div>$DO_SYSLOG = 1; # log via syslogd (preferred)</div><div>$syslog_facility = 'mail'; # Syslog facility as a string</div><div> # e.g.: mail, daemon, user, local0, ... local7</div><div>$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string,</div>
<div> # choose from: emerg, alert, crit, err, warning, notice, info, debug</div><div>$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)</div><div>$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1</div>
<div>$nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed</div><div>$enable_dkim_verification = 1; # enable DKIM signatures verification</div><div>$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key</div>
<div>@local_domains_maps = ( [".$mydomain"] ); # list of all local domains</div><div>@mynetworks = qw( <a href="http://127.0.0.0/8" style="color:rgb(0, 0, 204)" target="_blank">127.0.0.0/8</a> [::1] [FE80::]/10 [FEC0::]/10</div>
<div> <a href="http://10.0.0.0/8" style="color:rgb(0, 0, 204)" target="_blank">10.0.0.0/8</a> <a href="http://172.16.0.0/12" style="color:rgb(0, 0, 204)" target="_blank">172.16.0.0/12</a> <a href="http://172.20.0.0/16" style="color:rgb(0, 0, 204)" target="_blank">172.20.0.0/16</a> <a href="http://192.168.0.0/16" style="color:rgb(0, 0, 204)" target="_blank">192.168.0.0/16</a> );</div>
<div>$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter</div><div> # option(s) -p overrides $inet_socket_port and $unix_socketname</div><div>$inet_socket_port = 10024; # listen on this local TCP port(s)</div>
<div>$policy_bank{'MYNETS'} = { # mail originating from @mynetworks</div><div> originating => 1, # is true in MYNETS by default, but let's make it explicit</div><div> os_fingerprint_method => undef, # don't query p0f for internal clients</div>
<div>};</div><div>$interface_policy{'10026'} = 'ORIGINATING';</div><div>$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users</div><div> originating => 1, # declare that mail was submitted by our smtp client</div>
<div> allow_disclaimers => 1, # enables disclaimer insertion if available</div><div> # notify administrator of locally originating malware</div><div> virus_admin_maps => ["virusalert\@$mydomain"],</div>
<div> spam_admin_maps => ["virusalert\@$mydomain"],</div><div> warnbadhsender => 1,</div><div> # forward to a smtpd service providing DKIM signing service</div><div> forward_method => 'smtp:[127.0.0.1]:10027',</div>
<div> # force MTA conversion to 7-bit (e.g. before DKIM signing)</div><div> smtpd_discard_ehlo_keywords => ['8BITMIME'],</div><div> bypass_banned_checks_maps => [1], # allow sending any file names and types</div>
<div> terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option</div><div>};</div><div>$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname</div><div>$policy_bank{'AM.PDP-SOCK'} = {</div>
<div> protocol => 'AM.PDP',</div><div> auth_required_release => 0, # do not require secret_id for amavisd-release</div><div>};</div><div>$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level</div>
<div>$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level</div><div>$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail)</div><div>$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent</div>
<div>$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From</div><div>$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database)</div><div>$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam</div>
<div>$bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces</div><div>$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger</div><div>$sa_local_tests_only = 0; # only tests which do not require internet access?</div>
<div>$virus_admin = "virusalert\@$mydomain"; # notifications recip.</div><div>$mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender</div><div>$mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender</div>
<div>$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender</div><div>$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef</div><div>@addr_extension_virus_maps = ('virus');</div>
<div>@addr_extension_banned_maps = ('banned');</div><div>@addr_extension_spam_maps = ('spam');</div><div>@addr_extension_bad_header_maps = ('badh');</div><div>$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';</div>
<div>$MAXLEVELS = 14;</div><div>$MAXFILES = 1500;</div><div>$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)</div><div>$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)</div>
<div>$sa_spam_subject_tag = '***SPAM*** ';</div><div>$defang_virus = 1; # MIME-wrap passed infected mail</div><div>$defang_banned = 1; # MIME-wrap passed mail containing banned name</div><div>$defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header</div>
<div>$defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters</div><div>$defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error</div><div>$myhostname = '<a href="http://name.test.com/" style="color:rgb(0, 0, 204)" target="_blank">name.test.com</a>';</div>
<div>$final_spam_destiny = D_DISCARD;</div><div>$spam_quarantine_to = '<a href="mailto:mailadmin@name.test.com" style="color:rgb(0, 0, 204)" target="_blank">mailadmin@name.test.com</a>';</div><div>(the rest is default ... skipped)</div>
<div><br></div><div><br></div><div><br></div><div>#maillog: from webmail, to 1white 1black, both Passed CLEAN</div><div><div>Oct 26 13:42:06 MYHOST postfix/qmgr[10353]: AC2081400AB: from=<<a href="mailto:mailadmin@MYHOST.MYDOMAIN.com">mailadmin@MYHOST.MYDOMAIN.com</a>>, size=680, nrcpt=2 (queue active)</div>
<div>Oct 26 13:42:06 MYHOST sendmail[10382]: p9Q5g69X010382: to=black_user1@MYDOMAIN.com,white_user1@MYDOMAIN.com, ctladdr=mailadmin@MYHOST (510/513), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=60270, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as AC2081400AB)</div>
<div>Oct 26 13:42:06 MYHOST postfix/smtpd[10349]: disconnect from localhost.localdomain[127.0.0.1]</div><div>Oct 26 05:42:07 MYHOST postfix/smtpd[10362]: connect from unknown[127.0.0.1]</div><div>Oct 26 05:42:07 MYHOST postfix/smtpd[10362]: 02E021400A9: client=unknown[127.0.0.1]</div>
<div>Oct 26 13:42:07 MYHOST postfix/cleanup[10352]: 02E021400A9: message-id=<201110260542.p9Q5g69X010382@MYHOST></div><div>Oct 26 13:42:07 MYHOST postfix/qmgr[10353]: 02E021400A9: from=<<a href="mailto:mailadmin@MYHOST.MYDOMAIN.com">mailadmin@MYHOST.MYDOMAIN.com</a>>, size=1182, nrcpt=1 (queue active)</div>
<div>Oct 26 13:42:07 MYHOST amavis[10374]: (10374-01) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [127.0.0.1]:45049 [127.0.0.1] <<a href="mailto:mailadmin@MYHOST.MYDOMAIN.com">mailadmin@MYHOST.MYDOMAIN.com</a>> -> <black_user1@MYDOMAIN.com>, Queue-ID: AC2081400AB, Message-ID: <201110260542.p9Q5g69X010382@MYHOST>, mail_id: KgZB572jGg2i, Hits: -65.031, size: 680, queued_as: 02E021400A9, 290 ms</div>
<div>Oct 26 05:42:07 MYHOST postfix/smtp[10354]: AC2081400AB: to=<black_user1@MYDOMAIN.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.35, delays=0.05/0.01/0.01/0.29, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 02E021400A9)</div>
<div>Oct 26 13:42:07 MYHOST postfix/smtpd[10389]: connect from unknown[127.0.0.1]</div><div>Oct 26 05:42:07 MYHOST postfix/smtpd[10389]: 226231400AA: client=unknown[127.0.0.1]</div><div>Oct 26 13:42:07 MYHOST postfix/cleanup[10352]: 226231400AA: message-id=<201110260542.p9Q5g69X010382@MYHOST></div>
<div>Oct 26 13:42:07 MYHOST postfix/qmgr[10353]: 226231400AA: from=<<a href="mailto:mailadmin@MYHOST.MYDOMAIN.com">mailadmin@MYHOST.MYDOMAIN.com</a>>, size=1180, nrcpt=1 (queue active)</div><div>Oct 26 13:42:07 MYHOST amavis[10375]: (10375-01) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [127.0.0.1]:45049 [127.0.0.1] <<a href="mailto:mailadmin@MYHOST.MYDOMAIN.com">mailadmin@MYHOST.MYDOMAIN.com</a>> -> <white_user1@MYDOMAIN.com>, Queue-ID: AC2081400AB, Message-ID: <201110260542.p9Q5g69X010382@MYHOST>, mail_id: L93xjk2OAuAe, Hits: -65.041, size: 680, queued_as: 226231400AA, 392 ms</div>
<div>Oct 26 05:42:07 MYHOST postfix/smtp[10355]: AC2081400AB: to=<white_user1@MYDOMAIN.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.47, delays=0.05/0.01/0.02/0.39, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 226231400AA)</div>
<div>Oct 26 13:42:07 MYHOST postfix/qmgr[10353]: AC2081400AB: removed</div></div><div><br></div><div><br></div><div>#maillog: from telnet, to 1white 1black, 1 Passed CLEAN, 1 Blocked SPAM</div><div><div>Oct 26 13:59:19 MYHOST postfix/qmgr[10353]: 8DCAA1400AD: from=<mailadmin@MYDOMAIN.com>, size=369, nrcpt=2 (queue active)</div>
<div>Oct 26 13:59:20 MYHOST postfix/smtpd[10461]: connect from unknown[127.0.0.1]</div><div>Oct 26 05:59:20 MYHOST postfix/smtpd[10461]: 553021400AE: client=unknown[127.0.0.1]</div><div>Oct 26 13:59:20 MYHOST postfix/cleanup[10453]: 553021400AE: message-id=<<a href="mailto:20111026055903.8DCAA1400AD@MYHOST.MYDOMAIN.com">20111026055903.8DCAA1400AD@MYHOST.MYDOMAIN.com</a>></div>
<div>Oct 26 13:59:20 MYHOST postfix/qmgr[10353]: 553021400AE: from=<mailadmin@MYDOMAIN.com>, size=869, nrcpt=1 (queue active)</div><div>Oct 26 13:59:20 MYHOST amavis[10375]: (10375-02) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [127.0.0.1]:36045 [127.0.0.1] <mailadmin@MYDOMAIN.com> -> <<a href="mailto:white_user1@cathaypacific.com">white_user1@cathaypacific.com</a>>, Queue-ID: 8DCAA1400AD, Message-ID: <<a href="mailto:20111026055903.8DCAA1400AD@MYHOST.MYDOMAIN.com">20111026055903.8DCAA1400AD@MYHOST.MYDOMAIN.com</a>>, mail_id: Q2xMkirv0Lky, Hits: -61.145, size: 369, queued_as: 553021400AE, 392 ms</div>
<div>Oct 26 13:59:20 MYHOST postfix/smtp[10458]: 8DCAA1400AD: to=<<a href="mailto:white_user1@cathaypacific.com">white_user1@cathaypacific.com</a>>, relay=127.0.0.1[127.0.0.1]:10024, delay=25, delays=25/0.02/0.01/0.39, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 553021400AE)</div>
<div>Oct 26 05:59:20 MYHOST postfix/smtpd[10461]: disconnect from unknown[127.0.0.1]</div><div>Oct 26 13:59:20 MYHOST postfix/smtpd[10449]: disconnect from localhost.localdomain[127.0.0.1]</div><div>Oct 26 05:59:21 MYHOST postfix/smtpd[10461]: connect from unknown[127.0.0.1]</div>
<div>Oct 26 05:59:21 MYHOST postfix/smtpd[10461]: CD81D1400AF: client=unknown[127.0.0.1]</div><div>Oct 26 13:59:21 MYHOST postfix/cleanup[10453]: CD81D1400AF: message-id=<<a href="mailto:20111026055903.8DCAA1400AD@MYHOST.MYDOMAIN.com">20111026055903.8DCAA1400AD@MYHOST.MYDOMAIN.com</a>></div>
<div>Oct 26 13:59:21 MYHOST postfix/qmgr[10353]: CD81D1400AF: from=<>, size=1346, nrcpt=1 (queue active)</div><div>Oct 26 05:59:21 MYHOST postfix/smtpd[10461]: disconnect from unknown[127.0.0.1]</div><div>Oct 26 13:59:21 MYHOST amavis[10374]: (10374-02) Blocked SPAM {DiscardedOutbound,Quarantined}, MYNETS LOCAL [127.0.0.1]:36045 [127.0.0.1] <mailadmin@MYDOMAIN.com> -> <<a href="mailto:black_user1@cathaypacific.com">black_user1@cathaypacific.com</a>>, quarantine: <a href="mailto:mailadmin@MYHOST.MYDOMAIN.com">mailadmin@MYHOST.MYDOMAIN.com</a>, Queue-ID: 8DCAA1400AD, Message-ID: <<a href="mailto:20111026055903.8DCAA1400AD@MYHOST.MYDOMAIN.com">20111026055903.8DCAA1400AD@MYHOST.MYDOMAIN.com</a>>, mail_id: rLzdynCV41ce, Hits: 38.855, size: 369, 1876 ms</div>
<div>Oct 26 13:59:21 MYHOST postfix/smtp[10457]: 8DCAA1400AD: to=<<a href="mailto:black_user1@cathaypacific.com">black_user1@cathaypacific.com</a>>, relay=127.0.0.1[127.0.0.1]:10024, delay=26, delays=25/0.01/0.02/1.9, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=10374-02 - spam)</div>
<div>Oct 26 13:59:21 MYHOST postfix/qmgr[10353]: 8DCAA1400AD: removed</div><div>Oct 26 13:59:21 MYHOST postfix/local[10463]: warning: database /etc/postfix/aliases.db is older than source file /etc/postfix/aliases</div><div>
Oct 26 13:59:21 MYHOST postfix/local[10463]: CD81D1400AF: to=<<a href="mailto:mailadmin@MYHOST.MYDOMAIN.com">mailadmin@MYHOST.MYDOMAIN.com</a>>, relay=local, delay=0.07, delays=0.01/0.04/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)</div>
</div>
</div></span>