<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div class="moz-cite-prefix">On 04/20/2017 04:51 AM, Dino Edwards
wrote:<br>
</div>
<blockquote
cite="mid:13937A461B5E0A40810939402AE476D60138ED2841@hdgexchange.deeztek.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.inner-pre
{mso-style-name:inner-pre;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">In
the
</span>@lookup_sql_dsn I have the following which works with
no problem:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">@lookup_sql_dsn
= (<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">
['DBI:mysql:database=dbase;host=127.0.0.1;port=3306',<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">
'sqluser',<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">
'somepassword']);<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I’m
not exactly sure what you are attempting to do with the
</span>$sql_select_policy statement, maybe you can elaborate?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<br>
To lookup the valid users and mail originating from them is accepted
going to anyone.<br>
<br>
And the error did not occur last night. I can't find anything that
I updated since Apr 10, but the powerup I did yesterday (this test
system has been down all of Passover), may have read in fresh
configs that fixed a mysql access issue that I missed.<br>
<br>
<br>
Of course <a class="moz-txt-link-abbreviated" href="mailto:root@z9m9z.test.htt-consult.com">root@z9m9z.test.htt-consult.com</a> is not a user in the
database, or an alias of one. Only users at the domain level
(<a class="moz-txt-link-abbreviated" href="mailto:root@test.htt-consult.com">root@test.htt-consult.com</a>) are currently defined. I think this is
a postfixadmin problem...<br>
<br>
<br>
<blockquote
cite="mid:13937A461B5E0A40810939402AE476D60138ED2841@hdgexchange.deeztek.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">
amavis-users
[<a class="moz-txt-link-freetext" href="mailto:amavis-users-bounces+dino.edwards=mydirectmail.net@amavis.org">mailto:amavis-users-bounces+dino.edwards=mydirectmail.net@amavis.org</a>]
<b>On Behalf Of </b>Robert Moskowitz<br>
<b>Sent:</b> Wednesday, April 19, 2017 4:49 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:amavis-users@amavis.org">amavis-users@amavis.org</a><br>
<b>Subject:</b> Open relay from localhost and other
questions<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">This is my new
test setup.<br>
<br>
I end amavis.conf with:<br>
<br>
<br>
1; # insure a defined return value<br>
$mydomain = 'test.htt-consult.com';<br>
$helpers_home = "$MYHOME/var"; # working
directory for SpamAssassin, -S<br>
$myhostname = 'z9m9z.test.htt-consult.com'; # must
be a fully-qualified domain name!<br>
$log_level = 1; # set the log level to one<br>
$sa_tag_level_deflt = -99; # I want to see the headers so
change to -99<br>
$sa_tag2_level_deflt = 5.0; # start with 5<br>
$sa_kill_level_deflt = 9;<br>
$sa_dsn_cutoff_level = 9;<br>
$sa_quarantine_cutoff_level = 50;<br>
$notify_method = 'smtp:[127.0.0.1]:10025';<br>
$forward_method = 'smtp:[127.0.0.1]:10025';<br>
$final_banned_destiny = D_DISCARD;<br>
$final_spam_destiny = D_PASS; <br>
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
[2607:f4b8:3::]/48<br>
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
50.253.254.0/28);<br>
@lookup_sql_dsn =<br>
(
['DBI:mysql:database=postfix;host=localhost;mysql_socket=/var/lib/mysql/mysql.sock',
'postfix','postfixpassword] );<br>
$sql_select_white_black_list = undef;<br>
$sql_select_policy = 'SELECT "Y" as local, 1 as id FROM domain
WHERE CONCAT("@",domain) IN (%k)';<br>
1; # insure a defined return value<br>
<br>
This was done by appending my specific options after the 1;
line then adding my own 1; line.<br>
<br>
<a moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com">root@z9m9z.test.htt-consult.com</a><br>
<br>
is NOT in the postfix database<br>
<br>
In postfix/mail.cf I have:<br>
<br>
postconf -e 'content_filter = amavis:[127.0.0.1]:10024'<br>
<br>
and in master.cf I have:<o:p></o:p></p>
<pre><span class="inner-pre"><span style="font-size:12.0pt">smtpd pass - - n - - smtpd<o:p></o:p></span></span></pre>
<pre><span class="inner-pre"><span style="font-size:12.0pt">pickup unix n - n 60 1 pickup<o:p></o:p></span></span></pre>
<pre><span class="inner-pre"><span style="font-size:12.0pt"> -o content_filter=<o:p></o:p></span></span></pre>
<pre><span class="inner-pre"><span style="font-size:12.0pt">amavis unix - - y - 2 lmtp<o:p></o:p></span></span></pre>
<pre><span class="inner-pre"><span style="font-size:12.0pt"> -o lmtp_data_done_timeout=1200<o:p></o:p></span></span></pre>
<pre><span class="inner-pre"><span style="font-size:12.0pt"> -o lmtp_send_xforward_command=yes<o:p></o:p></span></span></pre>
<pre><span class="inner-pre"><span style="font-size:12.0pt"> -o disable_dns_lookups=yes<o:p></o:p></span></span></pre>
<pre><span class="inner-pre"><span style="font-size:12.0pt"> -o max_use=20<o:p></o:p></span></span></pre>
<pre><span class="inner-pre"><span style="font-size:12.0pt"><o:p> </o:p></span></span></pre>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
I am seeing the following in maillog from logwatch:<br>
<br>
Lots of questions. The 4th line has a amavis SQL failure.<br>
Then concern that it is coming from an open relay?<br>
Amavis gets called a 2nd then 3rd time? Should I put
content_filter= with gmgr so it does not call amavis?<br>
<br>
thanks<br>
<br>
Apr 10 03:34:36 z9m9z postfix/pickup[1501]: C735BB25B: uid=0
from=<root><br>
<br>
Apr 10 03:34:37 z9m9z postfix/cleanup[2077]: C735BB25B:
message-id=<a moz-do-not-send="true"
href="mailto:20170410073436.C735BB25B@z9m9z.test.htt-consult.com"><20170410073436.C735BB25B@z9m9z.test.htt-consult.com></a><br>
<br>
Apr 10 03:34:37 z9m9z postfix/qmgr[3107]: C735BB25B: from=<a
moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com"><root@z9m9z.test.htt-consult.com></a>,
size=5300, nrcpt=1 (queue active)<br>
<br>
Apr 10 03:34:38 z9m9z amavis[2045]: (02045-11) NOTICE:
reconnecting in response to: err=2006, HY000, DBD::mysql::st
execute failed: MySQL server has gone away at (eval 129) line
172.<br>
<br>
Apr 10 03:34:38 z9m9z amavis[2045]: (02045-11) LMTP
[127.0.0.1]:10024
/var/spool/amavisd/tmp/amavis-20170409T010521-02045-SZAIGFN5:
<a moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com"><root@z9m9z.test.htt-consult.com></a>
->
<a moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com"><root@z9m9z.test.htt-consult.com></a>
SIZE=5300 Received: from z9m9z.test.htt-consult.com
([127.0.0.1]) by localhost (z9m9z.test.htt-consult.com
[127.0.0.1]) (amavisd-new, port 10024) with LMTP for
<a moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com"><root@z9m9z.test.htt-consult.com></a>;
Mon, 10 Apr 2017 03:34:38 -0400 (EDT)<br>
<br>
Apr 10 03:34:38 z9m9z amavis[2045]: (02045-11) Checking:
SGMxb1MYeOCZ [127.0.0.1]
<a moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com"><root@z9m9z.test.htt-consult.com></a>
->
<a moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com"><root@z9m9z.test.htt-consult.com></a><br>
<br>
Apr 10 03:34:38 z9m9z amavis[2045]: (02045-11) Open relay?
Nonlocal recips but not originating:
<a moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com">root@z9m9z.test.htt-consult.com</a><br>
<br>
Apr 10 03:34:51 z9m9z postfix/smtpd[2120]: connect from
localhost[127.0.0.1]<br>
<br>
Apr 10 03:34:52 z9m9z postfix/smtpd[2120]: 9D31F6B28:
client=localhost[127.0.0.1]<br>
<br>
Apr 10 03:34:52 z9m9z postfix/cleanup[2077]: 9D31F6B28:
message-id=<a moz-do-not-send="true"
href="mailto:20170410073436.C735BB25B@z9m9z.test.htt-consult.com"><20170410073436.C735BB25B@z9m9z.test.htt-consult.com></a><br>
<br>
Apr 10 03:34:52 z9m9z postfix/smtpd[2120]: disconnect from
localhost[127.0.0.1]<br>
<br>
Apr 10 03:34:52 z9m9z amavis[2045]: (02045-11) SGMxb1MYeOCZ
FWD from <a moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com">
<root@z9m9z.test.htt-consult.com></a> -> <a
moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com">
<root@z9m9z.test.htt-consult.com></a>, BODY=7BIT 250
2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued
as 9D31F6B28<br>
<br>
Apr 10 03:34:52 z9m9z postfix/qmgr[3107]: 9D31F6B28: from=<a
moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com"><root@z9m9z.test.htt-consult.com></a>,
size=5795, nrcpt=1 (queue active)<br>
<br>
Apr 10 03:34:52 z9m9z amavis[2045]: (02045-11) Passed CLEAN
{RelayedOpenRelay}, [127.0.0.1]
<a moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com"><root@z9m9z.test.htt-consult.com></a>
->
<a moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com"><root@z9m9z.test.htt-consult.com></a>,
Message-ID:
<a moz-do-not-send="true"
href="mailto:20170410073436.C735BB25B@z9m9z.test.htt-consult.com"><20170410073436.C735BB25B@z9m9z.test.htt-consult.com></a>,
mail_id: SGMxb1MYeOCZ, Hits: -0.001, size: 5294, queued_as:
9D31F6B28, 14698 ms<br>
<br>
Apr 10 03:34:52 z9m9z postfix/lmtp[2099]: C735BB25B: to=<a
moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com"><root@z9m9z.test.htt-consult.com></a>,
orig_to=<root>, relay=127.0.0.1[127.0.0.1]:10024,
delay=30, delays=15/0.18/0.14/15, dsn=2.0.0, status=sent (250
2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued
as 9D31F6B28)<br>
<br>
Apr 10 03:34:52 z9m9z postfix/qmgr[3107]: C735BB25B: removed<br>
<br>
Apr 10 03:34:52 z9m9z postfix/cleanup[2077]: E8ABF4F8A:
message-id=<a moz-do-not-send="true"
href="mailto:20170410073436.C735BB25B@z9m9z.test.htt-consult.com"><20170410073436.C735BB25B@z9m9z.test.htt-consult.com></a><br>
<br>
Apr 10 03:34:53 z9m9z postfix/local[2126]: 9D31F6B28: to=<a
moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com"><root@z9m9z.test.htt-consult.com></a>,
relay=local, delay=0.38, delays=0.09/0.2/0/0.09, dsn=2.0.0,
status=sent (forwarded as E8ABF4F8A)<br>
<br>
Apr 10 03:34:53 z9m9z postfix/qmgr[3107]: E8ABF4F8A: from=<a
moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com"><root@z9m9z.test.htt-consult.com></a>,
size=5947, nrcpt=1 (queue active)<br>
<br>
Apr 10 03:34:53 z9m9z postfix/qmgr[3107]: 9D31F6B28: removed<br>
<br>
Apr 10 03:34:55 z9m9z postfix/smtp[2128]: Untrusted TLS
connection established to
z9m9z.htt-consult.com[50.253.254.3]:25: TLSv1.2 with cipher
DHE-RSA-AES256-GCM-SHA384 (256/256 bits)<br>
<br>
Apr 10 03:34:57 z9m9z postfix/smtp[2128]: E8ABF4F8A: to=<a
moz-do-not-send="true" href="mailto:rgm@htt-consult.com"><rgm@htt-consult.com></a>,
orig_to=<a moz-do-not-send="true"
href="mailto:root@z9m9z.test.htt-consult.com"><root@z9m9z.test.htt-consult.com></a>,
relay=z9m9z.htt-consult.com[50.253.254.3]:25, delay=4.3, <br>
delays=0.05/0.11/1.9/2.2, dsn=2.0.0, status=sent (250 2.0.0
Ok: queued as 2B51E6212F)<br>
<br>
Apr 10 03:34:57 z9m9z postfix/qmgr[3107]: E8ABF4F8A: removed<o:p></o:p></p>
</div>
</blockquote>
<br>
</body>
</html>