postfx submission uses wrong amavis policy bank

Tue Oct 25 16:13:02 CEST 2011

Christian,

> I've got a question about the postfix submission and the regular
> content_filter/smtpd_proxy_filter filter.
> My postfix master.cf configuration looks like:
> 
> smtp      inet  n       -       -       -       10       smtpd
>    -o receive_override_options=no_address_mappings
>    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
>    -o smtpd_authorized_xclient_hosts=127.0.0.0/8
>    -o smtpd_proxy_filter=127.0.0.1:10031
> 
> # Submission Port 587 mit DKIM Signierung
> submission inet n       -       -       -       10       smtpd
>    -o receive_override_options=no_address_mappings
>    -o smtpd_tls_wrappermode=no
>    -o smtpd_sasl_auth_enable=yes
>    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>    -o content_filter=smtp-amavis:[127.0.0.1]:10026
>    -o syslog_name=postfix-submission
>    -o smtpd_proxy_filter=
> 
> # SMTPS Port 465 mit DKIM SIgnierung
> smtps     inet  n       -       -       -       10       smtpd
>    -o receive_override_options=no_address_mappings
>    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
>    -o smtpd_authorized_xclient_hosts=127.0.0.0/8
>    -o smtpd_tls_wrappermode=yes
>    -o smtpd_sasl_auth_enable=yes
>    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>    -o content_filter=smtp-amavis:[127.0.0.1]:10026
>    -o syslog_name=postfix-smtps
>    -o smtpd_proxy_filter=
> 
> So I expected that an email from the localhost send over the submission
> port will run trough the content filter sasl_bypass on port 10026. But
> amavis send the email trough port 10031 which is the prequeue_filter for
> the "normal" smtp daemon. Here is the log extraction:
> 
> Oct 18 18:09:48 mx02 postfix/smtpd[24105]: connect from
> localhost.localdomain[127.0.0.1]
> Oct 18 18:09:48 mx02 postfix/smtpd[24105]: NOQUEUE:
> client=localhost.localdomain[127.0.0.1], sasl_method=LOGIN,
> sasl_username=sender at domain.com
> Oct 18 18:09:48 mx02 amavis-mynet[21732]: (21732-04) ESMTP::10031
> /var/lib/amavis/tmp/amavis-20111018T175643-21732: <sender at domain.com> ->
> <recipient at domain2.com> Received: from mx02.domain2.com ([127.0.0.1]) by
> localhost (mx02.domain2.com [127.0.0.1]) (amavisd-new, port 10031) with
> ESMTP for <recipient at domain2.com>; Tue, 18 Oct 2011 18:09:48 +0200
> (CEST)
> Oct 18 18:09:48 mx02 amavis-mynet[21732]: (21732-04) Checking:
> qWgpcJS5+Gxq prequeue_filter/MYNETS [127.0.0.1] <sender at domain.com> ->
> <recipient at domain2.com>
> 
> I'made sure the the only postition were I forward a message to port
> 10031 will be at the smtpd_proxy_filter. So I can't find a mistake... is
> there something that I don't know about the amavs submission behavior.
> Are there overlapping configuration parameters?

I can't see a mistake in the shown configuration.
Are you absolutely sure you sent to a submission port?
Just in case, check: grep submission /etc/services
Check connections with tcpdump.

> is there something that I don't know about the amavs submission behavior.
> Are there overlapping configuration parameters?

I doubt it, nothing specific regarding amavisd here.
The smtpd_proxy_filter and content_filter and not overlapping,
these are two independent functions and independent settings.
The postfix list may be able to offer further advice on troubleshooting.

  Mark