1

I set up a postfix email server following an article series from the linux babe for my company and it seems to be working fine with a couple of exceptions. In the maillog I am seeing the following warnings:

  • postfix/10025/smtpd[169161]: warning: milter inet:127.0.0.1:783: unreasonable packet length: 1397768525 > 1073741823
  • postfix/10025/smtpd[169161]: warning: milter inet:127.0.0.1:783: read error in initial handshake

Did anyone encounter this type of error?

  • Alma Linux 8
  • Postfix version 2:3.5.8-4.el8
  • Postgrey version 1.37-9.el8
  • Spamass-milter version 0.4.0-13.el8
  • Spamassassin version 3.4.6-1.el8
postfix/main.cf section:
<--- Start --->
policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
   permit_mynetworks
   permit_sasl_authenticated
   reject_unauth_destination
   check_policy_service unix:private/policyd-spf
   check_policy_service unix:postgrey/socket
   check_client_access hash:/etc/postfix/rbl_override
   reject_rhsbl_helo dbl.spamhaus.org
   reject_rhsbl_reverse_client dbl.spamhaus.org
   reject_rhsbl_sender dbl.spamhaus.org
   permit_dnswl_client list.dnswl.org=127.0.[0..255].[1..3]
   reject_rbl_client zen.spamhaus.org

##Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:783,unix:/run/spamass-milter/spamass-milter.sock
non_smtpd_milters = $smtpd_milters

content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd_proxy_options = speed_adjust
<--- end --->


postfix/master.cf section:
<--- start --->
#==========================================================================
#service type  private unpriv  chroot  wakeup  maxproc command + args
#(yes)   (yes)   (no)    (never) (100)
#==========================================================================
smtp      inet  n       -       n       -       -       smtpd
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o content_filter=smtp-amavis:[127.0.0.1]:10026
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o content_filter=smtp-amavis:[127.0.0.1]:10026
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o syslog_name=postfix/$service_name
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
policyd-spf  unix  -       n       n       -       0       spawn user=policyd-spf argv=/usr/libexec/postfix/policyd-spf
smtp-amavis  unix  -       -       n       -       2       smtp
        -o syslog_name=postfix/amavis
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o max_use=20
        -o smtp_tls_security_level=none

127.0.0.1:10025   inet   n    -     n     -     -    smtpd
        -o syslog_name=postfix/10025
        -o content_filter=
        -o mynetworks_style=host
        -o mynetworks=127.0.0.0/8
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o strict_rfc821_envelopes=yes
        -o smtp_tls_security_level=none
        -o smtpd_tls_security_level=none
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
<--- end --->

sysconfig/spamass-milter section:
<--- start --->
EXTRA_FLAGS="-e mydomainname.com -u sa-milt -m -r 8 -R SPAM_ARE_NOT_ALLOWED_HERE -i 127.0.0.1 -g sa-milt -- --max-size=5120000"
<--- end --->

sysconfig/spamassassin section:
<--- Start --->
SPAMDOPTIONS="-c -m5 -H --razor-home-dir='/var/lib/razor/' --razor-log-file='sys-syslog' --nouser-config --virtual-config-dir=/var/vmail/%d/%l/spamassassin --username=vmail"
<--- end --->
anx
  • 8,963
  • 5
  • 24
  • 48
phyre
  • 11
  • 1
  • You have 1 policy daemon, 3 milters (third one sounds like spamassassin, first one sounds like opendkim), *and* one additional filter bundled in (amavis). You very likely have a problem with the second milter, the one at `127.0.0.1:783` which your questions does nt yet provide details on. – anx Mar 09 '23 at 17:46
  • Usually when you play this (I don't like it at all, but it does follow the 2007 documentation) game of handing mail between ports 25=>10024=>10025, you would configure the milters to to be called only once. Please compare your configuration in `master.cf` (specifically the section of options following port 10025) to the instructions you used to setup amavis. Your `receive_override_options` setting there does not list `no_milters`, yet it looks like you meant to call other milters before amavis. – anx Mar 09 '23 at 17:52
  • Does this answer your question? [Debugging spamassassin with postfix](https://serverfault.com/questions/752437/debugging-spamassassin-with-postfix) – Nikita Kipriyanov Mar 11 '23 at 04:25

1 Answers1

1

I suspect that your most pressing configuration issue is that you added the spamassassin daemon (that normally talks to programs like spamc or spamass-milter) to the Postfix interface that speaks the Sendmail Milter protocol.

This line now mentions spamassassin twice, more importantly, once referring to a port that does not speak the Milter protocol postfix expected of entries of this configuration:

smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:783,unix:/run/spamass-milter/spamass-milter.sock

Remove that entry, you already have spamassass-milter listed here, listening on a unix socket clearly spelling out the name:

smtpd_milters = inet:127.0.0.1:8891,unix:/run/spamass-milter/spamass-milter.sock

After this change, you are not done, you still need to investigate why you are calling Milters twice. Your global configuration sets milters which affect the smtpd services calling them both before (that would produce log prefixes like postfix/smtpd) and after (thats is what the postfix/10025/smtpd log line refers to) amavis.

anx
  • 8,963
  • 5
  • 24
  • 48