0

I'm trying to implement a mail server with postfix + policyd/amavis + mysql white/blacklist lookups.

The problem is that I would like to have "intermediate" queue between them in case one of them fails the email don't be rejected and remains in queue until the fail point recover.

My idea is the following:

postfix(25) -> queue -> mysql white/blacklist lookups (RBL) -> queue -> policyd(10031)/amavis(10014) -> queue -> dspam(sock) -> postfix(10025)/relay

With this idea, if one of the "intermediate" points fail, I will not lose any email and all will remain in queues.

My config is: main.cf

...
transport_maps = ldap:/etc/postfix/perditionMailhost_ldap
content_filter = amavisd-new:[127.0.0.1]:10024
...
smtpd_recipient_restrictions =
 reject_invalid_hostname,
 check_client_access mysql:/etc/postfix/client_whitelist
 check_sender_access mysql:/etc/postfix/sender_whitelist
 check_recipient_access mysql:/etc/postfix/recipient_whitelist
 reject_rbl_client multi.uribl.com,
 reject_rbl_client dsn.rfc-ignorant.org,
 reject_rbl_client dul.dnsbl.sorbs.net,
 reject_rbl_client list.dsbl.org,
 reject_rbl_client sbl-xbl.spamhaus.org,
 reject_rbl_client bl.spamcop.net,
 reject_rbl_client dnsbl.sorbs.net,
 reject_rbl_client cbl.abuseat.org,
 reject_rbl_client ix.dnsbl.manitu.net,
 reject_rbl_client combined.rbl.msrbl.net,
 reject_rbl_client rabl.nuclearelephant.com,
 check_policy_service inet:127.0.0.1:10031,
 permit_mynetworks,
 reject
smtpd_end_of_data_restrictions =
 check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
disable_vrfy_command = yes
invalid_hostname_reject_code = 554
non_fqdn_reject_code = 554
...

master.cf

smtp      inet  n       -       n       -       200       smtpd -v
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
amavisd-new unix      -      -             n      -    2       smtp
        -o smtp_data_done_timeout=1200s
        -o disable_dns_lookups=yes
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
        -o disable_dns_lookups=yes
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
127.0.0.1:10025 inet     n       -       n       -       -       smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes

Any help how to do it? even, I'm not sure if it is possible.

Thanks & Regards.

magiza83
  • 83
  • 2
  • 10

1 Answers1

1

You need an additional postfix smtp instance, listening for different port for intermediate queue.

Processing should be like that:

  1. smtp on port 25 receive incoming email.
  2. email message forwarded to amavisd, selected by content_filter directive in your main.cf

  3. amavisd injects e-mail to intermediate new smtp process, listening on some port, e.g. 11025. You need to set this in amavisd configuration: $forward_method = 'smtp:[127.0.0.1]:1025'; intermediate smtp should have content_filer directive, pointing to dspam, 

    127.0.0.1:11025      inet  n       -       n       -       -       smtpd
      -o content_filter=dspam:
  4. There should be pipe process, getting emails do dspam.
  5. dspam have email delivered to last smtp on port 10025, with config you already have.
DukeLion
  • 3,259
  • 1
  • 18
  • 19
  • Ok, so I have to create an extra postfix instance for any intermediate queue, but what about having an "initial" queue if mysql is down? Is there any way to do it? – magiza83 May 21 '12 at 11:52
  • Postfix will have queues for each smtpd process. Initial queue will be [active queue](http://www.postfix.org/QSHAPE_README.html#active_queue) of smtpd on port 25 – DukeLion May 21 '12 at 11:58
  • I'm trying to configure additional postfix smtp instances, but i'm not able to make to talk each other. I do not know how to redirect conections from postfix(25) to postfix(10025) – magiza83 May 21 '12 at 15:25