AMaViS Quarantine Emails Bouncing

Question

I'm at my wits end here. I've set up AMaViS and ClamAV and linked them in to Postfix. Everything seems to be working fine. Except the quarantine emails are not being delivered and I can't work out why.

If I use a test file to send a GTUBE/Eicar email to myself it gets discarded (or passed on if I change the destiny, so I know that part is working) but I don't get the quarantine email at the address I specified.

Interestingly enough, I know the email is sending because I get a bounce to that address (the notifier email is sending the report to itself) containing the report. The bounce email gives me the "User unknown in virtual alias table" reason. Which obviously cannot be the case because that address/alias is the one receiving the bounce!

Here is the output of postconf -n (sensitive info redacted):

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 1d
message_size_limit = 20480000
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, localhost, example.com
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:8891
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sender_bcc_maps = hash:/etc/postfix/bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_security_options
smtp_tls_loglevel = 2
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = permit_sasl_authenticated reject_unauth_destination reject_rbl_client zen.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_tls_CAfile = [Server CA File]
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = [Server Cert]
smtpd_tls_key_file = [Server Key]
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

Here are the relevant (I assume) entries from the AMaViS conf:

$virus_admin               = 'virusalert@example.com';                    # notifications recip.
$mailfrom_notify_admin     = 'virusalert@example.com';                    # notifications sender
$mailfrom_notify_recip     = 'virusalert@example.com';                    # notifications sender
$mailfrom_notify_spamadmin = 'virusalert@example.com';                    # notifications sender
$virus_quarantine_to = 'virusalert@example.com';
$virus_quarantine_method = 'smtp:127.0.0.1:10025';
$spam_quarantine_to = 'spamtrap@example.com';
$spam_quarantine_method = 'smtp:127.0.0.1:10025';

And of course the Postfix master.cf file:

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o content_filter=amavisfeed:[127.0.0.1]:10026
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

amavisfeed unix    -       -       n        -      5     lmtp
  -o lmtp_data_done_timeout=1200
  -o lmtp_send_xforward_command=yes
  -o disable_dns_lookups=yes
  -o max_use=20

127.0.0.1:10025 inet n    -       n       -       -     smtpd
  -o content_filter=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=reject_unauth_pipelining
  -o smtpd_end_of_data_restrictions=
  -o smtpd_restriction_classes=
  -o mynetworks=127.0.0.0/8
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
  -o local_header_rewrite_clients=
  -o smtpd_milters=
  -o local_recipient_maps=
  -o relay_recipient_maps=

Yell if I need to provide more info or conf lines.

score 0 · Answer 1 · answered Dec 12 '17 at 19:43

I thought I'd post the solution as I've just spent some time troubleshooting this.

The issue is due to this line in the re-injection SMTPD daemon's config:

-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings

Note that last parameter - "no_address_mappings" - That stops postfix from re-evaluating virtual aliases and mapping them to real (or virtual) mailboxes.

Because AMavis is injecting a new message (the notification message) using the re-injection daemon, it has never been through the first address expansion (that happens on the main SMTP daemon), and this option stops the expansion from happening inside the re-injection daemon.

The solution - this option should be removed from the above line, and instead added into the "main.cf" file:

receive_override_options = no_address_mappings

This will ensure that address expansion is done AFTER the content filter, not before. This is how the postfix documentation recommends it be done also.

Doing this also has the added benefit of ensuring that additional headers like "x-original-to" are also left intact (which is not the case in the OP's config).

Hope that helps.

AMaViS Quarantine Emails Bouncing

1 Answers1