Hello, I know this has been raised for million times, but my situation is a bit different, googled for weeks but no goal.
I have a Postfix + Amavisd-new + SpamAssassin as a mail gateway to filter out the mails by using whitelist_to and blacklist_to in SpamAssassin only, yes everything is so simply, no virus checking, no others. Just check the recipient address to decide relay or discard. But the thing is, when there is a multiple-recipient mail, lets say to [email protected], [email protected],[email protected], [email protected]. This mail will go to all these 4 users, the mails to black_user are maked as "Passed CLEAN", they are receiving the mails, but they shouldn't. transfer_destination_recipient_limit has set to 1 already in main.cf smtp-amavis_destination_recipient_limit = 1 This parameter is working, I can see the mail is splitted into 4 copies, sending to amavis one by one. The mystic behavior is, if I telnet to 127.0.0.1:25, and send a multiple recipients mail, it is working fine, white_users are getting the mails, black_users are not receiving (Blocked SPAM). If I send the same mail via SqWebmail or Outlook, all 4 users are receiving the mails (Passed CLEAN). In all other cases, sending mails to 1 white user, 1 black user, or multiple white users or multiple black users are fine. No matter from telnet or webmail. Please can anyone give me some idea? Many thanks! Sorry for the long mail :/ Thanks & Regards, Joe System: Redhat EL 5.5 postfix-2.8.2-1.rhel5 amavisd-new-2.6.4-4.el5.rf spamassassin-3.2.5-1.el5 Config: # postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = /usr/share/doc/postfix-2.8.2-documentation/html inet_interfaces = all mail_owner = postfix mailbox_command = mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydomain = test.com myhostname = name.test.com mynetworks = 127.0.0.0/8, 172.0.0.0/8, 57.0.0.0/8, 0.0.0.0/0 mynetworks_style = class myorigin = name.test.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.8.2-documentation/readme relay_domains = $mydestination relayhost = mail.test.com sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 # amavisd.conf use strict; $max_servers = 2; # num of pre-forked children (2..30 is common), -m $daemon_user = "amavis"; # (no default; customary: vscan or amavis), -u $daemon_group = "amavis"; # (no default; customary: vscan or amavis), -g $mydomain = 'example.com'; # a convenient default for other settings $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. $QUARANTINEDIR = "/var/virusmails"; $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D $log_level = 0; # verbosity 0..5, -d $log_recip_templ = undef; # disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_facility = 'mail'; # Syslog facility as a string # e.g.: mail, daemon, user, local0, ... local7 $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, # choose from: emerg, alert, crit, err, warning, notice, info, debug $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed $enable_dkim_verification = 1; # enable DKIM signatures verification $enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key @local_domains_maps = ( [".$mydomain"] ); # list of all local domains @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 172.20.0.0/16 192.168.0.0/16 ); $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter # option(s) -p overrides $inet_socket_port and $unix_socketname $inet_socket_port = 10024; # listen on this local TCP port(s) $policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients }; $interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available # notify administrator of locally originating malware virus_admin_maps => ["virusalert\@$mydomain"], spam_admin_maps => ["virusalert\@$mydomain"], warnbadhsender => 1, # forward to a smtpd service providing DKIM signing service forward_method => 'smtp:[127.0.0.1]:10027', # force MTA conversion to 7-bit (e.g. before DKIM signing) smtpd_discard_ehlo_keywords => ['8BITMIME'], bypass_banned_checks_maps => [1], # allow sending any file names and types terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option }; $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname $policy_bank{'AM.PDP-SOCK'} = { protocol => 'AM.PDP', auth_required_release => 0, # do not require secret_id for amavisd-release }; $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? $virus_admin = "virusalert\@$mydomain"; # notifications recip. $mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender $mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender $mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef @addr_extension_virus_maps = ('virus'); @addr_extension_banned_maps = ('banned'); @addr_extension_spam_maps = ('spam'); @addr_extension_bad_header_maps = ('badh'); $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; $MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) $sa_spam_subject_tag = '***SPAM*** '; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name $defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header $defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error $myhostname = 'name.test.com'; $final_spam_destiny = D_DISCARD; $spam_quarantine_to = '[email protected]'; (the rest is default ... skipped) #maillog: from webmail, to 1white 1black, both Passed CLEAN Oct 26 13:42:06 MYHOST postfix/qmgr[10353]: AC2081400AB: from=< [email protected]>, size=680, nrcpt=2 (queue active) Oct 26 13:42:06 MYHOST sendmail[10382]: p9Q5g69X010382: [email protected],[email protected], ctladdr=mailadmin@MYHOST (510/513), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=60270, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as AC2081400AB) Oct 26 13:42:06 MYHOST postfix/smtpd[10349]: disconnect from localhost.localdomain[127.0.0.1] Oct 26 05:42:07 MYHOST postfix/smtpd[10362]: connect from unknown[127.0.0.1] Oct 26 05:42:07 MYHOST postfix/smtpd[10362]: 02E021400A9: client=unknown[127.0.0.1] Oct 26 13:42:07 MYHOST postfix/cleanup[10352]: 02E021400A9: message-id=<201110260542.p9Q5g69X010382@MYHOST> Oct 26 13:42:07 MYHOST postfix/qmgr[10353]: 02E021400A9: from=< [email protected]>, size=1182, nrcpt=1 (queue active) Oct 26 13:42:07 MYHOST amavis[10374]: (10374-01) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [127.0.0.1]:45049 [127.0.0.1] < [email protected]> -> <[email protected]>, Queue-ID: AC2081400AB, Message-ID: <201110260542.p9Q5g69X010382@MYHOST>, mail_id: KgZB572jGg2i, Hits: -65.031, size: 680, queued_as: 02E021400A9, 290 ms Oct 26 05:42:07 MYHOST postfix/smtp[10354]: AC2081400AB: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.35, delays=0.05/0.01/0.01/0.29, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 02E021400A9) Oct 26 13:42:07 MYHOST postfix/smtpd[10389]: connect from unknown[127.0.0.1] Oct 26 05:42:07 MYHOST postfix/smtpd[10389]: 226231400AA: client=unknown[127.0.0.1] Oct 26 13:42:07 MYHOST postfix/cleanup[10352]: 226231400AA: message-id=<201110260542.p9Q5g69X010382@MYHOST> Oct 26 13:42:07 MYHOST postfix/qmgr[10353]: 226231400AA: from=< [email protected]>, size=1180, nrcpt=1 (queue active) Oct 26 13:42:07 MYHOST amavis[10375]: (10375-01) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [127.0.0.1]:45049 [127.0.0.1] < [email protected]> -> <[email protected]>, Queue-ID: AC2081400AB, Message-ID: <201110260542.p9Q5g69X010382@MYHOST>, mail_id: L93xjk2OAuAe, Hits: -65.041, size: 680, queued_as: 226231400AA, 392 ms Oct 26 05:42:07 MYHOST postfix/smtp[10355]: AC2081400AB: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.47, delays=0.05/0.01/0.02/0.39, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 226231400AA) Oct 26 13:42:07 MYHOST postfix/qmgr[10353]: AC2081400AB: removed #maillog: from telnet, to 1white 1black, 1 Passed CLEAN, 1 Blocked SPAM Oct 26 13:59:19 MYHOST postfix/qmgr[10353]: 8DCAA1400AD: from=<[email protected]>, size=369, nrcpt=2 (queue active) Oct 26 13:59:20 MYHOST postfix/smtpd[10461]: connect from unknown[127.0.0.1] Oct 26 05:59:20 MYHOST postfix/smtpd[10461]: 553021400AE: client=unknown[127.0.0.1] Oct 26 13:59:20 MYHOST postfix/cleanup[10453]: 553021400AE: message-id=< [email protected]> Oct 26 13:59:20 MYHOST postfix/qmgr[10353]: 553021400AE: from=<[email protected]>, size=869, nrcpt=1 (queue active) Oct 26 13:59:20 MYHOST amavis[10375]: (10375-02) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [127.0.0.1]:36045 [127.0.0.1] <[email protected]> -> <[email protected]>, Queue-ID: 8DCAA1400AD, Message-ID: <[email protected]>, mail_id: Q2xMkirv0Lky, Hits: -61.145, size: 369, queued_as: 553021400AE, 392 ms Oct 26 13:59:20 MYHOST postfix/smtp[10458]: 8DCAA1400AD: to=< [email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=25, delays=25/0.02/0.01/0.39, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 553021400AE) Oct 26 05:59:20 MYHOST postfix/smtpd[10461]: disconnect from unknown[127.0.0.1] Oct 26 13:59:20 MYHOST postfix/smtpd[10449]: disconnect from localhost.localdomain[127.0.0.1] Oct 26 05:59:21 MYHOST postfix/smtpd[10461]: connect from unknown[127.0.0.1] Oct 26 05:59:21 MYHOST postfix/smtpd[10461]: CD81D1400AF: client=unknown[127.0.0.1] Oct 26 13:59:21 MYHOST postfix/cleanup[10453]: CD81D1400AF: message-id=< [email protected]> Oct 26 13:59:21 MYHOST postfix/qmgr[10353]: CD81D1400AF: from=<>, size=1346, nrcpt=1 (queue active) Oct 26 05:59:21 MYHOST postfix/smtpd[10461]: disconnect from unknown[127.0.0.1] Oct 26 13:59:21 MYHOST amavis[10374]: (10374-02) Blocked SPAM {DiscardedOutbound,Quarantined}, MYNETS LOCAL [127.0.0.1]:36045 [127.0.0.1] <[email protected]> -> <[email protected]>, quarantine: [email protected], Queue-ID: 8DCAA1400AD, Message-ID: < [email protected]>, mail_id: rLzdynCV41ce, Hits: 38.855, size: 369, 1876 ms Oct 26 13:59:21 MYHOST postfix/smtp[10457]: 8DCAA1400AD: to=< [email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=26, delays=25/0.01/0.02/1.9, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=10374-02 - spam) Oct 26 13:59:21 MYHOST postfix/qmgr[10353]: 8DCAA1400AD: removed Oct 26 13:59:21 MYHOST postfix/local[10463]: warning: database /etc/postfix/aliases.db is older than source file /etc/postfix/aliases Oct 26 13:59:21 MYHOST postfix/local[10463]: CD81D1400AF: to=< [email protected]>, relay=local, delay=0.07, delays=0.01/0.04/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
