AMaViS 隔离电子邮件退回

tag-icon tag-icon postfix amavis
AMaViS 隔离电子邮件退回

我现在已经束手无策了。我已经设置了 AMaViS 和 ClamAV,并将它们链接到 Postfix。一切似乎都运行良好。只是隔离邮件没有送达,我不知道原因。

如果我使用测试文件向自己发送 GTUBE/Eicar 电子邮件,它会被丢弃(或者,如果我改变命运,它会被传递,所以我知道那部分正在运行),但我没有在指定的地址收到隔离电子邮件。

有趣的是,我知道电子邮件正在发送,因为我收到了包含报告的该地址的退回邮件(通知电子邮件正在将报告发送给其自身)。退回邮件告诉我“虚拟别名表中的用户未知”的原因。这显然不可能,因为该地址/别名是收到退回邮件的地址!

postconf -n以下是(敏感信息已删除)的输出:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 1d
message_size_limit = 20480000
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, localhost, example.com
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:8891
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sender_bcc_maps = hash:/etc/postfix/bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_security_options
smtp_tls_loglevel = 2
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = permit_sasl_authenticated reject_unauth_destination reject_rbl_client zen.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_tls_CAfile = [Server CA File]
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = [Server Cert]
smtpd_tls_key_file = [Server Key]
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

以下是来自 AMaViS 会议的相关条目(我认为):

$virus_admin               = '[email protected]';                    # notifications recip.
$mailfrom_notify_admin     = '[email protected]';                    # notifications sender
$mailfrom_notify_recip     = '[email protected]';                    # notifications sender
$mailfrom_notify_spamadmin = '[email protected]';                    # notifications sender
$virus_quarantine_to = '[email protected]';
$virus_quarantine_method = 'smtp:127.0.0.1:10025';
$spam_quarantine_to = '[email protected]';
$spam_quarantine_method = 'smtp:127.0.0.1:10025';

当然还有 Postfixmaster.cf文件:

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o content_filter=amavisfeed:[127.0.0.1]:10026
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

amavisfeed unix    -       -       n        -      5     lmtp
  -o lmtp_data_done_timeout=1200
  -o lmtp_send_xforward_command=yes
  -o disable_dns_lookups=yes
  -o max_use=20

127.0.0.1:10025 inet n    -       n       -       -     smtpd
  -o content_filter=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=reject_unauth_pipelining
  -o smtpd_end_of_data_restrictions=
  -o smtpd_restriction_classes=
  -o mynetworks=127.0.0.0/8
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
  -o local_header_rewrite_clients=
  -o smtpd_milters=
  -o local_recipient_maps=
  -o relay_recipient_maps=

如果我需要提供更多信息或会议记录,请大声喊叫。

答案1

我想我应该发布解决方案,因为我刚刚花了一些时间来解决这个问题。

该问题是由于重新注入 SMTPD 守护进程的配置中的此行引起的:

-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings

请注意最后一个参数 -“无地址映射”- 这会阻止 Postfix 重新评估虚拟别名并将其映射到真实(或虚拟)邮箱。

由于 AMavis 正在使用重新注入守护进程注入新消息(通知消息),因此它从未经历过第一次地址扩展(发生在主 SMTP 守护进程上),并且此选项会阻止在重新注入守护进程内部发生扩展。

解决方案 - 应从上面一行中删除此选项,并将其添加到“main.cf”文件中:

receive_override_options = no_address_mappings

这将确保地址扩展在内容过滤器之后完成,而不是之前。这也是 Postfix 文档建议的做法。

这样做还有一个额外的好处,就是确保像“x-original-to”这样的附加标题也保持完整(在 OP 的配置中并非如此)。

希望有所帮助。

相关内容