install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install_amavis.sh: change to 'Post-Queue' setting.

Browse Source
This commit is contained in:
Christoph
2026-01-07 00:13:13 +01:00
parent b09baa144c
commit cd39cb98b8
1 changed files with 48 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
install_amavis.sh
View File

@@ -4923,36 +4923,50 @@ else
fi fi
## - Provide an 'After-queue filter' (classic content filter):
## -
## - - The external sender communicates with port 25.
## - - Postfix accepts the email and initially places it in the queue.
## - - Postfix then forwards the email to Amavis (10024).
## - - Amavis returns it to Postfix (typically on 10025).
## -
## - Advantage:
## - Port 25 is 'normal Postfix SMTP'
## - -> Milters (OpenDMARC/OpenDKIM verify) access port 25 cleanly
## - -> DMARC reject happens in the SMTP dialog (if you set it up that way
## - and the checks pass 'pre-queue')
## -
## - Disadvantage:
## - Some types of rejections may no longer happen 'before queue', but only later
## - (depending on the type of check)
## -
## -
## - Set up /etc/postfix/master ## - Set up /etc/postfix/master
## - ## -
## - Forward emails to amavis using "Pre-Queue" Option smtpd_proxy_filter ## - Forward emails to amavis using "After-Queue-Filter" Option content_filter
## - ## -
## - edit /etc/postfix/master.cf and add flags for "smtpd_proxy_filter" (to ## - edit /etc/postfix/master.cf and add flags for "content_filter" (to
## - forward to amavis service on localhost port 10024) and for "content_filter" ## - forward to amavis service on localhost port 10024)
## - (to avoid rechecking by "Post-Queue" content_filter) to smtp service
## - ## -
## - smtp inet n - - - - smtpd ## - smtp inet n - - - - smtpd
## - -o smtpd_proxy_filter=127.0.0.1:10024 ## - -o content_filter=amavisfeed:[127.0.0.1]:10024
## - -o content_filter=
## - ## -
## - take care, that, in case NOT to reject, amavis fowards the mail to the ## - !! Noticw !!
## - MTA (Postfix) for delivering. To avoid loops in checking, install a ## - - take care localhost:10025 has empty 'content_filter'
## - (Postfix) smtpd service on a local Port (10025) without checking anymore
## - ## -
## - to do this edit /etc/postfix/master.cf and add service: ## - localhost:10025 inet n - y - - smtpd
## - ## - -o content_filter=
## - localhost:10025 inet n - - - - smtpd ## - -o smtpd_proxy_filter=
## - -o content_filter= ## - -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128
## - -o smtpd_proxy_filter= ## - -o smtpd_client_restrictions=
## - -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128 ## - -o smtpd_helo_restrictions=
## - -o smtpd_client_restrictions= ## - -o smtpd_sender_restrictions=
## - -o smtpd_helo_restrictions= ## - -o smtpd_recipient_restrictions=permit_mynetworks,reject
## - -o smtpd_sender_restrictions= ## - -o smtpd_data_restrictions=
## - -o smtpd_recipient_restrictions=permit_mynetworks,reject ## - -o mynetworks=127.0.0.0/8,[::1]/128
## - -o smtpd_data_restrictions= ## - -o receive_override_options=no_unknown_recipient_checks
## - -o mynetworks=127.0.0.0/8,[::1]/128,<$_ipv4_address/32>
## - -o receive_override_options=no_unknown_recipient_checks
## - ## -
## - - take care not to have 'content_filter' set im main.cf
postfix_master_cf="/etc/postfix/master.cf" postfix_master_cf="/etc/postfix/master.cf"
echo "" echo ""
echononl " Backup file \"${postfix_master_cf}\"" echononl " Backup file \"${postfix_master_cf}\""
@@ -5004,10 +5018,7 @@ while IFS='' read -r _line || [[ -n $_line ]] ; do
_found=true _found=true
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
smtp inet n - y - - smtpd smtp inet n - y - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10024 -o content_filter=amavisfeed:[127.0.0.1]:10024
-o content_filter=
-o smtpd_milters=
-o non_smtpd_milters=
EOF EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
@@ -5031,7 +5042,8 @@ localhost:10025 inet n - y - - smtpd
EOF EOF
if [[-n "$(which opendmarc)" ]] ; then if [[-n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendmarc/opendmarc.sock # IMPORTANT: no opendmarc here!
#-o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF EOF
fi fi
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
@@ -5047,8 +5059,7 @@ EOF
_found=true _found=true
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
${additional_smtp_port} inet n - y - - smtpd ${additional_smtp_port} inet n - y - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10024 -o content_filter=amavisfeed:[127.0.0.1]:10024
-o content_filter=
EOF EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
@@ -5073,11 +5084,9 @@ EOF
if [[ -n "$(which opendkim)" ]] ; then if [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock -o smtpd_milters=local:/opendkim/opendkim.sock
-o milter_macro_daemon_name=ORIGINATING
EOF EOF
fi fi
cat >> $postfix_master_cf << EOF
#-o milter_macro_daemon_name=ORIGINATING
EOF
if ! $smtps_present ; then if ! $smtps_present ; then
if ! $localhost_10025_present ; then if ! $localhost_10025_present ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
@@ -5095,12 +5104,10 @@ localhost:10025 inet n - y - - smtpd
EOF EOF
if [[ -n "$(which opendmarc)" ]] ; then if [[ -n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendmarc/opendmarc.sock # IMPORTANT: no opendmarc here!
#-o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF EOF
fi fi
cat >> $postfix_master_cf << EOF
#-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32
EOF
fi fi
if ! $amavisfeed_present ; then if ! $amavisfeed_present ; then
@@ -5130,11 +5137,9 @@ EOF
if [[ -n "$(which opendkim)" ]] ; then if [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock -o smtpd_milters=local:/opendkim/opendkim.sock
-o milter_macro_daemon_name=ORIGINATING
EOF EOF
fi fi
cat >> $postfix_master_cf << EOF
#-o milter_macro_daemon_name=ORIGINATING
EOF
if ! $localhost_10025_present ; then if ! $localhost_10025_present ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
@@ -5152,12 +5157,10 @@ localhost:10025 inet n - y - - smtpd
EOF EOF
if [[ -n "$(which opendmarc)" ]] ; then if [[ -n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendmarc/opendmarc.sock # IMPORTANT: no opendmarc here!
#-o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF EOF
fi fi
cat >> $postfix_master_cf << EOF
#-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32
EOF
fi fi
if ! $amavisfeed_present ; then if ! $amavisfeed_present ; then
@@ -5191,12 +5194,10 @@ localhost:10025 inet n - y - - smtpd
EOF EOF
if [[ -n "$(which opendmarc)" ]] ; then if [[ -n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendmarc/opendmarc.sock # IMPORTANT: no opendmarc here!
#-o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF EOF
fi fi
cat >> $postfix_master_cf << EOF
#-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32
EOF
continue continue
fi fi