install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install_amavis.sh: change to 'Post-Queue' setting.

Browse Source
This commit is contained in:
Christoph
2026-01-07 00:13:13 +01:00
parent b09baa144c
commit cd39cb98b8
1 changed files with 48 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
install_amavis.sh
View File

@@ -4923,25 +4923,38 @@ else
fi
## - Provide an 'After-queue filter' (classic content filter):
## -
## - - The external sender communicates with port 25.
## - - Postfix accepts the email and initially places it in the queue.
## - - Postfix then forwards the email to Amavis (10024).
## - - Amavis returns it to Postfix (typically on 10025).
## -
## - Advantage:
## - Port 25 is 'normal Postfix SMTP'
## - -> Milters (OpenDMARC/OpenDKIM verify) access port 25 cleanly
## - -> DMARC reject happens in the SMTP dialog (if you set it up that way
## - and the checks pass 'pre-queue')
## -
## - Disadvantage:
## - Some types of rejections may no longer happen 'before queue', but only later
## - (depending on the type of check)
## -
## -
## - Set up /etc/postfix/master
## -
## - Forward emails to amavis using "Pre-Queue" Option smtpd_proxy_filter
## - Forward emails to amavis using "After-Queue-Filter" Option content_filter
## -
## - edit /etc/postfix/master.cf and add flags for "smtpd_proxy_filter" (to
## - forward to amavis service on localhost port 10024) and for "content_filter"
## - (to avoid rechecking by "Post-Queue" content_filter) to smtp service
## - edit /etc/postfix/master.cf and add flags for "content_filter" (to
## - forward to amavis service on localhost port 10024)
## -
## - smtp inet n - - - - smtpd
## - -o smtpd_proxy_filter=127.0.0.1:10024
## - -o content_filter=
## - -o content_filter=amavisfeed:[127.0.0.1]:10024
## -
## - take care, that, in case NOT to reject, amavis fowards the mail to the
## - MTA (Postfix) for delivering. To avoid loops in checking, install a
## - (Postfix) smtpd service on a local Port (10025) without checking anymore
## - !! Noticw !!
## - - take care localhost:10025 has empty 'content_filter'
## -
## - to do this edit /etc/postfix/master.cf and add service:
## -
## - localhost:10025 inet n - - - - smtpd
## - localhost:10025 inet n - y - - smtpd
## - -o content_filter=
## - -o smtpd_proxy_filter=
## - -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128
@@ -4950,9 +4963,10 @@ fi
## - -o smtpd_sender_restrictions=
## - -o smtpd_recipient_restrictions=permit_mynetworks,reject
## - -o smtpd_data_restrictions=
## - -o mynetworks=127.0.0.0/8,[::1]/128,<$_ipv4_address/32>
## - -o mynetworks=127.0.0.0/8,[::1]/128
## - -o receive_override_options=no_unknown_recipient_checks
## -
## - - take care not to have 'content_filter' set im main.cf
postfix_master_cf="/etc/postfix/master.cf"
echo ""
echononl " Backup file \"${postfix_master_cf}\""
@@ -5004,10 +5018,7 @@ while IFS='' read -r _line || [[ -n $_line ]] ; do
_found=true
cat >> $postfix_master_cf << EOF
smtp inet n - y - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10024
-o content_filter=
-o smtpd_milters=
-o non_smtpd_milters=
-o content_filter=amavisfeed:[127.0.0.1]:10024
EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
cat >> $postfix_master_cf << EOF
@@ -5031,7 +5042,8 @@ localhost:10025 inet n - y - - smtpd
EOF
if [[-n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendmarc/opendmarc.sock
# IMPORTANT: no opendmarc here!
#-o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF
fi
cat >> $postfix_master_cf << EOF
@@ -5047,8 +5059,7 @@ EOF
_found=true
cat >> $postfix_master_cf << EOF
${additional_smtp_port} inet n - y - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10024
-o content_filter=
-o content_filter=amavisfeed:[127.0.0.1]:10024
EOF
if [[ "$SASL_AUTH_ENABLED" = "no" ]] ; then
cat >> $postfix_master_cf << EOF
@@ -5073,11 +5084,9 @@ EOF
if [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
-o milter_macro_daemon_name=ORIGINATING
EOF
fi
cat >> $postfix_master_cf << EOF
#-o milter_macro_daemon_name=ORIGINATING
EOF
if ! $smtps_present ; then
if ! $localhost_10025_present ; then
cat >> $postfix_master_cf << EOF
@@ -5095,12 +5104,10 @@ localhost:10025 inet n - y - - smtpd
EOF
if [[ -n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendmarc/opendmarc.sock
# IMPORTANT: no opendmarc here!
#-o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF
fi
cat >> $postfix_master_cf << EOF
#-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32
EOF
fi
if ! $amavisfeed_present ; then
@@ -5130,11 +5137,9 @@ EOF
if [[ -n "$(which opendkim)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendkim/opendkim.sock
-o milter_macro_daemon_name=ORIGINATING
EOF
fi
cat >> $postfix_master_cf << EOF
#-o milter_macro_daemon_name=ORIGINATING
EOF
if ! $localhost_10025_present ; then
cat >> $postfix_master_cf << EOF
@@ -5152,12 +5157,10 @@ localhost:10025 inet n - y - - smtpd
EOF
if [[ -n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendmarc/opendmarc.sock
# IMPORTANT: no opendmarc here!
#-o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF
fi
cat >> $postfix_master_cf << EOF
#-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32
EOF
fi
if ! $amavisfeed_present ; then
@@ -5191,12 +5194,10 @@ localhost:10025 inet n - y - - smtpd
EOF
if [[ -n "$(which opendmarc)" ]] ; then
cat >> $postfix_master_cf << EOF
-o smtpd_milters=local:/opendmarc/opendmarc.sock
# IMPORTANT: no opendmarc here!
#-o smtpd_milters=local:/opendmarc/opendmarc.sock
EOF
fi
cat >> $postfix_master_cf << EOF
#-o mynetworks=127.0.0.0/8,[::1]/128,${IPV4}/32
EOF
continue
fi