# Postfix+amavis

## deval

После перенастройки postfix+amavis+clamav+spamassassin по инструкции с сайта docs.gentoo.org перестали работать алиасы в файле virtual.db

Как я понимаю amavis не смотрит при доставке почты в этот файл. После непродолжительного поиска нужного параметра в файле amavis.conf не нашел. 

Подскажите как это можно исправить с минимальными затратами

----------

## ba

а что есть файл virtual.db? вообще если в нем содержатся алиасы, то надо смотреть настройки постфикса, а не амависа.

----------

## deval

В первоначальной настройке Postfix работал и брал алиасы из файла /etc/mail/virtual.db получаемого из /etc/mail/virtual. После перенастройки на связку с spamassassin  в файле : main.cf поменялась одна строчка которая указывала фильтр. А вот все алиасы работать перестали

----------

## ba

конфиг тогда покажи...

----------

## deval

Результат выдаваемый командой postconf:

2bounce_notice_recipient = postmaster

access_map_reject_code = 554

address_verify_default_transport = $default_transport

address_verify_local_transport = $local_transport

address_verify_map =

address_verify_negative_cache = yes

address_verify_negative_expire_time = 3d

address_verify_negative_refresh_time = 3h

address_verify_poll_count = 3

address_verify_poll_delay = 3s

address_verify_positive_expire_time = 31d

address_verify_positive_refresh_time = 7d

address_verify_relay_transport = $relay_transport

address_verify_relayhost = $relayhost

address_verify_sender = postmaster

address_verify_service_name = verify

address_verify_transport_maps = $transport_maps

address_verify_virtual_transport = $virtual_transport

alias_database = hash:/etc/mail/aliases

alias_maps = hash:/etc/mail/aliases

allow_mail_to_commands = alias, forward

allow_mail_to_files = alias, forward

allow_min_user = no

allow_percent_hack = yes

allow_untrusted_routing = no

alternate_config_directories =

always_bcc =

anvil_rate_time_unit = 60s

anvil_status_update_time = 600s

append_at_myorigin = yes

append_dot_mydomain = yes

application_event_drain_time = 100s

authorized_flush_users = static:anyone

authorized_mailq_users = static:anyone

authorized_submit_users = static:anyone

backwards_bounce_logfile_compatibility = yes

berkeley_db_create_buffer_size = 16777216

berkeley_db_read_buffer_size = 131072

best_mx_transport =

biff = yes

body_checks =

body_checks_size_limit = 51200

bounce_notice_recipient = postmaster

bounce_queue_lifetime = 5d

bounce_service_name = bounce

bounce_size_limit = 50000

broken_sasl_auth_clients = no

canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient

canonical_maps =

cleanup_service_name = cleanup

command_directory = /usr/sbin

command_execution_directory =

command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ

command_time_limit = 1000s

config_directory = /etc/postfix

connection_cache_service = scache

connection_cache_status_update_time = 600s

connection_cache_ttl_limit = 2s

content_filter = smtp-amavis:[127.0.0.1]:10024                   # Вот эта строчка была изменена после настройки clamav+amavis+spamassassin

daemon_directory = /usr/lib/postfix

daemon_timeout = 18000s

debug_peer_level = 2

debug_peer_list =

default_database_type = hash

default_delivery_slot_cost = 5

default_delivery_slot_discount = 50

default_delivery_slot_loan = 3

default_destination_concurrency_limit = 2

default_destination_recipient_limit = 50

default_extra_recipient_limit = 1000

default_minimum_delivery_slots = 3

default_privs = nobody

default_process_limit = 100

default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}

default_recipient_limit = 10000

default_transport = smtp

default_verp_delimiters = +=

defer_code = 450

defer_service_name = defer

defer_transports =

delay_notice_recipient = postmaster

delay_warning_time = 0h

deliver_lock_attempts = 20

deliver_lock_delay = 1s

disable_dns_lookups = no

disable_mime_input_processing = no

disable_mime_output_conversion = no

disable_verp_bounces = no

disable_vrfy_command = no

dont_remove = 0

double_bounce_sender = double-bounce

duplicate_filter_limit = 1000

empty_address_recipient = MAILER-DAEMON

enable_original_recipient = yes

error_notice_recipient = postmaster

error_service_name = error

execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ

expand_owner_alias = no

export_environment = TZ MAIL_CONFIG

fallback_relay =

fallback_transport =

fast_flush_domains = $relay_domains

fast_flush_purge_time = 7d

fast_flush_refresh_time = 12h

fault_injection_code = 0

flush_service_name = flush

fork_attempts = 5

fork_delay = 1s

forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ

forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward

hash_queue_depth = 1

hash_queue_names = deferred, defer

header_address_token_limit = 10240

header_checks =

header_size_limit = 102400

helpful_warnings = yes

home_mailbox =

hopcount_limit = 50

html_directory = /usr/share/doc/postfix-2.2.5/html

ignore_mx_lookup_error = no

import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY

in_flow_delay = 1s

inet_interfaces = all

inet_protocols = ipv4

initial_destination_concurrency = 5

invalid_hostname_reject_code = 501

ipc_idle = 100s

ipc_timeout = 3600s

ipc_ttl = 1000s

line_length_limit = 2048

lmtp_cache_connection = yes

lmtp_connect_timeout = 0s

lmtp_data_done_timeout = 600s

lmtp_data_init_timeout = 120s

lmtp_data_xfer_timeout = 180s

lmtp_destination_concurrency_limit = $default_destination_concurrency_limit

lmtp_destination_recipient_limit = $default_destination_recipient_limit

lmtp_lhlo_timeout = 300s

lmtp_mail_timeout = 300s

lmtp_quit_timeout = 300s

lmtp_rcpt_timeout = 300s

lmtp_rset_timeout = 20s

lmtp_sasl_auth_enable = no

lmtp_sasl_password_maps =

lmtp_sasl_security_options = noplaintext, noanonymous

lmtp_send_xforward_command = no

lmtp_skip_quit_response = no

lmtp_tcp_port = 24

lmtp_xforward_timeout = 300s

local_command_shell =

local_destination_concurrency_limit = 2

local_destination_recipient_limit = 1

local_header_rewrite_clients = permit_inet_interfaces

local_recipient_maps = proxy:unix:passwd.byname $alias_maps

local_transport = local:$myhostname

luser_relay =

mail_name = Postfix

mail_owner = postfix

mail_release_date = 20060405

mail_spool_directory = /var/spool/mail

mail_version = 2.2.10

mailbox_command =

mailbox_command_maps =

mailbox_delivery_lock = fcntl, dotlock

mailbox_size_limit = 200000000

mailbox_transport =

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

maps_rbl_domains =

maps_rbl_reject_code = 554

masquerade_classes = envelope_sender, header_sender, header_recipient

masquerade_domains =

masquerade_exceptions =

max_idle = 100s

max_use = 100

maximal_backoff_time = 4000s

maximal_queue_lifetime = 5d

message_size_limit = 10240000

mime_boundary_length_limit = 2048

mime_header_checks = $header_checks

mime_nesting_limit = 100

minimal_backoff_time = 1000s

multi_recipient_bounce_reject_code = 550

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

mydomain = *

myhostname = *

mynetworks = *,*,*,*,*,*,*

mynetworks_style = subnet

myorigin = $mydomain

nested_header_checks = $header_checks

newaliases_path = /usr/bin/newaliases

non_fqdn_reject_code = 504

notify_classes = resource, software, delay, bounce

owner_request_special = yes

parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps

permit_mx_backup_networks =

pickup_service_name = pickup

prepend_delivered_header = command, file, forward

process_id_directory = pid

propagate_unmatched_extensions = canonical, virtual

proxy_interfaces =

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks

qmgr_clog_warn_time = 300s

qmgr_fudge_factor = 100

qmgr_message_active_limit = 20000

qmgr_message_recipient_limit = 20000

qmgr_message_recipient_minimum = 10

qmqpd_authorized_clients =

qmqpd_error_delay = 1s

qmqpd_timeout = 300s

queue_directory = /var/spool/postfix

queue_file_attribute_count_limit = 100

queue_minfree = 0

queue_run_delay = 1000s

queue_service_name = qmgr

rbl_reply_maps =

readme_directory = /usr/share/doc/postfix-2.2.5/readme

receive_override_options = no_address_mappings

recipient_bcc_maps =

recipient_canonical_classes = envelope_recipient, header_recipient

recipient_canonical_maps =

recipient_delimiter =

reject_code = 554

relay_clientcerts =

relay_destination_concurrency_limit = $default_destination_concurrency_limit

relay_destination_recipient_limit = $default_destination_recipient_limit

relay_domains = $mydestination

relay_domains_reject_code = 554

relay_recipient_maps =

relay_transport = relay

relayhost =

relocated_maps =

remote_header_rewrite_domain =

require_home_directory = no

resolve_dequoted_address = yes

resolve_null_domain = no

rewrite_service_name = rewrite

sample_directory = /etc/postfix

sender_based_routing = no

sender_bcc_maps =

sender_canonical_classes = envelope_sender, header_sender

sender_canonical_maps =

sendmail_path = /usr/sbin/sendmail

service_throttle_time = 60s

setgid_group = postdrop

show_user_unknown_table_name = yes

showq_service_name = showq

smtp_always_send_ehlo = yes

smtp_bind_address =

smtp_bind_address6 =

smtp_cname_overrides_servername = yes

smtp_connect_timeout = 30s

smtp_connection_cache_destinations =

smtp_connection_cache_on_demand = yes

smtp_connection_cache_reuse_limit = 10

smtp_connection_cache_time_limit = 2s

smtp_data_done_timeout = 600s

smtp_data_init_timeout = 120s

smtp_data_xfer_timeout = 180s

smtp_defer_if_no_mx_address_found = no

smtp_destination_concurrency_limit = $default_destination_concurrency_limit

smtp_destination_recipient_limit = $default_destination_recipient_limit

smtp_discard_ehlo_keyword_address_maps =

smtp_discard_ehlo_keywords =

smtp_enforce_tls = no

smtp_generic_maps =

smtp_helo_name = $myhostname

smtp_helo_timeout = 300s

smtp_host_lookup = dns

smtp_line_length_limit = 990

smtp_mail_timeout = 300s

smtp_mx_address_limit = 0

smtp_mx_session_limit = 2

smtp_never_send_ehlo = no

smtp_pix_workaround_delay_time = 10s

smtp_pix_workaround_threshold_time = 500s

smtp_quit_timeout = 300s

smtp_quote_rfc821_envelope = yes

smtp_randomize_addresses = yes

smtp_rcpt_timeout = 300s

smtp_rset_timeout = 20s

smtp_sasl_auth_enable = no

smtp_sasl_mechanism_filter =

smtp_sasl_password_maps =

smtp_sasl_security_options = noplaintext, noanonymous

smtp_sasl_tls_security_options = $var_smtp_sasl_opts

smtp_send_xforward_command = no

smtp_skip_5xx_greeting = yes

smtp_skip_quit_response = yes

smtp_starttls_timeout = 300s

smtp_tls_CAfile =

smtp_tls_CApath =

smtp_tls_cert_file =

smtp_tls_cipherlist =

smtp_tls_dcert_file =

smtp_tls_dkey_file = $smtp_tls_dcert_file

smtp_tls_enforce_peername = yes

smtp_tls_key_file = $smtp_tls_cert_file

smtp_tls_loglevel = 0

smtp_tls_note_starttls_offer = no

smtp_tls_per_site =

smtp_tls_scert_verifydepth = 5

smtp_tls_session_cache_database =

smtp_tls_session_cache_timeout = 3600s

smtp_use_tls = no

smtp_xforward_timeout = 300s

smtpd_authorized_verp_clients = $authorized_verp_clients

smtpd_authorized_xclient_hosts =

smtpd_authorized_xforward_hosts =

smtpd_banner = $myhostname ESMTP $mail_name

smtpd_client_connection_count_limit = 50

smtpd_client_connection_rate_limit = 0

smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}

smtpd_client_message_rate_limit = 0

smtpd_client_recipient_rate_limit = 0

smtpd_client_restrictions =

smtpd_data_restrictions =

smtpd_delay_reject = yes

smtpd_discard_ehlo_keyword_address_maps =

smtpd_discard_ehlo_keywords =

smtpd_end_of_data_restrictions =

smtpd_enforce_tls = no

smtpd_error_sleep_time = 1s

smtpd_etrn_restrictions =

smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~

smtpd_forbidden_commands = CONNECT GET POST

smtpd_hard_error_limit = 20

smtpd_helo_required = no

smtpd_helo_restrictions =

smtpd_history_flush_threshold = 100

smtpd_junk_command_limit = 100

smtpd_noop_commands =

smtpd_null_access_lookup_key = <>

smtpd_policy_service_max_idle = 300s

smtpd_policy_service_max_ttl = 1000s

smtpd_policy_service_timeout = 100s

smtpd_proxy_ehlo = $myhostname

smtpd_proxy_filter =

smtpd_proxy_timeout = 100s

smtpd_recipient_limit = 1000

smtpd_recipient_overshoot_limit = 1000

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

smtpd_reject_unlisted_recipient = yes

smtpd_reject_unlisted_sender = no

smtpd_restriction_classes =

smtpd_sasl_application_name = smtpd

smtpd_sasl_auth_enable = no

smtpd_sasl_exceptions_networks =

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

smtpd_sasl_tls_security_options = $smtpd_sasl_security_options

smtpd_sender_login_maps =

smtpd_sender_restrictions =

smtpd_soft_error_limit = 10

smtpd_starttls_timeout = 300s

smtpd_timeout = 300s

smtpd_tls_CAfile =

smtpd_tls_CApath =

smtpd_tls_ask_ccert = no

smtpd_tls_auth_only = no

smtpd_tls_ccert_verifydepth = 5

smtpd_tls_cert_file =

smtpd_tls_cipherlist =

smtpd_tls_dcert_file =

smtpd_tls_dh1024_param_file =

smtpd_tls_dh512_param_file =

smtpd_tls_dkey_file = $smtpd_tls_dcert_file

smtpd_tls_key_file = $smtpd_tls_cert_file

smtpd_tls_loglevel = 0

smtpd_tls_received_header = no

smtpd_tls_req_ccert = no

smtpd_tls_session_cache_database =

smtpd_tls_session_cache_timeout = 3600s

smtpd_tls_wrappermode = no

smtpd_use_tls = no

soft_bounce = no

stale_lock_time = 500s

strict_7bit_headers = no

strict_8bitmime = no

strict_8bitmime_body = no

strict_mime_encoding_domain = no

strict_rfc821_envelopes = no

sun_mailtool_compatibility = no

swap_bangpath = yes

syslog_facility = mail

syslog_name = postfix

tls_daemon_random_bytes = 32

tls_random_bytes = 32

tls_random_exchange_name = ${config_directory}/prng_exch

tls_random_prng_update_period = 3600s

tls_random_reseed_period = 3600s

tls_random_source = dev:/dev/urandom

trace_service_name = trace

transport_maps =

transport_retry_time = 60s

trigger_timeout = 10s

undisclosed_recipients_header = To: undisclosed-recipients:;

unknown_address_reject_code = 450

unknown_client_reject_code = 450

unknown_hostname_reject_code = 450

unknown_local_recipient_reject_code = 550

unknown_relay_recipient_reject_code = 550

unknown_virtual_alias_reject_code = 550

unknown_virtual_mailbox_reject_code = 550

unverified_recipient_reject_code = 450

unverified_sender_reject_code = 450

verp_delimiter_filter = -=+

virtual_alias_domains = *,*,*,*,*

virtual_alias_expansion_limit = 1000

virtual_alias_maps = hash:/etc/mail/virtual

virtual_alias_recursion_limit = 1000

virtual_destination_concurrency_limit = $default_destination_concurrency_limit

virtual_destination_recipient_limit = $default_destination_recipient_limit

virtual_gid_maps =

virtual_mailbox_base =

virtual_mailbox_domains = $virtual_mailbox_maps

virtual_mailbox_limit = 51200000

virtual_mailbox_lock = fcntl

virtual_mailbox_maps =

virtual_minimum_uid = 100

virtual_transport = virtual

virtual_uid_maps =

----------

## ba

а строчку убираешь и оно снова начинает работать? покажи тогда еще master.cf

----------

## deval

Нет меняешь на :

content_filter = scan:127.0.0.1:10025

и начинает работать

А master.cf:

smtp      inet  n       -       n       -       -       smtpd

pickup    fifo  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

#qmgr     fifo  n       -       n       300     1       oqmgr

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

smtp      unix  -       -       n       -       -       smtp

relay     unix  -       -       n       -       -       smtp

        -o fallback_relay=

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

discard   unix  -       -       n       -       -       discard

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

scache    unix  -       -       n       -       1       scache

maildrop  unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

old-cyrus unix  -       n       n       -       -       pipe

  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

cyrus     unix  -       n       n       -       -       pipe

  flags=hu user=cyrus argv=/usr/lib/cyrus/deliver -e -r ${sender} -m ${extension} ${user}

uucp      unix  -       n       n       -       -       pipe

  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail    unix  -       n       n       -       -       pipe

  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp     unix  -       n       n       -       -       pipe

  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

# AV scan filter (used by content_filter)

#scan      unix  -       -       n       -       16      smtp

#        -o smtp_send_xforward_command=yes

# For injecting mail back into postfix from the filter

#127.0.0.1:10026 inet  n -       n       -       16      smtpd

#       -o content_filter=

#       -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

#       -o smtpd_helo_restrictions=

#       -o smtpd_client_restrictions=

#       -o smtpd_sender_restrictions=

#       -o smtpd_recipient_restrictions=permit_mynetworks,reject

#       -o mynetworks_style=host

#       -o smtpd_authorized_xforward_hosts=127.0.0.0/8

smtp-amavis     unix -        -       n     -       2  smtp

  -o smtp_data_done_timeout=1200

  -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n        -       n     -       -  smtpd

   -o content_filter=

   -o local_recipient_maps=

   -o relay_recipient_maps=

   -o smtpd_restriction_classes=

   -o smtpd_client_restrictions=

   -o smtpd_helo_restrictions=

   -o smtpd_sender_restrictions=

   -o smtpd_recipient_restrictions=permit_mynetworks,reject

   -o mynetworks=127.0.0.0/8

   -o strict_rfc821_envelopes=yes

   -o smtpd_error_sleep_time=0

   -o smtpd_soft_error_limit=1001

   -o smtpd_hard_error_limit=1000

----------

## ba

а $forward_method чему равен в конфиге амависа?

----------

## deval

$forward_method = 'smtp:[127.0.0.1]:10025';

----------

## ba

тогда странно... с аналогичными насткойками, только lmtp вместо smtp для отправки в амавис у меня работали virtual_alias_maps-ы...

а в логе что?

----------

## deval

Sep  9 13:03:17 troll postfix/local[6131]: 6E9A894051: to=<rezume@*.com>, relay=local, delay=1, status=bounced (unknown user: "rezume")

----------

## ba

 *deval wrote:*   

> Sep  9 13:03:17 troll postfix/local[6131]: 6E9A894051: to=<rezume@*.com>, relay=local, delay=1, status=bounced (unknown user: "rezume")

 

а вот это *.com точно присутствует в virtual_alias_domains и не присутствует в mydestination(не равно mydomain)? просто судя по всему постфикс посчитал это *.com локальным доменом и сделал для адреса проверку по local_recipient_maps до лукапа по virtual_alias_domains...

а вообще не помешал бы полный лог прохождения письма, включая амавис+лог когда это все пущено мимо амависа и работает...

----------

