# fetchmail -> procmail -> amavis can it be done?

## Adamal

Right now I have a home mail server with the following setup:

fetchmail -> procmail -> spam assasin -> IMAP -> Squirrelmail.

Now I want to add antivirus support.  One tool that I thought might work is amavis, unfortunatly I cannot find a way to configure amavis with procmail.  How do you configure amavis from .procmailrc?

If there is a better program could you suggest that as well.  Thanks

----------

## Adamal

Anyone?

----------

## BlinkEye

have you achieved a crontab entry which works? 

```
*/2 * * * * /usr/bin/fetchmail -a -s -m "/usr/bin/procmail -d \%T"
```

doesn't work.

concerning your question, are you still interested?

----------

## Buzzz

I currently have the following setup:

postfix -> amavis -> procmail

The key to this is setting the following parameter in /etc/postfix/main.cf:

mailbox_command = /usr/bin/procmail

This means that after postfix receives the mail, it will use procmail to deliver it to the maildirs. I then use the following cronjob:

*/30 * * * * /usr/bin/fetchmail

This means that fetchmail will deliver the mail on port 25 to postfix, postfix will then invoke amavis and then deliver the mail with procmail.

----------

## BlinkEye

this is exactly the setup i have. i used your crontab entry which works but procmail still doesn't filter the mails! i don't know where the bug is - is there any way of testing procmail if it does something? my logfile remains empty (it wasn't this way once) - so i guess the hole thing has something to do with amavisd-new. i had to comment a line which everyone seems to have:

```
content_filter = smtp:[127.0.0.1]:10024
```

may this be the reason? i'm somehow lost in where the mails currently go.

----------

## Buzzz

Do your email logs show something like this?

```

Jun  3 13:00:16 [postfix/lmtp] 676065B01E: to=<username@localhost>, orig_to=<username@localhost>, relay=127.0.0.1[127.0.0.1], delay=2, status=sent (250 2.6.0 Ok, id=05243-07, from MTA: 250 Ok: queued as EC3AA60B01)

Jun  3 13:00:16 [postfix/local] EC3AA60B01: to=<username@localhost>, relay=local, delay=1, status=sent ("|/usr/bin/procmail")

```

If you see this, at least you know that procmail is called by postfix.

I have the following line at the end of /etc/postfix/main.cf:

```

content_filter=smtp-amavis:[127.0.0.1]:10024

```

And I added the following to /etc/postfix/master.cf:

```

smtp-amavis unix -      -       n       -       2       lmtp

    -o smtp_data_done_timeout=1200

    -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet   n       -       n       -    -   smtpd

    -o content_filter=

    -o local_recipient_maps=

    -o relay_recipient_maps=

    -o smtpd_restriction_classes=

    -o smtpd_client_restrictions=

    -o smtpd_helo_restrictions=

    -o smtpd_sender_restrictions=

    -o smtpd_recipient_restrictions=permit_mynetworks,reject

    -o mynetworks=127.0.0.0/8

    -o strict_rfc821_envelopes=yes

    -o smtpd_error_sleep_time=0

    -o smtpd_soft_error_limit=1001

    -o smtpd_hard_error_limit=1000

```

I my case the email goes like this when it is received:

- fetchmail delivers on port 25 to postfix

- postfix send the mail to amavis running at port 10024

- amavis returns the mail to postfix at port 10025

- postfix delivers the mail to procmail

- procmail puts mail into the maildir

----------

## BlinkEye

i'm struggling with this issue since a long time and for many hours. thank you for your precise answer. i just tried your settings and the line you have in the main.cf files doesn't give me any errors - altough the mail isn't delievered but somehow qeued. could you please post your hole master.cf? i guess i messed up there somwhere. i think i just added the following line:

```
smtp      inet  n       -       n       -       -       smtpd

      -o content_filter=smtp-amavis:[127.0.0.1]:10024

smtp-amavis unix  -       -       n       -       2       smtp

     -o smtp_data_done_timeout=1200

     -o disable_dns_lookups=yes

127.0.0.1:10025 inet n  -       n       -       -       smtpd

     -o local_recipient_maps=

     -o smtpd_restriction_classes=

     -o smtpd_client_restrictions=

     -o smtpd_helo_restrictions=

     -o smtpd_sender_restrictions=

     -o smtpd_recipient_restrictions=permit_mynetworks,reject

     -o strict_rfc821_enevlopes=yes
```

with your master.cf file i get this from my logs if sending a mail:

```
Jun  3 19:13:47 blinkeye postfix/postfix-script: refreshing the Postfix mail system

Jun  3 19:13:47 blinkeye postfix/master[21961]: reload configuration

Jun  3 19:14:19 blinkeye postfix/smtpd[22601]: connect from unknown[10.10.10.23]

Jun  3 19:14:20 blinkeye postfix/smtpd[22601]: 1FE521170C2: client=unknown[10.10.10.23]

Jun  3 19:14:20 blinkeye postfix/cleanup[22603]: 1FE521170C2: message-id=<1086282920.10556.13.camel@X40>

Jun  3 19:14:20 blinkeye postfix/qmgr[22579]: 1FE521170C2: from=<cerberos@blinkeye.dyndns.org>, size=513, nrcpt=1 (queue active)

Jun  3 19:14:20 blinkeye postfix/smtpd[22601]: disconnect from unknown[10.10.10.23]

Jun  3 19:14:20 blinkeye amavis[22471]: (22471-05) ESMTP::10024 /var/run/amavis/amavis-20040603T191052-22471: <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org> Received: SIZE=513 from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22471-05 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:20 +0200 (CEST)

Jun  3 19:14:20 blinkeye amavis[22471]: (22471-05) Checking: <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>

Jun  3 19:14:20 blinkeye amavis[22471]: (22471-05) cached e1c06d85ae7b8b032bef47e42e4c08f9 from <cerberos@blinkeye.dyndns.org> (1,1,0)

Jun  3 19:14:41 blinkeye amavis[22471]: (22471-05) spam_scan: hits=0 tests=

Jun  3 19:14:41 blinkeye amavis[22471]: (22471-05) SPAM-TAG, <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>, No, hits=0.0 tagged_above=0.0 required=5.0 tests=

Jun  3 19:14:41 blinkeye amavis[22471]: (22471-05) FWD via SMTP: [127.0.0.1]:10025 <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>

Jun  3 19:14:41 blinkeye postfix/smtpd[22610]: connect from unknown[127.0.0.1]

Jun  3 19:14:41 blinkeye postfix/smtpd[22610]: D976A1170C4: client=unknown[127.0.0.1]

Jun  3 19:14:41 blinkeye postfix/cleanup[22603]: D976A1170C4: message-id=<1086282920.10556.13.camel@X40>

Jun  3 19:14:42 blinkeye postfix/smtpd[22610]: disconnect from unknown[127.0.0.1]

Jun  3 19:14:42 blinkeye amavis[22471]: (22471-05) Passed, <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>, Message-ID: <1086282920.10556.13.camel@X40>, Hits: 0

Jun  3 19:14:42 blinkeye amavis[22471]: (22471-05) TIMING [total 21785 ms] - SMTP EHLO: 3 (0%), SMTP pre-MAIL: 1 (0%), SMTP pre-DATA-flush: 5 (0%), SMTP DATA: 36 (0%), body hash: 1 (0%), SA msg read: 6 (0%), SA parse: 2 (0%), SA check: 21481 (99%), mime_decode: 19 (0%), fwd-connect: 33 (0%), fwd-mail-from: 3 (0%), fwd-rcpt-to: 3 (0%), write-header: 6 (0%), fwd-data: 0 (0%), fwd-data-end: 174 (1%), fwd-rundown: 3 (0%), unlink-1-files: 7 (0%), rundown: 1 (0%)

Jun  3 19:14:42 blinkeye postfix/qmgr[22579]: D976A1170C4: from=<cerberos@blinkeye.dyndns.org>, size=1074, nrcpt=1 (queue active)

Jun  3 19:14:42 blinkeye postfix/smtp[22605]: 1FE521170C2: to=<cerberos@blinkeye.dyndns.org>, relay=127.0.0.1[127.0.0.1], delay=22, status=sent (250 2.6.0 Ok, id=22471-05, from MTA: 250 Ok: queued as D976A1170C4)

Jun  3 19:14:42 blinkeye amavis[22399]: (22399-06) ESMTP::10024 /var/run/amavis/amavis-20040603T190910-22399: <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org> Received: SIZE=1074 from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22399-06 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:42 +0200 (CEST)

Jun  3 19:14:42 blinkeye amavis[22399]: (22399-06) Checking: <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>

Jun  3 19:14:42 blinkeye amavis[22399]: (22399-06) cached e1c06d85ae7b8b032bef47e42e4c08f9 from <cerberos@blinkeye.dyndns.org> (1,1,0)

Jun  3 19:14:44 blinkeye amavis[22399]: (22399-06) spam_scan: hits=0 tests=

Jun  3 19:14:44 blinkeye amavis[22399]: (22399-06) SPAM-TAG, <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>, No, hits=0.0 tagged_above=0.0 required=5.0 tests=

Jun  3 19:14:44 blinkeye amavis[22399]: (22399-06) FWD via SMTP: [127.0.0.1]:10025 <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>

Jun  3 19:14:44 blinkeye postfix/smtpd[22610]: connect from unknown[127.0.0.1]

Jun  3 19:14:44 blinkeye postfix/smtpd[22610]: 4A6291170C2: client=unknown[127.0.0.1]

Jun  3 19:14:44 blinkeye postfix/cleanup[22603]: 4A6291170C2: message-id=<1086282920.10556.13.camel@X40>

Jun  3 19:14:44 blinkeye postfix/smtpd[22610]: disconnect from unknown[127.0.0.1]

Jun  3 19:14:44 blinkeye amavis[22399]: (22399-06) Passed, <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>, Message-ID: <1086282920.10556.13.camel@X40>, Hits: 0

Jun  3 19:14:44 blinkeye amavis[22399]: (22399-06) TIMING [total 2419 ms] - SMTP EHLO: 3 (0%), SMTP pre-MAIL: 1 (0%), SMTP pre-DATA-flush: 5 (0%), SMTP DATA: 37 (2%), body hash: 1 (0%), SA msg read: 7 (0%), SA parse: 3 (0%), SA check: 2099 (87%), mime_decode: 21 (1%), fwd-connect: 13 (1%), fwd-mail-from: 3 (0%), fwd-rcpt-to: 2 (0%), write-header: 7 (0%), fwd-data: 0 (0%), fwd-data-end: 207 (9%), fwd-rundown: 3 (0%), unlink-1-files: 7 (0%), rundown: 1 (0%)

Jun  3 19:14:44 blinkeye postfix/qmgr[22579]: 4A6291170C2: from=<cerberos@blinkeye.dyndns.org>, size=1635, nrcpt=1 (queue active)

Jun  3 19:14:44 blinkeye postfix/smtp[22611]: D976A1170C4: to=<cerberos@blinkeye.dyndns.org>, relay=127.0.0.1[127.0.0.1], delay=3, status=sent (250 2.6.0 Ok, id=22399-06, from MTA: 250 Ok: queued as 4A6291170C2)

Jun  3 19:14:44 blinkeye amavis[22471]: (22471-06) ESMTP::10024 /var/run/amavis/amavis-20040603T191052-22471: <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org> Received: SIZE=1635 from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22471-06 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:44 +0200 (CEST)

Jun  3 19:14:44 blinkeye amavis[22471]: (22471-06) Checking: <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>

Jun  3 19:14:44 blinkeye amavis[22471]: (22471-06) cached e1c06d85ae7b8b032bef47e42e4c08f9 from <cerberos@blinkeye.dyndns.org> (1,1,0)

Jun  3 19:14:56 blinkeye amavis[22471]: (22471-06) spam_scan: hits=0 tests=

Jun  3 19:14:56 blinkeye amavis[22471]: (22471-06) SPAM-TAG, <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>, No, hits=0.0 tagged_above=0.0 required=5.0 tests=

Jun  3 19:14:56 blinkeye amavis[22471]: (22471-06) FWD via SMTP: [127.0.0.1]:10025 <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>

Jun  3 19:14:56 blinkeye postfix/smtpd[22610]: connect from unknown[127.0.0.1]

Jun  3 19:14:56 blinkeye postfix/smtpd[22610]: 864651170C4: client=unknown[127.0.0.1]

Jun  3 19:14:56 blinkeye postfix/cleanup[22603]: 864651170C4: message-id=<1086282920.10556.13.camel@X40>

Jun  3 19:14:56 blinkeye postfix/qmgr[22579]: 864651170C4: from=<cerberos@blinkeye.dyndns.org>, size=2196, nrcpt=1 (queue active)

Jun  3 19:14:56 blinkeye amavis[22399]: (22399-07) ESMTP::10024 /var/run/amavis/amavis-20040603T190910-22399: <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org> Received: SIZE=2196 from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22399-07 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:56 +0200 (CEST)

Jun  3 19:14:56 blinkeye postfix/smtpd[22610]: disconnect from unknown[127.0.0.1]

Jun  3 19:14:56 blinkeye amavis[22471]: (22471-06) Passed, <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>, Message-ID: <1086282920.10556.13.camel@X40>, Hits: 0

Jun  3 19:14:56 blinkeye amavis[22471]: (22471-06) TIMING [total 12237 ms] - SMTP EHLO: 3 (0%), SMTP pre-MAIL: 1 (0%), SMTP pre-DATA-flush: 5 (0%), SMTP DATA: 37 (0%), body hash: 1 (0%), SA msg read: 8 (0%), SA parse: 4 (0%), SA check: 11910 (97%), mime_decode: 24 (0%), fwd-connect: 13 (0%), fwd-mail-from: 3 (0%), fwd-rcpt-to: 2 (0%), write-header: 9 (0%), fwd-data: 0 (0%), fwd-data-end: 206 (2%), fwd-rundown: 3 (0%), unlink-1-files: 7 (0%), rundown: 1 (0%)

Jun  3 19:14:56 blinkeye postfix/smtp[22605]: 4A6291170C2: to=<cerberos@blinkeye.dyndns.org>, relay=127.0.0.1[127.0.0.1], delay=12, status=sent (250 2.6.0 Ok, id=22471-06, from MTA: 250 Ok: queued as 864651170C4)

Jun  3 19:14:56 blinkeye amavis[22399]: (22399-07) Checking: <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>

Jun  3 19:14:56 blinkeye amavis[22399]: (22399-07) cached e1c06d85ae7b8b032bef47e42e4c08f9 from <cerberos@blinkeye.dyndns.org> (1,1,0)

...

```

looks to me like a loop. 

mail header: 

```
   Return-Path:  <cerberos@blinkeye.dyndns.org>

X-Original-To:  cerberos@blinkeye.dyndns.org

Delivered-To:  cerberos@blinkeye.dyndns.org

Received:  from localhost (unknown [127.0.0.1]) by mail.blinkeye.dyndns.org (Postfix) with ESMTP id C8CB11170C6 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:17:29 +0200 (CEST)

Received:  from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22684-02 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:17:09 +0200 (CEST)

Received:  from localhost (unknown [127.0.0.1]) by mail.blinkeye.dyndns.org (Postfix) with ESMTP id C69781170BC for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:17:08 +0200 (CEST)

Received:  from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22684-01 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:16:52 +0200 (CEST)

Received:  from localhost (unknown [127.0.0.1]) by mail.blinkeye.dyndns.org (Postfix) with ESMTP id B97361170C7 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:16:51 +0200 (CEST)

Received:  from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22399-10 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:16:44 +0200 (CEST)

Received:  from localhost (unknown [127.0.0.1]) by mail.blinkeye.dyndns.org (Postfix) with ESMTP id 0A9511170C9 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:16:44 +0200 (CEST)

Received:  from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22399-09 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:16:02 +0200 (CEST)

Received:  from localhost (unknown [127.0.0.1]) by mail.blinkeye.dyndns.org (Postfix) with ESMTP id E39AF1170C6 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:16:01 +0200 (CEST)

Received:  from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22471-08 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:15:44 +0200 (CEST)

Received:  from localhost (unknown [127.0.0.1]) by mail.blinkeye.dyndns.org (Postfix) with ESMTP id 7DB791170C2 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:15:44 +0200 (CEST)

Received:  from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22399-08 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:15:24 +0200 (CEST)

Received:  from localhost (unknown [127.0.0.1]) by mail.blinkeye.dyndns.org (Postfix) with ESMTP id 2687B1170C4 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:15:24 +0200 (CEST)

Received:  from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22471-07 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:59 +0200 (CEST)

Received:  from localhost (unknown [127.0.0.1]) by mail.blinkeye.dyndns.org (Postfix) with ESMTP id D20AC1170C2 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:58 +0200 (CEST)

Received:  from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22399-07 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:56 +0200 (CEST)

Received:  from localhost (unknown [127.0.0.1]) by mail.blinkeye.dyndns.org (Postfix) with ESMTP id 864651170C4 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:56 +0200 (CEST)

Received:  from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22471-06 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:44 +0200 (CEST)

Received:  from localhost (unknown [127.0.0.1]) by mail.blinkeye.dyndns.org (Postfix) with ESMTP id 4A6291170C2 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:44 +0200 (CEST)

Received:  from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22399-06 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:42 +0200 (CEST)

Received:  from localhost (unknown [127.0.0.1]) by mail.blinkeye.dyndns.org (Postfix) with ESMTP id D976A1170C4 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:41 +0200 (CEST)

Received:  from mail.blinkeye.dyndns.org ([127.0.0.1]) by localhost (blinkeye.dyndsn.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22471-05 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:20 +0200 (CEST)

Received:  from [10.10.10.23] (unknown [10.10.10.23]) by mail.blinkeye.dyndns.org (Postfix) with ESMTP id 1FE521170C2 for <cerberos@blinkeye.dyndns.org>; Thu,  3 Jun 2004 19:14:20 +0200 (CEST)
```

i'm getting the mail as soon as i remove 

```
content_filter=smtp-amavis:[127.0.0.1]:10024
```

from the main.cf file.

without this line i get the following from my logs:

```
Jun  3 19:17:30 blinkeye amavis[22684]: (22684-02) Passed, <cerberos@blinkeye.dyndns.org> -> <cerberos@blinkeye.dyndns.org>, Message-ID: <1086282920.10556.13.camel@X40>, Hits: 0

Jun  3 19:17:30 blinkeye amavis[22684]: (22684-02) TIMING [total 20871 ms] - SMTP EHLO: 3 (0%), SMTP pre-MAIL: 1 (0%), SMTP pre-DATA-flush: 5 (0%), SMTP DATA: 77 (0%), body hash: 2 (0%), SA msg read: 17 (0%), SA parse: 8 (0%), SA check: 20494 (98%), mime_decode: 42 (0%), fwd-connect: 13 (0%), fwd-mail-from: 3 (0%), fwd-rcpt-to: 3 (0%), write-header: 23 (0%), fwd-data: 0 (0%), fwd-data-end: 164 (1%), fwd-rundown: 3 (0%), unlink-1-files: 11 (0%), rundown: 1 (0%)

Jun  3 19:17:30 blinkeye postfix/smtp[22721]: C69781170BC: to=<cerberos@blinkeye.dyndns.org>, relay=127.0.0.1[127.0.0.1], delay=22, status=sent (250 2.6.0 Ok, id=22684-02, from MTA: 250 Ok: queued as C8CB11170C6)

Jun  3 19:17:30 blinkeye postfix/local[22724]: C8CB11170C6: to=<cerberos@blinkeye.dyndns.org>, relay=local, delay=1, status=sent ("|/usr/bin/procmail")
```

nevertheless procmail doesn't filter my mails. but i guess this has something to do with the main.cf configuration

----------

## DefconAlpha

does amavis support output to stdout? if it is anything like spamassassin you could just add another rule to the /etc/procmailrc file and it would filter it for you...

I'm not too familiar with amavis so i'm not exactly sure...

----------

## Buzzz

I'm currently at my parents house this weekend, but i'll look into it on monday. I see from the logs that procmail is called by postfix, so I find it really strange that it doesn't filter the mail. 

When I'm at home again, I'll post my configuration files here (or I could send them by email if you wish)

----------

## Buzzz

These are my relevant config files (I filled in your dyndns address, but check whether the allowed ip addresses are correct):

/etc/postfix/main.cf

```

# Global Postfix configuration file. This file lists only a subset

# of all 300+ parameters. See the sample-xxx.cf files for a full list.

# 

# The general format is lines with parameter = value pairs. Lines

# that begin with whitespace continue the previous line. A value can

# contain references to other $names or ${name}s.

#

# NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF

# POSTFIX STILL WORKS AFTER EVERY CHANGE.

# SOFT BOUNCE

#

# The soft_bounce parameter provides a limited safety net for

# testing.  When soft_bounce is enabled, mail will remain queued that

# would otherwise bounce. This parameter disables locally-generated

# bounces, and prevents the SMTP server from rejecting mail permanently

# (by changing 5xx replies into 4xx replies). However, soft_bounce

# is no cure for address rewriting mistakes or mail routing mistakes.

#

#soft_bounce = no

# LOCAL PATHNAME INFORMATION

#

# The queue_directory specifies the location of the Postfix queue.

# This is also the root directory of Postfix daemons that run chrooted.

# See the files in examples/chroot-setup for setting up Postfix chroot

# environments on different UNIX systems.

#

queue_directory = /var/spool/postfix

# The command_directory parameter specifies the location of all

# postXXX commands.

#

command_directory = /usr/sbin

# The daemon_directory parameter specifies the location of all Postfix

# daemon programs (i.e. programs listed in the master.cf file). This

# directory must be owned by root.

#

daemon_directory = /usr/lib/postfix

# QUEUE AND PROCESS OWNERSHIP

#

# The mail_owner parameter specifies the owner of the Postfix queue

# and of most Postfix daemon processes.  Specify the name of a user

# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS

# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In

# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED

# USER.

#

mail_owner = postfix

# The default_privs parameter specifies the default rights used by

# the local delivery agent for delivery to external file or command.

# These rights are used in the absence of a recipient user context.

# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.

#

#default_privs = nobody

# INTERNET HOST AND DOMAIN NAMES

# 

# The myhostname parameter specifies the internet hostname of this

# mail system. The default is to use the fully-qualified domain name

# from gethostname(). $myhostname is used as a default value for many

# other configuration parameters.

#

myhostname = blinkeye.dyndns.org

#myhostname = virtual.domain.tld

# The mydomain parameter specifies the local internet domain name.

# The default is to use $myhostname minus the first component.

# $mydomain is used as a default value for many other configuration

# parameters.

#

#mydomain = domain.tld

# SENDING MAIL

# 

# The myorigin parameter specifies the domain that locally-posted

# mail appears to come from. The default is to append $myhostname,

# which is fine for small sites.  If you run a domain with multiple

# machines, you should (1) change this to $mydomain and (2) set up

# a domain-wide alias database that aliases each user to

# user@that.users.mailhost.

#

# For the sake of consistency between sender and recipient addresses,

# myorigin also specifies the default domain name that is appended

# to recipient addresses that have no @domain part.

#

myorigin = $myhostname

#myorigin = $mydomain

# RECEIVING MAIL

# The inet_interfaces parameter specifies the network interface

# addresses that this mail system receives mail on.  By default,

# the software claims all active interfaces on the machine. The

# parameter also controls delivery of mail to user@[ip.address].

#

# See also the proxy_interfaces parameter, for network addresses that

# are forwarded to us via a proxy or network address translator.

#

# Note: you need to stop/start Postfix when this parameter changes.

#

#inet_interfaces = all

#inet_interfaces = $myhostname

#inet_interfaces = $myhostname, localhost

# The proxy_interfaces parameter specifies the network interface

# addresses that this mail system receives mail on by way of a

# proxy or network address translation unit. This setting extends

# the address list specified with the inet_interfaces parameter.

#

# You must specify your proxy/NAT addresses when your system is a

# backup MX host for other domains, otherwise mail delivery loops

# will happen when the primary MX host is down.

#

#proxy_interfaces =

#proxy_interfaces = 1.2.3.4

# The mydestination parameter specifies the list of domains that this

# machine considers itself the final destination for.

#

# These domains are routed to the delivery agent specified with the

# local_transport parameter setting. By default, that is the UNIX

# compatible delivery agent that lookups all recipients in /etc/passwd

# and /etc/aliases or their equivalent.

#

# The default is $myhostname + localhost.$mydomain.  On a mail domain

# gateway, you should also include $mydomain.

#

# Do not specify the names of virtual domains - those domains are

# specified elsewhere (see sample-virtual.cf).

#

# Do not specify the names of domains that this machine is backup MX

# host for. Specify those names via the relay_domains settings for

# the SMTP server, or use permit_mx_backup if you are lazy (see

# sample-smtpd.cf).

#

# The local machine is always the final destination for mail addressed

# to user@[the.net.work.address] of an interface that the mail system

# receives mail on (see the inet_interfaces parameter).

#

# Specify a list of host or domain names, /file/name or type:table

# patterns, separated by commas and/or whitespace. A /file/name

# pattern is replaced by its contents; a type:table is matched when

# a name matches a lookup key (the right-hand side is ignored).

# Continue long lines by starting the next line with whitespace.

#

# DO NOT LIST RELAY DESTINATIONS IN MYDESTINATION.

# SPECIFY RELAY DESTINATIONS IN RELAY_DOMAINS.

#

# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".

#

#mydestination = $myhostname

mydestination = $myhostname, localhost.$mydomain $mydomain

#mydestination = $myhostname, localhost.$mydomain, $mydomain,

#   mail.$mydomain, www.$mydomain, ftp.$mydomain

# REJECTING MAIL FOR UNKNOWN LOCAL USERS

#

# The local_recipient_maps parameter specifies optional lookup tables

# with all names or addresses of users that are local with respect

# to $mydestination and $inet_interfaces.

#

# If this parameter is defined, then the SMTP server will reject

# mail for unknown local users. This parameter is defined by default.

#

# To turn off local recipient checking in the SMTP server, specify

# local_recipient_maps = (i.e. empty).

#

# The default setting assumes that you use the default Postfix local

# delivery agent for local delivery. You need to update the

# local_recipient_maps setting if:

#

# - You define $mydestination domain recipients in files other than

#   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.

#   For example, you define $mydestination domain recipients in    

#   the $virtual_mailbox_maps files.

#

# - You redefine the local delivery agent in master.cf.

#

# - You redefine the "local_transport" setting in main.cf.

#

# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"

#   feature of the Postfix local delivery agent (see sample-local.cf).

#

# Details are described in the LOCAL_RECIPIENT_README file.

#

# Beware: if the Postfix SMTP server runs chrooted, you probably have

# to access the passwd file via the proxymap service, in order to

# overcome chroot restrictions. The alternative, having a copy of

# the system passwd file in the chroot jail is just not practical.

#

# The right-hand side of the lookup tables is conveniently ignored.

# In the left-hand side, specify a bare username, an @domain.tld

# wild-card, or specify a user@domain.tld address.

# 

#local_recipient_maps = unix:passwd.byname $alias_maps

#local_recipient_maps = proxy:unix:passwd.byname $alias_maps

#local_recipient_maps =

# The unknown_local_recipient_reject_code specifies the SMTP server

# response code when a recipient domain matches $mydestination or

# $inet_interfaces, while $local_recipient_maps is non-empty and the

# recipient address or address local-part is not found.

#

# The default setting is 550 (reject mail) but it is safer to start

# with 450 (try again later) until you are certain that your

# local_recipient_maps settings are OK.

#

unknown_local_recipient_reject_code = 550

#unknown_local_recipient_reject_code = 450

# TRUST AND RELAY CONTROL

# The mynetworks parameter specifies the list of "trusted" SMTP

# clients that have more privileges than "strangers".

#

# In particular, "trusted" SMTP clients are allowed to relay mail

# through Postfix.  See the smtpd_recipient_restrictions parameter

# in file sample-smtpd.cf.

#

# You can specify the list of "trusted" network addresses by hand

# or you can let Postfix do it for you (which is the default).

#

# By default (mynetworks_style = subnet), Postfix "trusts" SMTP

# clients in the same IP subnetworks as the local machine.

# On Linux, this does works correctly only with interfaces specified

# with the "ifconfig" command.

# 

# Specify "mynetworks_style = class" when Postfix should "trust" SMTP

# clients in the same IP class A/B/C networks as the local machine.

# Don't do this with a dialup site - it would cause Postfix to "trust"

# your entire provider's network.  Instead, specify an explicit

# mynetworks list by hand, as described below.

#  

# Specify "mynetworks_style = host" when Postfix should "trust"

# only the local machine.

# 

#mynetworks_style = class

#mynetworks_style = subnet

#mynetworks_style = host

# Alternatively, you can specify the mynetworks list by hand, in

# which case Postfix ignores the mynetworks_style setting.

#

# Specify an explicit list of network/netmask patterns, where the

# mask specifies the number of bits in the network part of a host

# address.

#

# You can also specify the absolute pathname of a pattern file instead

# of listing the patterns here. Specify type:table for table-based lookups

# (the value on the table right-hand side is not used).

#

mynetworks = 127.0.0.0/8, 192.168.0.0/16

#mynetworks = $config_directory/mynetworks

#mynetworks = hash:/etc/postfix/network_table

# The relay_domains parameter restricts what destinations this system will

# relay mail to.  See the smtpd_recipient_restrictions restriction in the

# file sample-smtpd.cf for detailed information.

#

# By default, Postfix relays mail

# - from "trusted" clients (IP address matches $mynetworks) to any destination,

# - from "untrusted" clients to destinations that match $relay_domains or

#   subdomains thereof, except addresses with sender-specified routing.

# The default relay_domains value is $mydestination.

# 

# In addition to the above, the Postfix SMTP server by default accepts mail

# that Postfix is final destination for:

# - destinations that match $inet_interfaces,

# - destinations that match $mydestination

# - destinations that match $virtual_alias_domains,

# - destinations that match $virtual_mailbox_domains.

# These destinations do not need to be listed in $relay_domains.

# 

# Specify a list of hosts or domains, /file/name patterns or type:name

# lookup tables, separated by commas and/or whitespace.  Continue

# long lines by starting the next line with whitespace. A file name

# is replaced by its contents; a type:name table is matched when a

# (parent) domain appears as lookup key.

#

# NOTE: Postfix will not automatically forward mail for domains that

# list this system as their primary or backup MX host. See the

# permit_mx_backup restriction in the file sample-smtpd.cf.

#

#relay_domains = $mydestination

# INTERNET OR INTRANET

# The relayhost parameter specifies the default host to send mail to

# when no entry is matched in the optional transport(5) table. When

# no relayhost is given, mail is routed directly to the destination.

#

# On an intranet, specify the organizational domain name. If your

# internal DNS uses no MX records, specify the name of the intranet

# gateway host instead.

#

# In the case of SMTP, specify a domain, host, host:port, [host]:port,

# [address] or [address]:port; the form [host] turns off MX lookups.

#

# If you're connected via UUCP, see also the default_transport parameter.

#

#relayhost = $mydomain

relayhost = smtp.provider.com

#relayhost = uucphost

#relayhost = [an.ip.add.ress]

# REJECTING UNKNOWN RELAY USERS

#

# The relay_recipient_maps parameter specifies optional lookup tables

# with all addresses in the domains that match $relay_domains.

#

# If this parameter is defined, then the SMTP server will reject

# mail for unknown relay users. This feature is off by default.

#

# The right-hand side of the lookup tables is conveniently ignored.

# In the left-hand side, specify an @domain.tld wild-card, or specify

# a user@domain.tld address.

# 

#relay_recipient_maps = hash:/etc/postfix/relay_recipients

# INPUT RATE CONTROL

#

# The in_flow_delay configuration parameter implements mail input

# flow control. This feature is turned on by default, although it

# still needs further development (it's disabled on SCO UNIX due

# to an SCO bug).

# 

# A Postfix process will pause for $in_flow_delay seconds before

# accepting a new message, when the message arrival rate exceeds the

# message delivery rate. With the default 100 SMTP server process

# limit, this limits the mail inflow to 100 messages a second more

# than the number of messages delivered per second.

# 

# Specify 0 to disable the feature. Valid delays are 0..10.

# 

#in_flow_delay = 1s

# ADDRESS REWRITING

#

# Insert text from sample-rewrite.cf if you need to do address

# masquerading.

#

# Insert text from sample-canonical.cf if you need to do address

# rewriting, or if you need username->Firstname.Lastname mapping.

# ADDRESS REDIRECTION (VIRTUAL DOMAIN)

#

# Insert text from sample-virtual.cf if you need virtual domain support.

# "USER HAS MOVED" BOUNCE MESSAGES

#

# Insert text from sample-relocated.cf if you need "user has moved"

# style bounce messages. Alternatively, you can bounce recipients

# with an SMTP server access table. See sample-smtpd.cf.

# TRANSPORT MAP

#

# Insert text from sample-transport.cf if you need explicit routing.

# ALIAS DATABASE

#

# The alias_maps parameter specifies the list of alias databases used

# by the local delivery agent. The default list is system dependent.

#

# On systems with NIS, the default is to search the local alias

# database, then the NIS alias database. See aliases(5) for syntax

# details.

# 

# If you change the alias database, run "postalias /etc/aliases" (or

# wherever your system stores the mail alias file), or simply run

# "newaliases" to build the necessary DBM or DB file.

#

# It will take a minute or so before changes become visible.  Use

# "postfix reload" to eliminate the delay.

#

#alias_maps = dbm:/etc/aliases

#alias_maps = hash:/etc/aliases

#alias_maps = hash:/etc/aliases, nis:mail.aliases

#alias_maps = netinfo:/aliases

# The alias_database parameter specifies the alias database(s) that

# are built with "newaliases" or "sendmail -bi".  This is a separate

# configuration parameter, because alias_maps (see above) may specify

# tables that are not necessarily all under control by Postfix.

#

#alias_database = dbm:/etc/aliases

#alias_database = dbm:/etc/mail/aliases

#alias_database = hash:/etc/aliases

#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases

# ADDRESS EXTENSIONS (e.g., user+foo)

#

# The recipient_delimiter parameter specifies the separator between

# user names and address extensions (user+foo). See canonical(5),

# local(8), relocated(5) and virtual(5) for the effects this has on

# aliases, canonical, virtual, relocated and .forward file lookups.

# Basically, the software tries user+foo and .forward+foo before

# trying user and .forward.

#

#recipient_delimiter = +

# DELIVERY TO MAILBOX

#

# The home_mailbox parameter specifies the optional pathname of a

# mailbox file relative to a user's home directory. The default

# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify

# "Maildir/" for qmail-style delivery (the / is required).

#

#home_mailbox = Mailbox

home_mailbox = .maildir/

 

# The mail_spool_directory parameter specifies the directory where

# UNIX-style mailboxes are kept. The default setting depends on the

# system type.

#

#mail_spool_directory = /var/mail

#mail_spool_directory = /var/spool/mail

# The mailbox_command parameter specifies the optional external

# command to use instead of mailbox delivery. The command is run as

# the recipient with proper HOME, SHELL and LOGNAME environment settings.

# Exception:  delivery for root is done as $default_user.

#

# Other environment variables of interest: USER (recipient username),

# EXTENSION (address extension), DOMAIN (domain part of address),

# and LOCAL (the address localpart).

#

# Unlike other Postfix configuration parameters, the mailbox_command

# parameter is not subjected to $parameter substitutions. This is to

# make it easier to specify shell syntax (see example below).

#

# Avoid shell meta characters because they will force Postfix to run

# an expensive shell process. Procmail alone is expensive enough.

#

# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN

# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.

#

mailbox_command = /usr/bin/procmail

#mailbox_command = /some/where/procmail -a "$EXTENSION"

# The mailbox_transport specifies the optional transport in master.cf

# to use after processing aliases and .forward files. This parameter

# has precedence over the mailbox_command, fallback_transport and

# luser_relay parameters.

#

# Specify a string of the form transport:nexthop, where transport is

# the name of a mail delivery transport defined in master.cf.  The

# :nexthop part is optional. For more details see the sample transport

# configuration file.

#

# NOTE: if you use this feature for accounts not in the UNIX password

# file, then you must update the "local_recipient_maps" setting in

# the main.cf file, otherwise the SMTP server will reject mail for    

# non-UNIX accounts with "User unknown in local recipient table".

#

#mailbox_transport = lmtp:unix:/file/name

#mailbox_transport = cyrus

# The fallback_transport specifies the optional transport in master.cf

# to use for recipients that are not found in the UNIX passwd database.

# This parameter has precedence over the luser_relay parameter.

#

# Specify a string of the form transport:nexthop, where transport is

# the name of a mail delivery transport defined in master.cf.  The

# :nexthop part is optional. For more details see the sample transport

# configuration file.

#

# NOTE: if you use this feature for accounts not in the UNIX password

# file, then you must update the "local_recipient_maps" setting in

# the main.cf file, otherwise the SMTP server will reject mail for    

# non-UNIX accounts with "User unknown in local recipient table".

#

#fallback_transport = lmtp:unix:/file/name

#fallback_transport = cyrus

#fallback_transport =

# The luser_relay parameter specifies an optional destination address

# for unknown recipients.  By default, mail for unknown@$mydestination

# and unknown@[$inet_interfaces] is returned as undeliverable.

#

# The following expansions are done on luser_relay: $user (recipient

# username), $shell (recipient shell), $home (recipient home directory),

# $recipient (full recipient address), $extension (recipient address

# extension), $domain (recipient domain), $local (entire recipient

# localpart), $recipient_delimiter. Specify ${name?value} or

# ${name:value} to expand value only when $name does (does not) exist.

#

# luser_relay works only for the default Postfix local delivery agent.

#

# NOTE: if you use this feature for accounts not in the UNIX password

# file, then you must specify "local_recipient_maps =" (i.e. empty) in

# the main.cf file, otherwise the SMTP server will reject mail for    

# non-UNIX accounts with "User unknown in local recipient table".

#

#luser_relay = $user@other.host

#luser_relay = $local@other.host

#luser_relay = admin+$local

  

# JUNK MAIL CONTROLS

# 

# The controls listed here are only a very small subset. See the file

# sample-smtpd.cf for an elaborate list of anti-UCE controls.

# The header_checks parameter specifies an optional table with patterns

# that each logical message header is matched against, including

# headers that span multiple physical lines.

#

# By default, these patterns also apply to MIME headers and to the

# headers of attached messages. With older Postfix versions, MIME and

# attached message headers were treated as body text.

#

# For details, see the sample-filter.cf file.

#

#header_checks = regexp:/etc/postfix/header_checks

# FAST ETRN SERVICE

#

# Postfix maintains per-destination logfiles with information about

# deferred mail, so that mail can be flushed quickly with the SMTP

# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".

# 

# By default, Postfix maintains deferred mail logfile information

# only for destinations that Postfix is willing to relay to (as

# specified in the relay_domains parameter). For other destinations,

# Postfix attempts to deliver ALL queued mail after receiving the

# SMTP "ETRN domain.tld" command, or after execution of "sendmail

# -qRdomain.tld". This can be slow when a lot of mail is queued.

# 

# The fast_flush_domains parameter controls what destinations are

# eligible for this "fast ETRN/sendmail -qR" service.

# 

#fast_flush_domains = $relay_domains

#fast_flush_domains =

# SHOW SOFTWARE VERSION OR NOT

#

# The smtpd_banner parameter specifies the text that follows the 220

# code in the SMTP server's greeting banner. Some people like to see

# the mail version advertised. By default, Postfix shows no version.

#

# You MUST specify $myhostname at the start of the text. That is an

# RFC requirement. Postfix itself does not care.

#

#smtpd_banner = $myhostname ESMTP $mail_name

#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

# PARALLEL DELIVERY TO THE SAME DESTINATION

#

# How many parallel deliveries to the same user or domain? With local

# delivery, it does not make sense to do massively parallel delivery

# to the same user, because mailbox updates must happen sequentially,

# and expensive pipelines in .forward files can cause disasters when

# too many are run at the same time. With SMTP deliveries, 10

# simultaneous connections to the same domain could be sufficient to

# raise eyebrows.

# 

# Each message delivery transport has its XXX_destination_concurrency_limit

# parameter.  The default is $default_destination_concurrency_limit for

# most delivery transports. For the local delivery agent the default is 2.

#local_destination_concurrency_limit = 2

#default_destination_concurrency_limit = 20

# DEBUGGING CONTROL

#

# The debug_peer_level parameter specifies the increment in verbose

# logging level when an SMTP client or server host name or address

# matches a pattern in the debug_peer_list parameter.

#

debug_peer_level = 2

# The debug_peer_list parameter specifies an optional list of domain

# or network patterns, /file/name patterns or type:name tables. When

# an SMTP client or server host name or address matches a pattern,

# increase the verbose logging level by the amount specified in the

# debug_peer_level parameter.

#

#debug_peer_list = 127.0.0.1

#debug_peer_list = some.domain

# The debugger_command specifies the external command that is executed

# when a Postfix daemon program is run with the -D option.

#

# Use "command .. & sleep 5" so that the debugger can attach before

# the process marches on. If you use an X-based debugger, be sure to

# set up your XAUTHORITY environment variable before starting Postfix.

#

debugger_command =

    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

    xxgdb $daemon_directory/$process_name $process_id & sleep 5

# If you don't have X installed on the Postfix machine, try:

# debugger_command =

#   PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;

#   echo where) | gdb $daemon_directory/$process_name $process_id 2>&1

#   >$config_directory/$process_name.$process_id.log & sleep 5

# INSTALL-TIME CONFIGURATION INFORMATION

#

# The following parameters are used when installing a new Postfix version.

# 

# sendmail_path: The full pathname of the Postfix sendmail command.

# This is the Sendmail-compatible mail posting interface.

# 

sendmail_path = /usr/sbin/sendmail

# newaliases_path: The full pathname of the Postfix newaliases command.

# This is the Sendmail-compatible command to build alias databases.

#

newaliases_path = /usr/bin/newaliases

# mailq_path: The full pathname of the Postfix mailq command.  This

# is the Sendmail-compatible mail queue listing command.

# 

mailq_path = /usr/bin/mailq

# setgid_group: The group for mail submission and queue management

# commands.  This must be a group name with a numerical group ID that

# is not shared with other accounts, not even with the Postfix account.

#

setgid_group = postdrop

# manpage_directory: The location of the Postfix on-line manual pages.

#

manpage_directory = /usr/share/man

# sample_directory: The location of the Postfix sample configuration files.

#

sample_directory = /usr/share/doc/postfix-2.0.19/sample

# readme_directory: The location of the Postfix README files.

#

readme_directory = /usr/share/doc/postfix-2.0.19/readme

default_destination_concurrency_limit = 2

alias_database = hash:/etc/mail/aliases

local_destination_concurrency_limit = 2

alias_maps = hash:/etc/mail/aliases

home_mailbox = .maildir/

content_filter=smtp-amavis:[127.0.0.1]:10024

```

/etc/postfix/master.cf

```

#

# Postfix master process configuration file.  Each logical line

# describes how a Postfix daemon program should be run.

#

# A logical line starts with non-whitespace, non-comment text. 

# Empty lines and whitespace-only lines are ignored, as are comment

# lines whose first non-whitespace character is a `#'.

# A line that starts with whitespace continues a logical line.

#

# The fields that make up each line are described below. A "-" field

# value requests that a default value be used for that field.

#

# Service: any name that is valid for the specified transport type

# (the next field).  With INET transports, a service is specified as

# host:port.  The host part (and colon) may be omitted. Either host

# or port may be given in symbolic form or in numeric form. Examples

# for the SMTP server:  localhost:smtp receives mail via the loopback

# interface only; 10025 receives mail on port 10025.

#

# Transport type: "inet" for Internet sockets, "unix" for UNIX-domain

# sockets, "fifo" for named pipes.

#

# Private: whether or not access is restricted to the mail system.

# Default is private service.  Internet (inet) sockets can't be private.

#

# Unprivileged: whether the service runs with root privileges or as

# the owner of the Postfix system (the owner name is controlled by the

# mail_owner configuration variable in the main.cf file). Only the

# pipe, virtual and local delivery daemons require privileges.

#

# Chroot: whether or not the service runs chrooted to the mail queue

# directory (pathname is controlled by the queue_directory configuration

# variable in the main.cf file). Presently, all Postfix daemons can run

# chrooted, except for the pipe, virtual and local delivery daemons.

# The proxymap server can run chrooted, but doing so defeats most of

# the purpose of having that service in the first place.

# The files in the examples/chroot-setup subdirectory describe how

# to set up a Postfix chroot environment for your type of machine.

#

# Wakeup time: automatically wake up the named service after the

# specified number of seconds. A ? at the end of the wakeup time

# field requests that wake up events be sent only to services that

# are actually being used.  Specify 0 for no wakeup. Presently, only

# the pickup, queue manager and flush daemons need a wakeup timer.

#

# Max procs: the maximum number of processes that may execute this

# service simultaneously. Default is to use a globally configurable

# limit (the default_process_limit configuration parameter in main.cf).

# Specify 0 for no process count limit.

#

# Command + args: the command to be executed. The command name is

# relative to the Postfix program directory (pathname is controlled by

# the daemon_directory configuration variable). Adding one or more

# -v options turns on verbose logging for that service; adding a -D

# option enables symbolic debugging (see the debugger_command variable

# in the main.cf configuration file). See individual command man pages

# for specific command-line options, if any.

#

# In order to use the "uucp" message tranport below, set up entries

# in the transport table.

#

# In order to use the "cyrus" message transport below, configure it

# in main.cf as the mailbox_transport.

#

# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.

# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.

#

# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.

#

# ==========================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args

#               (yes)   (yes)   (yes)   (never) (100)

# ==========================================================================

#smtp      inet  n       -       n       -       -       smtpd

#smtps     inet   n   -   n   -   -   smtpd

#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

#submission   inet   n   -   n   -   -   smtpd

#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

#628      inet  n       -       n       -       -       qmqpd

#pickup    fifo  n       -       n       60      1       pickup

#cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

#qmgr     fifo  n       -       n       300     1       nqmgr

#tlsmgr     fifo   -   -   n   300   1   tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

smtp      unix  -       -       n       -       -       smtp

relay     unix  -       -       n       -       -       smtp

#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

#

# Interfaces to non-Postfix software. Be sure to examine the manual

# pages of the non-Postfix software to find out what options it wants.

#

# maildrop. See the Postfix MAILDROP_README file for details.

#

maildrop  unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

#

# The Cyrus deliver program has changed incompatibly, multiple times.

#

old-cyrus unix  -       n       n       -       -       pipe

  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

# Cyrus 2.1.5 (Amos Gouaux)

cyrus     unix  -       n       n       -       -       pipe

  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

uucp      unix  -       n       n       -       -       pipe

  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail    unix  -       n       n       -       -       pipe

  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp     unix  -       n       n       -       -       pipe

  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

smtp-amavis unix -      -       n       -       2       lmtp

    -o smtp_data_done_timeout=1200

    -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet   n       -       n       -    -   smtpd

   -o content_filter=

    -o local_recipient_maps=

    -o relay_recipient_maps=

    -o smtpd_restriction_classes=

    -o smtpd_client_restrictions=

    -o smtpd_helo_restrictions=

    -o smtpd_sender_restrictions=

    -o smtpd_recipient_restrictions=permit_mynetworks,reject

    -o mynetworks=127.0.0.0/8

    -o strict_rfc821_envelopes=yes

    -o smtpd_error_sleep_time=0

   -o smtpd_soft_error_limit=1001

   -o smtpd_hard_error_limit=1000

                                     

pre-cleanup  unix n     -       n       -       0       cleanup

        -o virtual_alias_maps=

        -o canonical_maps=

        -o sender_canonical_maps=

        -o recipient_canonical_maps=

        -o masquerade_domains=

cleanup unix    n       -       n       -       0       cleanup

        -o mime_header_checks=

        -o nested_header_checks=

        -o body_checks=

        -o header_checks=

smtp      inet  n       -       n       -       -       smtpd

        -o cleanup_service_name=pre-cleanup

pickup    fifo  n       -       n       60      1       pickup

        -o cleanup_service_name=pre-cleanup

   

```

BTW, I just noticed these lines in your master.cf:

```

smtp      inet  n       -       n       -       -       smtpd 

      -o content_filter=smtp-amavis:[127.0.0.1]:10024 

```

You should remove the content-filter parameter here, you have to specify in main.cf, this could create the mail loop. 

I use a .procmailrc in my home dir for the mail filtering. How do you use procmail?

----------

## BlinkEye

THANKS A LOT, THIS WORKED OUT!

i finally solved this issue. what remains is the inability of procmail to filter my mails. i'll post my config, i MUST have missed somethin (as it worked once!):

```
cat .procmailrc

 VERBOSE=on

 DEFAULT=MAILDIR

 LOGFILE=/home/blinkeye/.procmaillog

 PATH=/usr/bin:/usr/local/bin

 MAILDIR=$HOME/.maildir

 DEFAULT=$HOME/.maildir

 SHELL=/bin/bash

 :0:

 * ^(From|Cc|To) blinkeye.dyndns.org

 /home/cerberos/.maildir/.BlinkEye/

 :0

 * ^To:.*blinkeye.dyndns.org*

 /home/cerberos/.maildir/.BlinkEye/

 :0

 * ^Subject:.procmail*

 .CRON/

```

it's strange i don't get any logs in my .procmaillog any more as i once got a lot of logging...

----------

## Buzzz

I can show you my current procmailrc, it doesn't do much, it only filters the Bugtraq mailing list I'm subscribed to. I don't get any spam on the addresses I use, so not filtering on spam scores (yet)

```

MAILDIR=$HOME/.maildir/

DEFAULT=$MAILDIR

#

## Begin recipes

#

:0

* ^List-Id:.*bugtraq\.list-id\.securityfocus\.com

.Bugtraq/

## All the rest of our email will be delivered to our default INBOX

## so no additional rule is needed

```

----------

## BlinkEye

thank you for helping me out. i found the bug: procmail will not read a .procmailrc in my $HOME directory altough $HOME is set (i don't have any error messages in mail.log):

```
*myuser*@blinkeye pts/130 #echo $HOME

/home/blinkeye
```

 if i put exactly the same rules in /etc/procmailrc my mails get filtered. i'm not satisfied with this solution as i do have several users. the permissions are right (it is owned by root, group users and rw - if it is owned by *myuser* i get 

```
Jun  8 14:56:22 blinkeye procmail[11958]: Suspicious rcfile...
```

so, what's on?

btw: is there any way of filtering existing mails with procmail? it's annyoing of filtering all not yet filtered mail by hand...

----------

## Buzzz

 *BlinkEye wrote:*   

> thank you for helping me out. i found the bug: procmail will not read a .procmailrc in my $HOME directory altough $HOME is set (i don't have any error messages in mail.log):
> 
> ```
> *myuser*@blinkeye pts/130 #echo $HOME
> 
> ...

 

It's really weird that procmail doesn't use your .procmailrc file. You tried the latest version of procmail? And what are the rights on the .procmailrc file? 

The second error probably is because procmail doesn't like it that its global procmailrc file is not owned by root. There is some information on this in the procmail man page.

----------

## BlinkEye

sorry, i didn't explain well enough: 

/etc/procmailrc :

```
#ls -l /etc/procmailrc

-rw-r--r--    1 root     root          815 Jun  8 15:03 /etc/procmailrc
```

/home/*myuser*/.procmailrc

```
ls -l .procmailrc

-rw-r--r--    1 root     root          728 Jun  8 14:47 .procmailrc
```

i've read the manual   :Confused:  and i only see one version of procmail in the portage tree...

----------

## Buzzz

 *BlinkEye wrote:*   

> sorry, i didn't explain well enough: 
> 
> /etc/procmailrc :
> 
> ```
> ...

 

The .procmailrc file in your home dir should be owned by the right user (in your case blinkeye I think)! I think this is a security feature for procmail. 

In case you use a general /etc/procmailrc, procmail tries to run setuid root if it can, but it normally can't in the default Gentoo install, therefore is probably displayes the message about the conspicious config file.

----------

## BlinkEye

with

```
 pts/137# ls -al .procmailrc

-rw-------    1 blinkeye users         728 Jun  8 14:47 .procmailrc

```

or

```
pts/137 ls -al .procmailrc

-rw-------    1 blinkeye root          728 Jun  8 14:47 .procmailrc

```

```
Jun  9 00:46:21 blinkeye procmail[21509]: Suspicious rcfile "/home/blinkeye/.procmailrc"

```

if it is owned by root i don't have any problems. but this isn't the problem. i can chown it to be owned by root. but why isn't my .procmailrc being read?

----------

## Buzzz

Do you currently run the fetchmail daemon or run fetchmail with a cronjob? I run fetchmail with a cronjob each half hour, with my own user. 

So you should log in as blinkeye and then do:

```

crontab -e

```

If this doesn't work, make sure /usr/bin/crontab is setuid root. 

Then I use the following crontab entry:

```

*/30 * * * * /usr/bin/fetchmail > /dev/null

```

This is the way it works overhere

----------

