Notifications
Clear all
Install & Setup
1
Posts
1
Users
0
Reactions
14
Views
Topic starter
06/22/2025 20:51
Dear All,
I am pursuing my experience trying to suceed making work CARBONIO CE behind OPENSENSE with HAPROXY Configure.
I have succeeded HAPROXY configuration sending REAL IP - you can see the logs below I am having issue with getting the mails delivered to my mailboxes
Jun 22 17:58:09 mail postfix/smtpd[4012986]: connect from localhost[127.0.0.1] Jun 22 17:58:09 mail postfix/smtpd[4012986]: disconnect from localhost[127.0.0.1] commands=0/0 Jun 22 17:58:13 mail postfix/smtpd[4012986]: connect from mail-vs1-f46.google.com[209.85.217.46] Jun 22 17:58:13 mail postfix/smtpd[4012986]: discarding EHLO keywords: PIPELINING Jun 22 17:58:13 mail postfix/smtpd[4012986]: Anonymous TLS connection established from mail-vs1-f46.google.com[209.85.217.46]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 Jun 22 17:58:13 mail postfix/smtpd[4012986]: discarding EHLO keywords: PIPELINING Jun 22 17:58:14 mail postfix/smtpd[4012986]: NOQUEUE: filter: RCPT from mail-vs1-f46.google.com[209.85.217.46]: <my.account@gmail.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<my.account@gmail.com> to=<test@mydomain.com> proto=ESMTP helo=<mail-vs1-f46.google.com> Jun 22 17:58:14 mail postfix/smtpd[4012986]: warning: permit_tls_clientcerts is requested, but "smtpd_tls_ask_ccert = no" Jun 22 17:58:14 mail postfix/smtpd[4012986]: NOQUEUE: filter: RCPT from mail-vs1-f46.google.com[209.85.217.46]: <my.account@gmail.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<my.account@gmail.com> to=<test@mydomain.com> proto=ESMTP helo=<mail-vs1-f46.google.com> Jun 22 17:58:14 mail postfix/smtpd[4012986]: 37F991B0825E: client=mail-vs1-f46.google.com[209.85.217.46] Jun 22 17:58:15 mail postfix/cleanup[4013072]: 37F991B0825E: message-id=<CADQSNqQuZ7=DnYQ9aWUyVTHos_82ZNdPkzYi8Ezc9OcLrJ=y_w@mail.gmail.com> Jun 22 17:58:17 mail postfix/qmgr[4011699]: 37F991B0825E: from=<my.account@gmail.com>, size=30116, nrcpt=1 (queue active) Jun 22 17:58:17 mail postfix/smtpd[4012986]: disconnect from mail-vs1-f46.google.com[209.85.217.46] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7 Jun 22 17:58:17 mail postfix/smtpd[4012986]: warning: haproxy read: EOF Jun 22 17:58:17 mail postfix/smtpd[4012986]: connect from localhost[127.0.0.1] Jun 22 17:58:17 mail postfix/smtpd[4012986]: disconnect from localhost[127.0.0.1] commands=0/0 Jun 22 17:58:22 mail postfix/clean10025/smtpd[4013077]: warning: haproxy read: timeout error Jun 22 17:58:22 mail postfix/clean10025/smtpd[4013077]: connect from localhost[127.0.0.1] Jun 22 17:58:22 mail postfix/clean10025/smtpd[4013077]: disconnect from localhost[127.0.0.1] commands=0/0 Jun 22 17:58:22 mail postfix/smtp[4013074]: 37F991B0825E: to=<test@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.6, delays=3.2/0/0/5.4, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 id=3768152-09 - Temporary MTA failure on relaying, From MTA() during fwd-connect (Negative greeting: 421 4.3.0 mail.mydomain.com Server local error): id=3768152-09 (in reply to end of DATA command)) Jun 22 17:58:23 mail postfix/smtpd[4012986]: warning: haproxy read: EOF Jun 22 17:58:23 mail postfix/smtpd[4012986]: connect from localhost[127.0.0.1] Jun 22 17:58:23 mail postfix/smtpd[4012986]: disconnect from localhost[127.0.0.1] commands=0/0 Jun 22 17:58:25 mail postfix/smtpd[4012986]: connect from haproxy.local[10.30.30.90] Jun 22 17:58:25 mail postfix/smtpd[4012986]: lost connection after CONNECT from haproxy.local[10.30.30.90] Jun 22 17:58:25 mail postfix/smtpd[4012986]: disconnect from haproxy.local[10.30.30.90] commands=0/0 Jun 22 17:58:27 mail postfix/smtpd[4012986]: connect from haproxy.local[10.30.30.90] Jun 22 17:58:27 mail postfix/smtpd[4012986]: lost connection after CONNECT from haproxy.local[10.30.30.90] Jun 22 17:58:27 mail postfix/smtpd[4012986]: disconnect from haproxy.local[10.30.30.90] commands=0/0 Jun 22 17:58:33 mail postfix/smtpd[4012986]: warning: haproxy read: EOF Jun 22 17:58:33 mail postfix/smtpd[4012986]: connect from localhost[127.0.0.1] Jun 22 17:58:33 mail postfix/smtpd[4012986]: disconnect from localhost[127.0.0.1] commands=0/0 Jun 22 17:58:43 mail postfix/smtpd[4012986]: warning: haproxy read: EOF
As you can see postfix is logging Google incoming mail REAL IP : 209.85.217.46
But I ended up having my mails deferred with : Negative greeting: 421 4.3.0 mail.mydomain.com Server local error
37F991B0825E: to=<test@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.6, delays=3.2/0/0/5.4, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 id=3768152-09 - Temporary MTA failure on relaying, From MTA() during fwd-connect (Negative greeting: 421 4.3.0 mail.mydomain.com Server local error): id=3768152-09 (in reply to end of DATA command))
Here is below some of my configs
master.cf
smtp inet n - n - 1 smtpd
tlsproxy unix - - n - 0 tlsproxy
dnsblog unix - - n - 0 dnsblog
smtpd pass - - n - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.1,10.30.30.90
-o syslog_name=postfix/smtpd-proxy
-o smtpd_upstream_proxy_protocol=haproxy
-o smtpd_tls_security_level=may
-o mynetworks=127.0.0.0/8,10.30.30.90
-o content_filter=scan:[127.0.0.1]:10030
465 inet n - n - - smtpd
-o content_filter=scan:[127.0.0.1]:10030
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_wrappermode=yes
-o smtpd_client_restrictions=
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks, reject_unauth_destination
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/smtps
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_authorized_xforward_hosts=127.0.0.1,10.30.30.90
-o mynetworks=127.0.0.0/8,10.30.30.90
submission inet n - n - - smtpd
-o content_filter=scan:[127.0.0.1]:10030
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_security_level=may
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks, reject_unauth_destination
-o smtpd_relay_restrictions=permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
-o syslog_name=postfix/submission
-o milter_macro_daemon_name=ORIGINATING
scan unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o disable_mime_output_conversion=yes
-o smtp_generic_maps=
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
# -o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
# AMAVISD-NEW
#
smtp-amavis unix - - n - 10 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtpd_sasl_auth_enable=no
-o max_use=20
[127.0.0.1]:10025 inet n - n - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.1,10.30.30.90
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_sasl_auth_enable=no
-o mynetworks=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_milters=
-o smtpd_tls_security_level=none
-o smtpd_use_tls=no
-o syslog_name=postfix/clean10025
[127.0.0.1]:10030 inet n - n - - smtpd
-o local_recipient_maps=
-o virtual_mailbox_maps=
-o virtual_alias_maps=
-o receive_override_options=no_address_mappings
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_milters=inet:localhost:8465
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_sender_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_reject_unlisted_sender=no
-o smtpd_relay_restrictions=
-o smtpd_sasl_auth_enable=no
-o smtpd_data_restrictions=
-o smtpd_end_of_data_restrictions=
-o syslog_name=postfix/dkimmilter
-o content_filter=smtp-amavis:[127.0.0.1]:10032
# -o content_filter=smtp:[127.0.0.1]:10025
[127.0.0.1]:10028 inet n - n - - smtpd
-o content_filter=scan:[127.0.0.1]:10030
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_proxy_filter=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=
-o smtpd_reject_unlisted_sender=no
-o smtpd_sasl_auth_enable=no
-o mynetworks=127.0.0.0/8,[::1]/128
-o receive_override_options=no_unknown_recipient_checks
-o syslog_name=postfix/reinject
[127.0.0.1]:10029 inet n - n - - smtpd
-o smtpd_client_restrictions=
-o smtpd_proxy_filter=
-o content_filter=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_reject_unlisted_sender=no
-o smtpd_data_restrictions=
-o smtpd_sasl_auth_enable=no
-o mynetworks=127.0.0.0/8,[::1]/128
-o receive_override_options=no_unknown_recipient_checks
-o syslog_name=postfix/archive
main.cf
disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_client_restrictions = reject_unauth_pipelining
smtpd_data_restrictions = reject_unauth_pipelining
# smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_unknown_sender>smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_unknown_sender_d>
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_tls_cert_file = /opt/zextras/conf/smtpd.crt
smtpd_tls_key_file = /opt/zextras/conf/smtpd.key
smtpd_tls_loglevel = 1
smtputf8_enable = no
smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions = $mynetworks
meta_directory = /opt/zextras/common/conf
shlib_directory = no
postscreen_dnsbl_min_ttl = 60s
in_flow_delay = 1s
postscreen_dnsbl_whitelist_threshold = 0
postscreen_command_count_limit = 20
smtp_dns_support_level = enabled
# smtpd_sasl_security_options = noanonymous
smtpd_sasl_security_options = noanonymous
address_verify_positive_refresh_time = 12h
postscreen_pipelining_ttl = 30d
default_process_limit = 100
smtpd_tls_ask_ccert = no
smtpd_tls_ccert_verifydepth = 9
smtpd_error_sleep_time = 1s
lmtp_tls_security_level = may
smtp_tls_CApath =
smtpd_reject_unlisted_sender = yes
hopcount_limit = 50
address_verify_poll_delay = 3s
lmtp_host_lookup = dns
lmtp_tls_loglevel = 0
smtpd_banner = $myhostname ESMTP $mail_name
lmtp_tls_ciphers = export
postscreen_greet_action = ignore
smtp_sasl_security_options = noplaintext,noanonymous
postscreen_blacklist_action = ignore
smtp_tls_ciphers = high
postscreen_pipelining_enable = no
delay_warning_time = 0h
bounce_queue_lifetime = 5d
smtpd_tls_auth_only = yes
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
postscreen_watchdog_timeout = 10s
myorigin = mydomain.com
postscreen_access_list = permit_mynetworks
mailbox_size_limit = 0
notify_classes = resource, software
tls_preempt_cipherlist = yes
bounce_notice_recipient = postmaster
lmtp_tls_protocols = !SSLv2, !SSLv3
smtp_sasl_auth_enable = no
mynetworks = 127.0.0.0/8 10.50.10.50/32
message_size_limit = 52428800
smtpd_client_connection_rate_limit = 50
smtpd_client_message_rate_limit = 100
smtpd_client_recipient_rate_limit = 100
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtp_helo_name = $myhostname
smtp_starttls_timeout = 300s
tls_random_source = dev:/dev/urandom
address_verify_poll_count = ${stress?3}${stress:5}
maximal_queue_lifetime = 5d
postscreen_whitelist_interfaces = static:all
smtp_tls_loglevel = 0
myhostname = mail.mydomain.com
smtpd_sasl_auth_enable = yes
postscreen_dnsbl_reply_map =
virtual_alias_expansion_limit = 10000
smtpd_tls_session_cache_timeout = 1800s
postscreen_non_smtp_command_ttl = 30d
smtpd_client_port_logging = no
smtpd_tls_eecdh_grade = ultra
relayhost =
postscreen_greet_ttl = 1d
smtp_sasl_password_maps =
smtpd_tls_CAfile =
# smtpd_tls_security_level = may
smtpd_tls_security_level = may
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_helo_hostname,reject_non_fqdn_helo_hostname,reject_unknown_helo_hostname
postscreen_bare_newline_enable = no
import_environment =
max_use = 100
milter_content_timeout = 300s
minimal_backoff_time = 300s
# postscreen_dnsbl_sites =
postscreen_dnsbl_sites =
recipient_delimiter =
unverified_recipient_defer_code = 250
postscreen_upstream_proxy_protocol =
postscreen_non_smtp_command_action = drop
smtp_tls_mandatory_exclude_ciphers =
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
postscreen_dnsbl_ttl = 1h
smtp_tls_mandatory_ciphers = high
smtpd_sender_login_maps = proxy:ldap:/opt/zextras/conf/ldap-slm.cf
lmtp_connection_cache_destinations =
# content_filter = smtp-amavis:[127.0.0.1]:10024
content_filter = smtp-amavis:[127.0.0.1]:10024
queue_run_delay = 300s
lmtp_tls_mandatory_ciphers = medium
smtp_generic_maps =
milter_connect_timeout = 30s
milter_default_action = tempfail
address_verify_negative_refresh_time = 10m
lmtp_tls_exclude_ciphers =
smtpd_end_of_data_restrictions =
# smtp_tls_security_level = may
smtp_tls_security_level = may
smtpd_tls_mandatory_ciphers = high
postscreen_non_smtp_command_enable = no
lmtp_tls_CAfile =
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
postscreen_bare_newline_action = ignore
postscreen_cache_retention_time = 7d
tls_eecdh_strong_curve = prime256v1
smtpd_milters = inet:127.0.0.1:7026
smtpd_sender_restrictions = check_sender_access regexp:/opt/zextras/common/conf/tag_as_originating.re, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, permit_tls_clientcerts, check>smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, MD5, PSK
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_CApath =
smtpd_soft_error_limit = 10
postscreen_dnsbl_action = ignore
tls_high_cipherlist = :EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:AES256+EECDH:AE>postscreen_pipelining_action = enforce
smtp_transport_rate_delay = $default_transport_rate_delay
smtp_fallback_relay =
lmtp_tls_CApath =
smtp_cname_overrides_servername = no
postscreen_dnsbl_threshold = 1
smtpd_tls_session_cache_database =
postscreen_bare_newline_ttl = 30d
smtpd_proxy_timeout = 100s
postscreen_cache_cleanup_interval = 12h
propagate_unmatched_extensions = canonical
smtp_sasl_mechanism_filter =
milter_command_timeout = 30s
smtpd_client_auth_rate_limit = 0
non_smtpd_milters =
tls_eecdh_ultra_curve = secp384r1
smtpd_tls_ciphers = high
lmdb_map_size = 16777216
smtpd_sasl_authenticated_header = no
smtpd_hard_error_limit = 20
maximal_backoff_time = 4000s
smtp_tls_CAfile =
smtpd_reject_unlisted_recipient = yes
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
tls_append_default_CA = no
smtp_tls_dane_insecure_mx_policy = dane
smtp_tls_mandatory_protocols =
postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
sender_canonical_maps =
smtpd_tls_received_header = yes
always_add_missing_headers = yes
lmtp_connection_cache_time_limit = 4s
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, MD5, PSK
smtpd_tls_exclude_ciphers =
proxy_interfaces = 127.0.0.1, 10.30.30.90
# smtpd_proxy_protocol = yes
smtpd_authorized_xforward_hosts = 127.0.0.1, 10.30.30.90
smtpd_discard_ehlo_keywords = pipelining
smtpd_upstream_proxy_protocol = haproxy
amavisd.conf
use strict;
$enable_ldap = 1;
$default_ldap = {
hostname => [ split (' ','ldap://mail.mydomain.com:389') ],
timeout => 30,
tls => 0,
sslversion => '',
query_filter => '(&(objectClass=amavisAccount)(zimbraMailStatus=enabled)(|(mail=%m)(zimbraDomainName=%m)))',
bind_dn => 'uid=zmamavis,cn=appaccts,cn=zimbra',
bind_password => '0sen1XLrx',
};
$max_servers = 10; # num of pre-forked children (2..30 is common), -m
$daemon_user = 'zextras'; # (no default; customary: vscan or amavis), -u
$daemon_group = 'zextras'; # (no default; customary: vscan or amavis), -g
$mydomain = 'mydomain.com'; # a convenient default for other settings
$MYHOME = '/opt/zextras/data/amavisd'; # a convenient default for other settings, -H
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T
$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc.
$QUARANTINEDIR = "$MYHOME/quarantine"; # -Q
$lock_file = "$MYHOME/var/amavisd.lock"; # -L
$pid_file = "/run/carbonio/amavisd.pid"; # -P
#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually
$log_level = 1; # verbosity 0..5, -d
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$do_syslog = 1; # log via syslogd (preferred)
$syslog_facility = 'local0'; # Syslog facility as a string
# e.g.: mail, daemon, user, local0, ... local7
#$syslog_priority = 'info'; # Syslog base (minimal) priority as a string,
# choose from: emerg, alert, crit, err, warning, notice, info, debug
$enable_db = 0; # enable use of BerkeleyDB/libdb (SNMP and nanny)
# $enable_zmq = 1; # enable use of ZeroMQ (SNMP and nanny)
$nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed
$enable_dkim_verification = 1; # enable DKIM signatures verification
$enable_dkim_signing = 0; # load DKIM signing code, keys defined by dkim_key
@local_domains_maps = undef; # Not necessary when LDAP is used
#@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
# 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
@mynetworks = qw( 127.0.0.0/8 10.30.30.90 );
@listen_sockets=("$MYHOME/amavisd.sock", '10024','10026','10032');
$inet_socket_bind = ['127.0.0.1', '10.30.30.30'];
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
originating => 1, # is true in MYNETS by default, but let's make it explicit
os_fingerprint_method => undef, # don't query p0f for internal clients
};
$interface_policy{'10026'} = 'ORIGINATING';
$interface_policy{'10032'} = 'ORIGINATING_POST';
$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 0, # enables disclaimer insertion if available
# notify administrator of locally originating malware
virus_admin_maps => ['zextras@mydomain.com'],
spam_admin_maps => ['zextras@mydomain.com'],
warnbadhsender => 0,
bypass_spam_checks_maps => [1], # don't spam-check internal mail
# forward to a smtpd service providing DKIM signing service
forward_method => 'smtp:[127.0.0.1]:10030',
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_banned_checks_maps => [0], # allow sending any file names and types
terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option
};
$policy_bank{'ORIGINATING_POST'} = { # Post DKIM we need to run SA
originating => 0,
# notify administrator of locally originating malware
virus_admin_maps => ['zextras@mydomain.com'],
spam_admin_maps => ['zextras@mydomain.com'],
warnbadhsender => 0,
#bypass_spam_checks_maps => [1], # don't spam-check internal mail if desired
bypass_virus_checks_maps => [1], # Don't check AV a second time
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_banned_checks_maps => [0], # allow sending any file names and types
terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option
archive_quarantine_method => undef, # Don't run archiving a second time
};
$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
$policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP',
auth_required_release => 0, # do not require secret_id for amavisd-release
};
$sa_debug = 0;
$sa_tag_level_deflt = undef; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 3.2; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 15.0; # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 15.0; # spam level beyond which a DSN is not sent
$sa_crediblefrom_dsn_cutoff_level = 15.0; # likewise, but for a likely valid From
$sa_quarantine_cutoff_level = 15.0; # spam level beyond which quarantine is off
$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database)
$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam
$bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces
$sa_mail_body_size_limit = 512*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?
$virus_admin = 'zextras@mydomain.com'; # notifications recip.
$mailfrom_notify_admin = 'zextras@mydomain.com'; # notifications sender
$mailfrom_notify_recip = 'zextras@mydomain.com'; # notifications sender
$mailfrom_notify_spamadmin = 'zextras@mydomain.com'; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
@addr_extension_virus_maps = ('virus');
@addr_extension_banned_maps = ('banned');
@addr_extension_spam_maps = ('spam');
@addr_extension_bad_header_maps = ('badh');
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$sa_spam_subject_tag = '';
$defang_virus = 1; # MIME-wrap passed infected mail
$defang_banned = 1; # MIME-wrap passed mail containing banned name
# for defanging bad headers only turn on certain minor contents categories:
$defang_by_ccat{CC_BADH.",3"} = 1; # NUL or CR character in header
$defang_by_ccat{CC_BADH.",5"} = 1; # header line longer than 998 characters
$defang_by_ccat{CC_BADH.",6"} = 1; # header field syntax error
$myhostname = 'mail.mydomain.com'; # must be a fully-qualified domain name!
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_DISCARD; #!!! D_DISCARD / D_REJECT
I am sorry it has been very long but I hope I have shared all needed to get some help.
Thanks y'all in advance