# little problem with spamd and outgoing mail



## Klinki (Aug 17, 2010)

It seems  that i misconfigured my pf and/or my postfix setting a little bit.
Incoming mail is greylisted by spamd and working perfectly, but after i got the correct spamd pf entries my outgoing mail is blocked. it worked without spamd fine. so i assume i screwed some pf setting. but after working on the server the hole day i coul not see any faults :OO Maybe you guys got an idea how to fix.

mailq lists my testmails with: mail transport unavailable

here is my pf.conf:

```
# Interface declarations
ext_if="re0"
all_if="{re0, lo0}"

# Name and IP of our webserver

MAIL_INTERNAL="192.168.1.1"
MAIL_EXTERNAL="123.123.123.123"




### Normalisation

...
# Allow traffic from mail jail to the Internet                                                     
nat on $ext_if from $MAIL_INTERNAL to any -> $MAIL_EXTERNAL


### Tables
table <rfc1918> persist 
table <spamd> persist
table <spamd-white> persist
table <whitelist> persist file "/etc/pf_files/whitelist.lst"
table <blacklist> persist file "/etc/pf_files/blacklist.lst"
table <internal_net> {192.168.1.0/24}


### Rules


#### Forward mailtraffic to the mail jail
rdr pass on $ext_if proto tcp from <whitelist> to $MAIL_EXTERNAL port smtp -> $MAIL_INTERNAL port smtp
rdr pass on $ext_if proto tcp from <blacklist> to $MAIL_EXTERNAL port smtp -> 127.0.0.1 port spamd
rdr pass on $ext_if proto tcp from <spamd> to $MAIL_EXTERNAL port smtp -> 127.0.0.1 port spamd
rdr pass on $ext_if proto tcp from any to $MAIL_EXTERNAL port 8825 -> $MAIL_INTERNAL port smtp
rdr pass on $ext_if proto tcp from <spamd-white> to $MAIL_EXTERNAL port smtp -> $MAIL_INTERNAL port smtp
rdr pass on $ext_if proto tcp from !<spamd-white> to $MAIL_EXTERNAL port smtp -> 127.0.0.1 port spamd
rdr pass on $ext_if proto tcp from any to $MAIL_EXTERNAL port smtp -> $MAIL_INTERNAL port smtp
rdr on $ext_if proto tcp from any to $MAIL_EXTERNAL port 465 -> $MAIL_INTERNAL port 465
rdr on $ext_if proto tcp from any to $MAIL_EXTERNAL port 143 -> $MAIL_INTERNAL port 143
rdr on $ext_if proto tcp from any to $MAIL_EXTERNAL port 993 -> $MAIL_INTERNAL port 993
```


----------



## graudeejs (Aug 17, 2010)

by quick look at your rules it looks like you redirect mail from ext to int interfaces, but you don't do this the other way around (internal to external)

how do you suppose mail to get out of you local network?


----------



## Klinki (Aug 17, 2010)

maybe u r right but i thought 

```
nat on $ext_if from $MAIL_INTERNAL to any -> $MAIL_EXTERNAL
```
is for the outgoing traffic?


----------



## graudeejs (Aug 18, 2010)

```
nat on $ext_if from $MAIL_INTERNAL port >1024 to any -> $MAIL_EXTERNAL
```

you need to nat ports above 1024
Otherwise you will have problems with postfix 

On my server I was forwarding from jail to net.... and since it was first time I used nat, I forwarded all ports  
Later I coudn't understand, why does postfix on root server doesn't start up when I reboot my Server 
After few hours I understand, that I have 2 postfix trying to use same port on same ip {because of NAT}


----------



## Klinki (Aug 18, 2010)

mh strange i can telnet out of the jail to external mail servers  - maybe it isn't pf but my postfix - dovecot - clamsmtpd setup?
strange thing though is that inbound mails from external server and internal mail (domain1 to domain2 on this server) are working.

clamsmtpd.conf

```
OutAddress: 10026
Listen: 192.168.1.3:10025
ClamAddress: /var/run/clamav/clamd.sock
Header: X-Virus-Scanned: ClamAV using ClamSMTP
TempDirectory: /tmp
Action: drop  
Quarantine: off
TransparentProxy: off
User: clamav
```

clamd.conf:

```
LogFile /var/log/clamav/clamd.log
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
User clamav
AllowSupplementaryGroups yes
ScanMail yes
```

postfix main.cf:

```
smtpd_banner = $myhostname ESMTP $mail_name (some Unix)
biff = no
append_dot_mydomain = no
daemon_directory = /usr/local/libexec/postfix
command_directory = /usr/local/sbin
myhostname = mail.somedomain.com
myorigin = somedomain.com
mydestination = localhost, localhost.localdomain, localhost
relayhost =
mynetworks = 192.168.1.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
alias_database = hash:/etc/aliases
alias_maps = $alias_database
message_size_limit = 50000000
smtpd_helo_required = yes
virtual_mailbox_domains = proxy:mysql:$config_directory/cf/mysql_virtual_domains_maps.cf
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_maps = proxy:mysql:$config_directory/cf/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:$config_directory/cf/mysql_virtual_alias_maps.cf mysql:$config_directory/cf/mysql_virtual_email2email.cf
virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:6
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_tls_cert_file = /etc/ssl/mail/mail-cert.pem
smtpd_tls_key_file = /etc/ssl/mail/mail-key.pem
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_received_header = no
smtpd_tls_loglevel = 0
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
debug_peer_level                = 2
debugger_command                =
PATH                            = /bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb                           = $daemon_directory/$process_name $process_id & sleep 5
show_user_unknown_table_name    = no
smtpd_client_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_rbl_client dnsbl.sorbs.net,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client blackholes.easynet.nl,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client t1.dnsbl.net.au,
    reject_rhsbl_client rhsbl.ahbl.org,
    reject_rhsbl_client rhsbl.sorbs.net
    reject_rhsbl_client bogusmx.rfc-ignorant.org,
    permit
smtpd_sender_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unknown_sender_domain,
    reject_non_fqdn_sender,
    reject_sender_login_mismatch,,
    reject_rhsbl_sender rhsbl.sorbs.net,
    reject_rhsbl_sender rddb.dnsbl.net.au,
    reject_rhsbl_sender endn.dnsbl.net.au,
    reject_rhsbl_sender rhsbl.ahbl.org,
    reject_rhsbl_sender rhsbl.sorbs.net,
    permit
   
    
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unauth_destination,
  reject_unauth_pipelining,
  reject_invalid_hostname,
  reject_rbl_client list.dsbl.org,
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client sbl-xbl.spamhaus.org
smtpd_data_restrictions =
    permit_mynetworks,
    reject_unauth_pipelining,
    reject_multi_recipient_bounce,
    permit
readme_directory = no
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
html_directory = no
setgid_group = maildrop
manpage_directory = /usr/local/man
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
data_directory = /var/db/postfix
disable_vrfy_command = yes
smtpd_delay_reject = yes
content_filter = scan:[192.168.1.3]:10025
```

postfix master.cf:

```
smtp      inet  n       -       n       -       -       smtpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
relay     unix  -       -       n       -       -       smtp
	-o fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache	  unix	-	-	n	-	1	scache
dovecot unix    -       n       n       -       -      pipe
  flags=DRhu user=vmail:mail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m INBOX/${extension}
scan      unix  -       -       n       -       16      smtp
    -o smtp_send_xforward_command=yes
    -o smtp_enforce_tls=no

192.168.1.3:10026 inet  n -       n       -       16      smtpd -v
    -o content_filter=
	-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks_style=host
    -o smtpd_authorized_xforward_hosts=192.168.1.3
```

maillog.

```
Aug 18 01:33:39 mail postfix/qmgr[36908]: 615FEA262C: from=<antje@somedomain.com>, size=828, nrcpt=1 (queue active)
Aug 18 01:33:39 mail postfix/qmgr[36908]: BA99CA25FF: from=<johndoe@somedomain.com>, size=865, nrcpt=1 (queue active)
Aug 18 01:33:39 mail postfix/qmgr[36908]: BE4F2A273B: from=<interr@some-other-doma.in>, size=1131, nrcpt=1 (queue active)
Aug 18 01:33:39 mail postfix/error[36915]: 1DAD5A265F: to=<janedoe@some-external-doma.in>, relay=none, delay=11427, delays=11426/0.07/0/0.06, dsn=4.3.0, status=deferred (mail transport unavailable)
Aug 18 01:33:39 mail postfix/error[36916]: 615FEA262C: to=<janedoe@some-external-doma.in>, relay=none, delay=12900, delays=12900/0.01/0/0.07, dsn=4.3.0, status=deferred (mail transport unavailable)
Aug 18 01:33:39 mail postfix/error[36918]: BA99CA25FF: to=<janedoe@some-external-doma.in>, relay=none, delay=14457, delays=14457/0.01/0/0.07, dsn=4.3.0, status=deferred (mail transport unavailable)
Aug 18 01:33:39 mail postfix/error[36920]: BE4F2A273B: to=<janedoe@some-external-doma.in>, relay=none, delay=4435, delays=4435/0.02/0/0.07, dsn=4.3.0, status=deferred (mail transport unavailable)
```


----------



## Klinki (Aug 18, 2010)

mh my post needed a bit to approval - sorry did not realized that this forum is moderated.


----------



## DutchDaemon (Aug 18, 2010)

Really? Do you see any spam around here?


----------



## Klinki (Aug 18, 2010)

DutchDaemon said:
			
		

> Really? Do you see any spam around here?



no ! and that is really fine ! i did not want to criticize you!  i just haven't realized it  keep up the good work!


----------



## Klinki (Aug 18, 2010)

OMG it seems it was realy to late yesterday  i fugured the problem out. after again checking my logs on line came to my attention (after i ruled clamsmptd out after debugging it).

```
warning: connect to transport private/smtp: Connection refused
```

after googling it the first result was a bazinga :
in postifx's master.cf the line 

```
smtp      unix  -       -       n       -       -       smtp
```
was commented out. after uncommenting it everything works.


----------

