1

Topic: iRedMail FreeBSD8.2 - amavisd problem

Hello
I installed iRedMail-0.8.0-beta2 (mysql) in Jail FreeBSD8.2 and I have a little problem with amavisd
3 out of 10 e-mails arrive, and the rest do not.
Log /var/log/maillog:

Mar 18 08:02:02 mail1 postfix/qmgr[78107]: 6783C41C4465: from=<subskrypcja@proto.pl>, size=1373, nrcpt=1 (queue active)
Mar 18 08:02:33 mail1 postfix/smtpd[78813]: connect from mail1.vinkler.pl[192.168.1.4]
Mar 18 08:02:33 mail1 postfix/smtpd[78813]: NOQUEUE: reject: CONNECT from mail1.vinkler.pl[192.168.1.4]: 554 5.7.1 <mail1.vinkler.pl[192.168.1.4]>: Client host rejected: Access denied; proto=SMTP
Mar 18 08:02:33 mail1 postfix/smtpd[78813]: lost connection after CONNECT from mail1.vinkler.pl[192.168.1.4]
Mar 18 08:02:33 mail1 postfix/smtpd[78813]: disconnect from mail1.vinkler.pl[192.168.1.4]
Mar 18 08:02:33 mail1 amavis[77443]: (77443-03) (!)FWD from <subskrypcja@proto.pl> -> <zet120@vinkler.pl>, 451 4.5.0 From MTA() during fwd-connect (Negative greeting: 554 5.7.1 <mail1.vinkler.pl[192.168.1.4]>: Client host rejected: Access denied at (eval 117) line 464.): id=77443-03
Mar 18 08:02:33 mail1 amavis[77443]: (77443-03) Blocked MTA-BLOCKED {TempFailedInternal}, LOCAL [217.96.29.20]:37470 [217.96.29.20] <subskrypcja@proto.pl> -> <zet120@vinkler.pl>, Message-ID: <m12mam.rzh7qb@proto.imm>, mail_id: oqL5LSD8safS, Hits: -7.827, size: 1373, 31164 ms
Mar 18 08:02:33 mail1 postfix/smtp[78793]: 6783C41C4465: to=<zet120@vinkler.pl>, relay=192.168.1.4[192.168.1.4]:10024, delay=31, delays=0.16/0.02/0.01/31, dsn=4.5.0, status=deferred (host 192.168.1.4[192.168.1.4] said: 451 4.5.0 id=77443-03 - Temporary MTA failure on relaying, From MTA() during fwd-connect (Negative greeting: 554 5.7.1 <mail1.vinkler.pl[192.168.1.4]>: Client host rejected: Access denied at (eval 117) line 464.): id=77443-03 (in reply to end of DATA command))

Where to find the problem?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedMail FreeBSD8.2 - amavisd problem

All mail services related softwares are running outside Jail, so i guess it's caused by different network setting (IP range and subnet). and here's another wiki tutorial describes Jail + mail services:
http://wtf.hijacked.us/wiki/index.php/M … eeBSD_Jail

To be clear, i quote iRedMail related settings here.  Make sure to replace XXX.XXX.XXX.XXX with your jail's IP or subnet.

1) /usr/local/etc/postfix/main.cf:

 content_filter = smtp-amavis:[XXX.XXX.XXX.XXX]:10024

2) /usr/local/etc/postfix/master.cf:

XXX.XXX.XXX.XXX:10025      inet    n       -       n       -       -       smtpd
   ...
   -o mynetworks=XXX.XXX.XXX.XXX/32
   ...

3) /usr/local/etc/amavisd.conf

$notify_method  = 'smtp:[XXX.XXX.XXX.XXX]:10025';
$forward_method = 'smtp:[XXX.XXX.XXX.XXX]:10025';

$inet_socket_bind = 'XXX.XXX.XXX.XXX';       # If this setting doesn't exist, please add one to override default setting.
$policy_bank{'AM.PDP-INET'} = {
    ...
    inet_acl => [qw( XXX.XXX.XXX.XXX [::1] )],
    ...
}

@storage_sql_dsn = (
    [...;host=XXX.XXX.XXX.XXX;...],
);

That's all.

Please do let me know whether it works for you or not. Thanks. smile

3

Re: iRedMail FreeBSD8.2 - amavisd problem

Thank you for the detailed answer, It works!   smile
The most important option is:
/usr/local/etc/postfix/main.cf

 -o mynetworks=XXX.XXX.XXX.XXX/32  --> XXX IP Jail

It was like this:

mail1# telnet 127.0.0.1 10025 
 Trying 127.0.0.1... 
 Connected to mail1.vinkler.pl. 
 Escape character is '^]'. 
 554 5.7.1 <unknown[192.168.1.4]>: Client host rejected: Access denied

After the change is:

mail1# telnet 127.0.0.1 10025
Trying 127.0.0.1...
Connected to mail1.vinkler.pl.
Escape character is '^]'.
220 mail1.vinkler.pl ESMTP Postfix

In file /usr/local/etc/amavisd.conf must be so:

$policy_bank{'AM.PDP-INET'} = {
    protocol => 'AM.PDP',       
    inet_acl => [qw( 127.0.0.1 [::1] )],   
    auth_required_release => 1,    
    #log_level => 4,
    #always_bcc_by_ccat => {CC_CLEAN, 'admin@example.com'},
};
@inet_acl = qw( 127.0.0.1 XXX.XXX.XXX.XXX [::1] ); --> XXX=IP Jail

If it:

$policy_bank{'AM.PDP-INET'} = {
    protocol => 'AM.PDP',       
    inet_acl => [qw( XXX.XXX.XXX.XXX [::1] )],  -->  XXX=IP Jail  
    auth_required_release => 1,    
    #log_level => 4,
    #always_bcc_by_ccat => {CC_CLEAN, 'admin@example.com'},
};

Amavisd is an error:

amavis[56584]: () (!)DENIED ACCESS from IP 192.168.1.4, policy bank ''

Thanks.

P.S.
I have one problem, but more on that in another topic