Postfix & Amavis – Use UNIX Soket for Communication

amavispostfixsmtpsocketspam

I currently using a complex mailserver setup using Postfix, Dovecot, Amavis and Spamassassin.

Everything works fine but I want to improve the Postfix-Amavis-Communication. At the moment, postfix will send all mails to localhost:10024 which is the amavis service. After all checks a modified version is sent back to localhost:10025 which is a postfix service for recieving amavis mails.

My idea: UNIX SOCKETS (Because of security reasons; not important why)

So I configured amavis to spawn an unix socket in /run/amavis/amavis.socket.

And I changed this:

amavis-forward:[127.0.0.1]:10024` to `amavis-forward:unix:/run/amavis/amavis.sock

But then I get this error:

Jan  5 13:55:23 server postfix/smtp[1447]: fatal: unknown service: /run/amavis/amavis.sock/tcp
Jan  5 13:55:24 server postfix/qmgr[1254]: warning: private/amavis-forward socket: malformed response
Jan  5 13:55:24 server postfix/qmgr[1254]: warning: transport amavis-forward failure -- see a previous warning/fatal/panic logfile record for the problem description

So the mail status is set to status=deferred (unknown mail transport error).

master.cf:

 ...
 # Amavis
 amavis-forward   unix    -       -       -       -       2       smtp
    -o smtp_tls_security_level=none
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
 ...

Over :10024 anything works fine. How can I solve it?

Best Answer

Disclaimer: this is half answer because I can use socket when postfix -> amavis but I can't use it when amavis -> postfix. See the explanation in end of this answer.

To use socket, you should use LMTP instead of SMTP to deliver email from postfix to amavis.

As NickW said above, you need to put the amavis socket inside the Postfix queue directory. In this answer I assume that postfix queue directory is /var/spool/postfix/.

Create directory to hold amavis socket

mkdir /var/spool/postfix/amavis/
chmod 750 /var/spool/postfix/amavis/
chown amavis:amavis /var/spool/postfix/amavis/

Add postfix user in amavis group

usermod -G amavis postfix

Configuration in amavisd.conf

# for socket, it should reside in /var/spool/postfix
$unix_socketname = "/var/spool/postfix/amavis/amavisd.sock";

# set permission so amavis group can access this socket
$unix_socket_mode = 0660;

# Replace $interface_policy{'SOCK'} = 'AM.PDP';

$interface_policy{'SOCK'} = 'mysock';
$policy_bank{'mysock'} = {
   protocol => 'LMTP',
   auth_required_release => 0, # don't require secret-id for release
};

Postfix main.cf

content_filter = amavis-forward:unix:amavis/amavisd.sock

Postfix master.cf

# Amavis
amavis-forward   unix    -       -       -       -       2       lmtp
    -o lmtp_data_done_timeout=1200
    -o lmtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

The result

amais postfix/smtpd[13393]: connect from localhost[127.0.0.1]
amais postfix/smtpd[13393]: 4E0B82340F: client=localhost[127.0.0.1]
amais postfix/cleanup[13359]: 4E0B82340F: message-id=<20150106070245.4E0B82340F@example.net>
amais postfix/qmgr[13352]: 4E0B82340F: from=<root@example.net>, size=344, nrcpt=1 (queue active)
amais postfix/smtpd[13363]: connect from localhost[127.0.0.1]
amais postfix/smtpd[13363]: 6081E2340B: client=localhost[127.0.0.1]
amais postfix/cleanup[13359]: 6081E2340B: message-id=<20150106070245.4E0B82340F@example.net>
amais postfix/qmgr[13352]: 6081E2340B: from=<root@example.net>, size=688, nrcpt=1 (queue active)
amais postfix/smtpd[13363]: disconnect from localhost[127.0.0.1]
amais postfix/local[13365]: 6081E2340B: to=<root@example.net>, orig_to=<koala@example.net>, relay=local, delay=0.01, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
amais postfix/qmgr[13352]: 6081E2340B: removed
amais amavis[13113]: (13113-03) Passed CLEAN {RelayedInbound}, mysock <root@example.net> -> <koala@example.net>, Message-ID: <20150106070245.4E0B82340F@example.net>, mail_id: MLZDzoda7siu, Hits: -, size: 344, queued_as: 6081E2340B, 90 ms
amais postfix/lmtp[13361]: 4E0B82340F: to=<koala@example.net>, relay=example.net[amavis/amavisd.sock], delay=0.11, delays=0.01/0/0.01/0.09, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6081E2340B)
amais postfix/qmgr[13352]: 4E0B82340F: removed

For amavis -> postfix transport, it controlled by parameter forward_method. I don't familiar with this configuration except with smtp. In the example in this page, apparently protocol supported by this parameter is pipe, smtp, and bsmtp. Also, based on postfix architecture, postfix only accept email either from smtpd, qmqmd, or sendmail.

Related Topic