i want to implement advance content filtering in postfix using python. I have figured it out the implementation from http://www.postfix.org/FILTER_README.html. but there is another problem, after the filtering from python script i need to relay to amazon ses that need to use TLS. The problem is that if i config postfix using TLS, the postfix-python script will error and if i am not using TLS the postfix-Amazon SES will error.
Have any idea to fix this problem?
The error from amazon SES :
Sep 29 07:09:41 mail postfix/qmgr[1935]: 4AC65C533B2: from=<ec2-user@xmail.xample.id>, size=663, nrcpt=1 (queue active)
Sep 29 07:09:41 mail postfix/error[2229]: 4AC65C533B2: to=<ilham.sulaksono@xample.com>, relay=none, delay=8999, delays=8999/0.01/0/0.01, dsn=4.0.0, status=deferred (delivery temporarily suspended: SASL authentication failed; server email-smtp.us-west-2.amazonaws.com[34.211.81.29] said: 530 Must issue a STARTTLS command first)
Main.cf configuration:
queue_directory = /var/spool/postfix
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = xmail.xample.id
mydomain = xmail.xample.id
myorigin = $mydomain
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, mydomain
mynetworks_style = host
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
relayhost = [email-smtp.us-west-2.amazonaws.com]:587
smtpd_sasl_local_domain = $myhostname
#smtp_use_tls = yes
#smtp_tls_security_level = encrypt
#smtp_tls_note_starttls_offer = yes
content_filter = scan:localhost:10025
receive_override_options = no_address_mappings
Master.cf:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
scan unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o disable_mime_output_conversion=yes
localhost:10026 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
Best Answer
After some searching on google i find a way. even though not as intended for some specific relay host. Its using config in postfix so the postfix not required to using ssl. The configuration is in main.cf using this following line :