Mail filtering with procmail in a postfix/dovecot system with virtual users
Your /etc/postfix/main.cf
file doesn't mention procmail anywhere. This is the problem, AFAIK.
In my case, I have:
mailbox_command = procmail -a "$EXTENSION"
and my procmail config file is in ~user/.procmailrc
. However this is a real user on the machine. It seems that you're using virtual transport, in which case I suppose that you should use something like:
virtual_transport = procmail
procmail_destination_recipient_limit = 1
(all users will be concerned, but your procmail rules can deal with that, or you may want to use transport_maps with a transport table). I suppose that you can more or less copy from the Postfix + Maildrop Howto, replacing maildrop
by procmail
.
Alternatively, I wonder whether you can use something based on:
virtual_transport = virtual
virtual_alias_maps = hash:/etc/postfix/virtual
/etc/postfix/virtual:
[email protected] procmail
/etc/aliases:
procmail: "|/path/to/procmail ..."
Related videos on Youtube
Paulo Matos
Updated on September 18, 2022Comments
-
Paulo Matos almost 2 years
I had a postfix/dovecot system with mail users working. After unsuccessfully following a few tutorials online to enable procmail, now I have an unusable system.
What I want is to enable procmail filtering for my user paulo @ mydomain.com :
/etc/postfix/main.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = centauri.mydomain.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = centauri.mydomain.com, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html message_size_limit = 40720000 virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /home/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 # Configuring submission port for auth through dovecot # http://www.postfix.org/SASL_README.html#server_sasl_enable smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes # ----- broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination #virtual_create_maildirsize = yes #virtual_maildir_extended = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps #virtual_transport = dovecot virtual_transport = virtual #transport_maps = hash:/etc/postfix/transport dovecot_destination_recipient_limit = 1 #content_filter = smtp-amavis:[127.0.0.1]:10024
/etc/postfix/master.cf
# Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING #smtps inet n - - - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} procmail unix - n n - - pipe flags=RO user=vmail argv=/usr/bin/procmail -t -m USER=${user} EXTENSION=${extension} DOMAIN=${domain} /etc/postfix/procmailrc.common # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} postfixfilter unix - n n - - pipe flags=Rq user=vmail argv=/etc/postfix/spamfilter -f ${sender} -- ${recipient} # Options for the filter #smtp-amavis unix - - - - 2 smtp # -o smtp_data_done_timeout=1200 # -o smtp_send_xforward_command=yes # -o disable_dns_lookups=yes # -o max_use=20 # Listener for filtered mail 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
/etc/postfix/procmailrc.common
SHELL="/bin/bash" SENDMAIL="/usr/sbin/sendmail -oi -t" LOGFILE="/var/log/procmail.log" DELIVER=/usr/lib/dovecot/deliver # fallback: DEFAULT="$HOME/Maildir/" MAILDIR="$HOME/Maildir/" :0 w * ^X-Spam-Status: Yes | $DELIVER -m spam :0 w | $DELIVER
Why is it that when I send an email to my self procmail.log is not even created. It seems mails currently just getting lost since not even dovecot is picking it up.
-
dg99 almost 10 yearsI don't have much
postfix
knowledge -- I invokeprocmail
after the mail recipient has been determined (either bysendmail
orfetchmail
). As a result, my procmail always runs as the recipient user. So for me specifying the LOGFILE path inside /var/log would result in a permissions error. Could that be the reason why your procmail log is not being created?
-
-
Jari Turkia about 3 yearsHow would you achieve the same without Procmail? Even author is pleading to Linux distros for not to package Procmail anymore and users to stop distributing and using.
-
vinc17 about 3 years@JariTurkia From the postfix point of view, you can use any mail delivery agent in a similar way, with the same syntax. The only thing that potentially changes is the arguments and the configuration file of the mail delivery agent. The
postconf(5)
man page gives some examples, such asmailbox_command = /some/where/maildrop -d "$USER" -f "$SENDER" "$EXTENSION"
.