[Valvula] Valvula does not filter any emails

Oscar Manuel Seoane Cereijo oscar.seoane en osux64.com
Mie Feb 6 17:51:46 CET 2019


I am testing a solution based on postfix, haproxy and valvula. I have a server with haproxy like a load balancer. Also I have three servers with galera (MariaDB Cluster) and valvula installed. 

The problem is valvula does not filter any mails.

The load balancer (haproxy) runs fine.
Galera runs ok on the three servers.
Valvula does not have any errors.
Postfix have open relay to my network and runs ok.

[root en mfgalera1 ~]# valvulad -b
INFO: Database connection working OK

[root en mfgalera1 ~]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0*               LISTEN      5291/valvulad       
tcp        0      0  *               LISTEN      5127/mysqld         
tcp        0      0    *               LISTEN      4765/sshd           
tcp        0      0  *               LISTEN      5127/mysqld         
tcp        0      0    *               LISTEN      4911/master         
tcp6       0      0 :::22                   :::*                    LISTEN      4765/sshd           
tcp6       0      0 :::25                   :::*                    LISTEN      4911/master   

[root en mfgalera1 ~]# systemctl status postfix
postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
   Active: active (running) since mar 2019-02-05 12:29:57 CST; 22h ago
  Process: 4798 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
  Process: 4786 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
  Process: 4763 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
 Main PID: 4911 (master)
   CGroup: /system.slice/postfix.service
           ├─3374 pickup -l -t unix -u
           ├─4911 /usr/libexec/postfix/master -w
           ├─4919 qmgr -l -t unix -u
           ├─6193 smtpd -n smtp -t inet -u -o stress= -s 2 -o smtpd_recipient_restrictions=check_policy_service,inet:,permit_mynetworks,permit_sasl_authenticated,reject
           └─6194 proxymap -t unix -u

And this is my valvula.conf

<?xml version='1.0' ?>
    <!-- -*- nxml -*- -->
    <!-- server configuration -->
        <!-- make valvula server to run with a low privileges user -->
        <running user='valvulad' group='valvulad' enabled='no' />
        <!-- uncomment the following instruction to make valvula to log
         all SQL sentences run by the engine. It is not recommended to
         have it enabled by default: it create lots of logs -->
        <!-- <debug-queries debug="yes" /> -->
        <log-reporting enabled='yes' use-syslog='yes' />
        <!-- Default signal action to take when a wrong signal is recevied (SIGSEGV or SIGABRT).
	 reexec : do a fresh server restart
	 hold : holds the process until it is killed for debugging.
	 backtrace : prints a backtrace to the console
	 default : if nothing is configured, kills the process after receiving this signal
        <signal action='reexec' />
        <!-- request line limit (leave it as is unless you know what you
         are doing). This is the number of lines a request can have
         before closing the connection. A request should be served in
         80 lines as much. -->
        <request-line limit='80' />
    <!-- GENERAL: configuration -->
        <listen host='' port='3080'>
            <run module='mod-mquota' />
        <!-- default mysql configuration -->
        <config driver='mysql' dbname='policyv' user='root' password='' host='localhost' port='' />
        <!-- the following declaration will make valvula server to detect
         postfix configuration by opening its configuration, and
         taking a look into virtual_mailbox_domains and other postfix
         declarations. If everything works ok, the server will be able
         to know what domains, accounts and aliases are considered
         local so valvula can make better decisions. -->
        <local-domains config='autodetect' />
        <!-- if previous declaration does not work, try one these -->
        <!-- <local-domains config="mysql:user:password:database:hosts:SELECT domain FROM domain_table WHERE domain='%s' AND is_active = 1" /> -->
        <!-- <local-domains config="file:///etc/postfix/local_domains" /> -->
        <!-- mod-slm configuration -->
        <!-- Last paramter (allow-empty-mail-from) will allow sending empty mail from:<> as defined by RFC. This is 
         something that should be left enabled if you want to get DSN and/or mail error notifications. 
         Of course, there are people that do not agree. If any case, if you want a recommendation, leave it on (yes).
         For more information see: https://lists.debian.org/debian-isp/2004/01/msg00259.html

         If nothing is configured, it is assumed allow-empty-mail-from="yes"
        <sender-login-mismatch mode='same-domain' allow-empty-mail-from='yes' />
        <!-- sending and receiving quotas: used by mod-mquota  -->
        <default-sending-quota status='full' if-no-match='first' debug='yes'>
            <!-- account limit: 150/minute,  250/hour  and  750/global from 09:00 to 21:00 
           domain limit:  300/minute, 500/hour  and 2500/global 

           note: use -1 to disable any of the limits.  
           For example, to disable global limit, use globa-limit="-1" 
            <limit label='day quota' from='9:00' to='21:00' status='full' minute-limit='15' hour-limit='100' global-limit='300' domain-minute-limit='15' domain-hour-limit='100' domain-global-limit='300' />
            <!-- limit 15/minute, 50/hour  and 150/global from 21:00 to 09:00 -->
            <limit label='night quota' from='21:00' to='9:00' status='full' minute-limit='5' hour-limit='50' global-limit='150' domain-minute-limit='5' domain-hour-limit='50' domain-global-limit='150' />
        <!-- <bwl debug="no" /> -->
        <!-- <lmm debug="no" /> -->
        <!-- mod-mw : mysql works -->
        <!-- It allows to run user defined sql queries with the provided
         credentials. Each SQL query is then personalized with support
         substitutions. All substitutions takes the value indicated or
         evals to emtpy string. -->
        <!-- Allowed substitutions are: 

	 - #queue-id# if defined, it is replaced by reported queue id
	 - #size# if defined, it is replaced by reported size (single size, you may have to consider having this value by #rpct-count# to have actual size to handle/send.
	 - #sasl_user# if defined, it is replaced by sasl user account used.
	 - #mail-from# if defined, it is replaced by mail from: reported account used.
	 - #rcpt-count# if defined, it is replaced by reported recipient count (recipient_count reported by postfix).This value is only reliable if valvula is connected to smtpd_data_restrictions.
	 - #rcpt-to# if defined, it is replaced by reported rcpt to: This value isn't reliable if connected to smtpd_data_restrictions (it may be empty for multi recipients operations). Connect valvula to smtpd_sender_restrictions if you want a reliable #rcpt-to# value.
	 - #client-address# if defined, it is replaced by reported connecting ip
        <!-- configuration example follows: -->
      <with-db-def use="valvula" port="3579"> 
	<run-on-request sql="INSERT INTO example_table (sasl_user, mail_from, rcpt_count) VALUES ('#sasl_user#', '#mail-from#', '#rcpt-count#')" />
	<run-every-hour sql="DELETE FROM example_table" />
    </mysql-works> -->
    <!-- MODULE: configuration -->
        <!-- directory where to find modules to load -->
        <directory src='/etc/valvula/mods-enabled' />

Any idea?

Best regards.

Más información sobre la lista de distribución Valvula