[Valvula] Valvula does not filter any emails
Oscar Manuel Seoane Cereijo
oscar.seoane en osux64.com
Mie Feb 6 17:51:46 CET 2019
Hello
I am testing a solution based on postfix, haproxy and valvula. I have a server with haproxy like a load balancer. Also I have three servers with galera (MariaDB Cluster) and valvula installed.
The problem is valvula does not filter any mails.
The load balancer (haproxy) runs fine.
Galera runs ok on the three servers.
Valvula does not have any errors.
Postfix have open relay to my network and runs ok.
[root en mfgalera1 ~]# valvulad -b
INFO: Database connection working OK
[root en mfgalera1 ~]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3080 0.0.0.0:* LISTEN 5291/valvulad
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 5127/mysqld
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4765/sshd
tcp 0 0 0.0.0.0:4567 0.0.0.0:* LISTEN 5127/mysqld
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 4911/master
tcp6 0 0 :::22 :::* LISTEN 4765/sshd
tcp6 0 0 :::25 :::* LISTEN 4911/master
[root en mfgalera1 ~]# systemctl status postfix
postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
Active: active (running) since mar 2019-02-05 12:29:57 CST; 22h ago
Process: 4798 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 4786 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 4763 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Main PID: 4911 (master)
CGroup: /system.slice/postfix.service
├─3374 pickup -l -t unix -u
├─4911 /usr/libexec/postfix/master -w
├─4919 qmgr -l -t unix -u
├─6193 smtpd -n smtp -t inet -u -o stress= -s 2 -o smtpd_recipient_restrictions=check_policy_service,inet:127.0.0.1:3080,permit_mynetworks,permit_sasl_authenticated,reject
└─6194 proxymap -t unix -u
And this is my valvula.conf
<?xml version='1.0' ?>
<valvula>
<!-- -*- nxml -*- -->
<!-- server configuration -->
<global-settings>
<!-- make valvula server to run with a low privileges user -->
<running user='valvulad' group='valvulad' enabled='no' />
<!-- uncomment the following instruction to make valvula to log
all SQL sentences run by the engine. It is not recommended to
have it enabled by default: it create lots of logs -->
<!-- <debug-queries debug="yes" /> -->
<log-reporting enabled='yes' use-syslog='yes' />
<!-- Default signal action to take when a wrong signal is recevied (SIGSEGV or SIGABRT).
reexec : do a fresh server restart
hold : holds the process until it is killed for debugging.
backtrace : prints a backtrace to the console
default : if nothing is configured, kills the process after receiving this signal
-->
<signal action='reexec' />
<!-- request line limit (leave it as is unless you know what you
are doing). This is the number of lines a request can have
before closing the connection. A request should be served in
80 lines as much. -->
<request-line limit='80' />
</global-settings>
<!-- GENERAL: configuration -->
<general>
<listen host='127.0.0.1' port='3080'>
<run module='mod-mquota' />
</listen>
</general>
<database>
<!-- default mysql configuration -->
<config driver='mysql' dbname='policyv' user='root' password='' host='localhost' port='' />
</database>
<enviroment>
<!-- the following declaration will make valvula server to detect
postfix configuration by opening its configuration, and
taking a look into virtual_mailbox_domains and other postfix
declarations. If everything works ok, the server will be able
to know what domains, accounts and aliases are considered
local so valvula can make better decisions. -->
<local-domains config='autodetect' />
<!-- if previous declaration does not work, try one these -->
<!-- <local-domains config="mysql:user:password:database:hosts:SELECT domain FROM domain_table WHERE domain='%s' AND is_active = 1" /> -->
<!-- <local-domains config="file:///etc/postfix/local_domains" /> -->
<!-- mod-slm configuration -->
<!-- Last paramter (allow-empty-mail-from) will allow sending empty mail from:<> as defined by RFC. This is
something that should be left enabled if you want to get DSN and/or mail error notifications.
Of course, there are people that do not agree. If any case, if you want a recommendation, leave it on (yes).
For more information see: https://lists.debian.org/debian-isp/2004/01/msg00259.html
If nothing is configured, it is assumed allow-empty-mail-from="yes"
-->
<sender-login-mismatch mode='same-domain' allow-empty-mail-from='yes' />
<!-- sending and receiving quotas: used by mod-mquota -->
<default-sending-quota status='full' if-no-match='first' debug='yes'>
<!-- account limit: 150/minute, 250/hour and 750/global from 09:00 to 21:00
domain limit: 300/minute, 500/hour and 2500/global
note: use -1 to disable any of the limits.
For example, to disable global limit, use globa-limit="-1"
-->
<limit label='day quota' from='9:00' to='21:00' status='full' minute-limit='15' hour-limit='100' global-limit='300' domain-minute-limit='15' domain-hour-limit='100' domain-global-limit='300' />
<!-- limit 15/minute, 50/hour and 150/global from 21:00 to 09:00 -->
<limit label='night quota' from='21:00' to='9:00' status='full' minute-limit='5' hour-limit='50' global-limit='150' domain-minute-limit='5' domain-hour-limit='50' domain-global-limit='150' />
</default-sending-quota>
<!-- <bwl debug="no" /> -->
<!-- <lmm debug="no" /> -->
<!-- mod-mw : mysql works -->
<!-- It allows to run user defined sql queries with the provided
credentials. Each SQL query is then personalized with support
substitutions. All substitutions takes the value indicated or
evals to emtpy string. -->
<!-- Allowed substitutions are:
- #queue-id# if defined, it is replaced by reported queue id
- #size# if defined, it is replaced by reported size (single size, you may have to consider having this value by #rpct-count# to have actual size to handle/send.
- #sasl_user# if defined, it is replaced by sasl user account used.
- #mail-from# if defined, it is replaced by mail from: reported account used.
- #rcpt-count# if defined, it is replaced by reported recipient count (recipient_count reported by postfix).This value is only reliable if valvula is connected to smtpd_data_restrictions.
- #rcpt-to# if defined, it is replaced by reported rcpt to: This value isn't reliable if connected to smtpd_data_restrictions (it may be empty for multi recipients operations). Connect valvula to smtpd_sender_restrictions if you want a reliable #rcpt-to# value.
- #client-address# if defined, it is replaced by reported connecting ip
-->
<!-- configuration example follows: -->
<!--
<mysql-works>
<with-db-def use="valvula" port="3579">
<run-on-request sql="INSERT INTO example_table (sasl_user, mail_from, rcpt_count) VALUES ('#sasl_user#', '#mail-from#', '#rcpt-count#')" />
<run-every-hour sql="DELETE FROM example_table" />
</with-db-def>
</mysql-works> -->
</enviroment>
<!-- MODULE: configuration -->
<modules>
<!-- directory where to find modules to load -->
<directory src='/etc/valvula/mods-enabled' />
</modules>
</valvula>
Any idea?
Best regards.
Más información sobre la lista de distribución Valvula