[Valvula] Valvula does not filter any emails
Francis Brosnan Blázquez
francis.brosnan en aspl.es
Mie Feb 6 18:00:58 CET 2019
Hello Oscar,
How are you testing your solution to come to the conclusion valvula is
not filtering?
What about log files at /var/log/{syslog,messages}?
First impression is that your configuration is ok...
El mié, 06-02-2019 a las 11:51 -0500, Oscar Manuel Seoane Cereijo
escribió:
> Hello
>
> I am testing a solution based on postfix, haproxy and valvula. I have a server with haproxy like a load balancer. Also I have three servers with galera (MariaDB Cluster) and valvula installed.
>
> The problem is valvula does not filter any mails.
>
> The load balancer (haproxy) runs fine.
> Galera runs ok on the three servers.
> Valvula does not have any errors.
> Postfix have open relay to my network and runs ok.
>
> [root en mfgalera1 ~]# valvulad -b
> INFO: Database connection working OK
>
> [root en mfgalera1 ~]# netstat -ntpl
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
> tcp 0 0 127.0.0.1:3080 0.0.0.0:* LISTEN 5291/valvulad
> tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 5127/mysqld
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4765/sshd
> tcp 0 0 0.0.0.0:4567 0.0.0.0:* LISTEN 5127/mysqld
> tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 4911/master
> tcp6 0 0 :::22 :::* LISTEN 4765/sshd
> tcp6 0 0 :::25 :::* LISTEN 4911/master
>
> [root en mfgalera1 ~]# systemctl status postfix
> postfix.service - Postfix Mail Transport Agent
> Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
> Active: active (running) since mar 2019-02-05 12:29:57 CST; 22h ago
> Process: 4798 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
> Process: 4786 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
> Process: 4763 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
> Main PID: 4911 (master)
> CGroup: /system.slice/postfix.service
> ├─3374 pickup -l -t unix -u
> ├─4911 /usr/libexec/postfix/master -w
> ├─4919 qmgr -l -t unix -u
> ├─6193 smtpd -n smtp -t inet -u -o stress= -s 2 -o smtpd_recipient_restrictions=check_policy_service,inet:127.0.0.1:3080,permit_mynetworks,permit_sasl_authenticated,reject
> └─6194 proxymap -t unix -u
>
> And this is my valvula.conf
>
> <?xml version='1.0' ?>
> <valvula>
> <!-- -*- nxml -*- -->
> <!-- server configuration -->
> <global-settings>
> <!-- make valvula server to run with a low privileges user -->
> <running user='valvulad' group='valvulad' enabled='no' />
> <!-- uncomment the following instruction to make valvula to log
> all SQL sentences run by the engine. It is not recommended to
> have it enabled by default: it create lots of logs -->
> <!-- <debug-queries debug="yes" /> -->
> <log-reporting enabled='yes' use-syslog='yes' />
> <!-- Default signal action to take when a wrong signal is recevied (SIGSEGV or SIGABRT).
> reexec : do a fresh server restart
> hold : holds the process until it is killed for debugging.
> backtrace : prints a backtrace to the console
> default : if nothing is configured, kills the process after receiving this signal
> -->
> <signal action='reexec' />
> <!-- request line limit (leave it as is unless you know what you
> are doing). This is the number of lines a request can have
> before closing the connection. A request should be served in
> 80 lines as much. -->
> <request-line limit='80' />
> </global-settings>
> <!-- GENERAL: configuration -->
> <general>
> <listen host='127.0.0.1' port='3080'>
> <run module='mod-mquota' />
> </listen>
> </general>
> <database>
> <!-- default mysql configuration -->
> <config driver='mysql' dbname='policyv' user='root' password='' host='localhost' port='' />
> </database>
> <enviroment>
> <!-- the following declaration will make valvula server to detect
> postfix configuration by opening its configuration, and
> taking a look into virtual_mailbox_domains and other postfix
> declarations. If everything works ok, the server will be able
> to know what domains, accounts and aliases are considered
> local so valvula can make better decisions. -->
> <local-domains config='autodetect' />
> <!-- if previous declaration does not work, try one these -->
> <!-- <local-domains config="mysql:user:password:database:hosts:SELECT domain FROM domain_table WHERE domain='%s' AND is_active = 1" /> -->
> <!-- <local-domains config="file:///etc/postfix/local_domains" /> -->
> <!-- mod-slm configuration -->
> <!-- Last paramter (allow-empty-mail-from) will allow sending empty mail from:<> as defined by RFC. This is
> something that should be left enabled if you want to get DSN and/or mail error notifications.
> Of course, there are people that do not agree. If any case, if you want a recommendation, leave it on (yes).
> For more information see: https://lists.debian.org/debian-isp/2004/01/msg00259.html
>
> If nothing is configured, it is assumed allow-empty-mail-from="yes"
> -->
> <sender-login-mismatch mode='same-domain' allow-empty-mail-from='yes' />
> <!-- sending and receiving quotas: used by mod-mquota -->
> <default-sending-quota status='full' if-no-match='first' debug='yes'>
> <!-- account limit: 150/minute, 250/hour and 750/global from 09:00 to 21:00
> domain limit: 300/minute, 500/hour and 2500/global
>
> note: use -1 to disable any of the limits.
> For example, to disable global limit, use globa-limit="-1"
> -->
> <limit label='day quota' from='9:00' to='21:00' status='full' minute-limit='15' hour-limit='100' global-limit='300' domain-minute-limit='15' domain-hour-limit='100' domain-global-limit='300' />
> <!-- limit 15/minute, 50/hour and 150/global from 21:00 to 09:00 -->
> <limit label='night quota' from='21:00' to='9:00' status='full' minute-limit='5' hour-limit='50' global-limit='150' domain-minute-limit='5' domain-hour-limit='50' domain-global-limit='150' />
> </default-sending-quota>
> <!-- <bwl debug="no" /> -->
> <!-- <lmm debug="no" /> -->
> <!-- mod-mw : mysql works -->
> <!-- It allows to run user defined sql queries with the provided
> credentials. Each SQL query is then personalized with support
> substitutions. All substitutions takes the value indicated or
> evals to emtpy string. -->
> <!-- Allowed substitutions are:
>
> - #queue-id# if defined, it is replaced by reported queue id
> - #size# if defined, it is replaced by reported size (single size, you may have to consider having this value by #rpct-count# to have actual size to handle/send.
> - #sasl_user# if defined, it is replaced by sasl user account used.
> - #mail-from# if defined, it is replaced by mail from: reported account used.
> - #rcpt-count# if defined, it is replaced by reported recipient count (recipient_count reported by postfix).This value is only reliable if valvula is connected to smtpd_data_restrictions.
> - #rcpt-to# if defined, it is replaced by reported rcpt to: This value isn't reliable if connected to smtpd_data_restrictions (it may be empty for multi recipients operations). Connect valvula to smtpd_sender_restrictions if you want a reliable #rcpt-to# value.
> - #client-address# if defined, it is replaced by reported connecting ip
> -->
> <!-- configuration example follows: -->
> <!--
> <mysql-works>
> <with-db-def use="valvula" port="3579">
> <run-on-request sql="INSERT INTO example_table (sasl_user, mail_from, rcpt_count) VALUES ('#sasl_user#', '#mail-from#', '#rcpt-count#')" />
> <run-every-hour sql="DELETE FROM example_table" />
> </with-db-def>
> </mysql-works> -->
> </enviroment>
> <!-- MODULE: configuration -->
> <modules>
> <!-- directory where to find modules to load -->
> <directory src='/etc/valvula/mods-enabled' />
> </modules>
> </valvula>
>
> Any idea?
>
> Best regards.
> _______________________________________________
> Valvula mailing list
> Valvula en lists.aspl.es
> http://lists.aspl.es/cgi-bin/mailman/listinfo/valvula
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://lists.aspl.es/pipermail/valvula/attachments/20190206/c9230b6a/attachment-0001.html>
Más información sobre la lista de distribución Valvula