[Valvula] Valvula does not filter any emails

Francis Brosnan Blázquez francis.brosnan en aspl.es
Mie Feb 6 18:00:58 CET 2019


Hello Oscar,

How are you testing your solution to come to the conclusion valvula is
not filtering?

What about log files at /var/log/{syslog,messages}?

First impression is that your configuration is ok...


El mié, 06-02-2019 a las 11:51 -0500, Oscar Manuel Seoane Cereijo
escribió:

> Hello
> 
> I am testing a solution based on postfix, haproxy and valvula. I have a server with haproxy like a load balancer. Also I have three servers with galera (MariaDB Cluster) and valvula installed. 
> 
> The problem is valvula does not filter any mails.
> 
> The load balancer (haproxy) runs fine.
> Galera runs ok on the three servers.
> Valvula does not have any errors.
> Postfix have open relay to my network and runs ok.
> 
> [root en mfgalera1 ~]# valvulad -b
> INFO: Database connection working OK
> 
> [root en mfgalera1 ~]# netstat -ntpl
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
> tcp        0      0 127.0.0.1:3080          0.0.0.0:*               LISTEN      5291/valvulad       
> tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      5127/mysqld         
> tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      4765/sshd           
> tcp        0      0 0.0.0.0:4567            0.0.0.0:*               LISTEN      5127/mysqld         
> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      4911/master         
> tcp6       0      0 :::22                   :::*                    LISTEN      4765/sshd           
> tcp6       0      0 :::25                   :::*                    LISTEN      4911/master   
> 
> [root en mfgalera1 ~]# systemctl status postfix
> postfix.service - Postfix Mail Transport Agent
>    Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
>    Active: active (running) since mar 2019-02-05 12:29:57 CST; 22h ago
>   Process: 4798 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
>   Process: 4786 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
>   Process: 4763 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
>  Main PID: 4911 (master)
>    CGroup: /system.slice/postfix.service
>            ├─3374 pickup -l -t unix -u
>            ├─4911 /usr/libexec/postfix/master -w
>            ├─4919 qmgr -l -t unix -u
>            ├─6193 smtpd -n smtp -t inet -u -o stress= -s 2 -o smtpd_recipient_restrictions=check_policy_service,inet:127.0.0.1:3080,permit_mynetworks,permit_sasl_authenticated,reject
>            └─6194 proxymap -t unix -u
> 
> And this is my valvula.conf
> 
> <?xml version='1.0' ?>
> <valvula>
>     <!-- -*- nxml -*- -->
>     <!-- server configuration -->
>     <global-settings>
>         <!-- make valvula server to run with a low privileges user -->
>         <running user='valvulad' group='valvulad' enabled='no' />
>         <!-- uncomment the following instruction to make valvula to log
>          all SQL sentences run by the engine. It is not recommended to
>          have it enabled by default: it create lots of logs -->
>         <!-- <debug-queries debug="yes" /> -->
>         <log-reporting enabled='yes' use-syslog='yes' />
>         <!-- Default signal action to take when a wrong signal is recevied (SIGSEGV or SIGABRT).
> 	 reexec : do a fresh server restart
> 	 hold : holds the process until it is killed for debugging.
> 	 backtrace : prints a backtrace to the console
> 	 default : if nothing is configured, kills the process after receiving this signal
>     -->
>         <signal action='reexec' />
>         <!-- request line limit (leave it as is unless you know what you
>          are doing). This is the number of lines a request can have
>          before closing the connection. A request should be served in
>          80 lines as much. -->
>         <request-line limit='80' />
>     </global-settings>
>     <!-- GENERAL: configuration -->
>     <general>
>         <listen host='127.0.0.1' port='3080'>
>             <run module='mod-mquota' />
>         </listen>
>     </general>
>     <database>
>         <!-- default mysql configuration -->
>         <config driver='mysql' dbname='policyv' user='root' password='' host='localhost' port='' />
>     </database>
>     <enviroment>
>         <!-- the following declaration will make valvula server to detect
>          postfix configuration by opening its configuration, and
>          taking a look into virtual_mailbox_domains and other postfix
>          declarations. If everything works ok, the server will be able
>          to know what domains, accounts and aliases are considered
>          local so valvula can make better decisions. -->
>         <local-domains config='autodetect' />
>         <!-- if previous declaration does not work, try one these -->
>         <!-- <local-domains config="mysql:user:password:database:hosts:SELECT domain FROM domain_table WHERE domain='%s' AND is_active = 1" /> -->
>         <!-- <local-domains config="file:///etc/postfix/local_domains" /> -->
>         <!-- mod-slm configuration -->
>         <!-- Last paramter (allow-empty-mail-from) will allow sending empty mail from:<> as defined by RFC. This is 
>          something that should be left enabled if you want to get DSN and/or mail error notifications. 
>          Of course, there are people that do not agree. If any case, if you want a recommendation, leave it on (yes).
>          For more information see: https://lists.debian.org/debian-isp/2004/01/msg00259.html
> 
>          If nothing is configured, it is assumed allow-empty-mail-from="yes"
>     -->
>         <sender-login-mismatch mode='same-domain' allow-empty-mail-from='yes' />
>         <!-- sending and receiving quotas: used by mod-mquota  -->
>         <default-sending-quota status='full' if-no-match='first' debug='yes'>
>             <!-- account limit: 150/minute,  250/hour  and  750/global from 09:00 to 21:00 
>            domain limit:  300/minute, 500/hour  and 2500/global 
> 
>            note: use -1 to disable any of the limits.  
>            For example, to disable global limit, use globa-limit="-1" 
>       -->
>             <limit label='day quota' from='9:00' to='21:00' status='full' minute-limit='15' hour-limit='100' global-limit='300' domain-minute-limit='15' domain-hour-limit='100' domain-global-limit='300' />
>             <!-- limit 15/minute, 50/hour  and 150/global from 21:00 to 09:00 -->
>             <limit label='night quota' from='21:00' to='9:00' status='full' minute-limit='5' hour-limit='50' global-limit='150' domain-minute-limit='5' domain-hour-limit='50' domain-global-limit='150' />
>         </default-sending-quota>
>         <!-- <bwl debug="no" /> -->
>         <!-- <lmm debug="no" /> -->
>         <!-- mod-mw : mysql works -->
>         <!-- It allows to run user defined sql queries with the provided
>          credentials. Each SQL query is then personalized with support
>          substitutions. All substitutions takes the value indicated or
>          evals to emtpy string. -->
>         <!-- Allowed substitutions are: 
> 
> 	 - #queue-id# if defined, it is replaced by reported queue id
> 	 - #size# if defined, it is replaced by reported size (single size, you may have to consider having this value by #rpct-count# to have actual size to handle/send.
> 	 - #sasl_user# if defined, it is replaced by sasl user account used.
> 	 - #mail-from# if defined, it is replaced by mail from: reported account used.
> 	 - #rcpt-count# if defined, it is replaced by reported recipient count (recipient_count reported by postfix).This value is only reliable if valvula is connected to smtpd_data_restrictions.
> 	 - #rcpt-to# if defined, it is replaced by reported rcpt to: This value isn't reliable if connected to smtpd_data_restrictions (it may be empty for multi recipients operations). Connect valvula to smtpd_sender_restrictions if you want a reliable #rcpt-to# value.
> 	 - #client-address# if defined, it is replaced by reported connecting ip
>     -->
>         <!-- configuration example follows: -->
>         <!-- 
>       <mysql-works>
>       <with-db-def use="valvula" port="3579"> 
> 	<run-on-request sql="INSERT INTO example_table (sasl_user, mail_from, rcpt_count) VALUES ('#sasl_user#', '#mail-from#', '#rcpt-count#')" />
> 	<run-every-hour sql="DELETE FROM example_table" />
>       </with-db-def>
>     </mysql-works> -->
>     </enviroment>
>     <!-- MODULE: configuration -->
>     <modules>
>         <!-- directory where to find modules to load -->
>         <directory src='/etc/valvula/mods-enabled' />
>     </modules>
> </valvula>
> 
> Any idea?
> 
> Best regards.
> _______________________________________________
> Valvula mailing list
> Valvula en lists.aspl.es
> http://lists.aspl.es/cgi-bin/mailman/listinfo/valvula


------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://lists.aspl.es/pipermail/valvula/attachments/20190206/c9230b6a/attachment-0001.html>


Más información sobre la lista de distribución Valvula