[Valvula] Valvula does not filter any emails
Francis Brosnan Blázquez
francis.brosnan en aspl.es
Mie Feb 6 19:23:33 CET 2019
Hello Oscar,
Given your logs, valvula is not receiving any indication about emails
your are sending...which also means postfix is not receiving those
emails to be filtered or at least the smtpd postfix process connected
to valvula.
The pipeline you are describing (more or less) is:
Your client SMTP software ->
contacts with your haproxy at some port ->
Haproxy contacts postfix at 25 ->
postfix (due to smtpd_recipient_restrictions=) contacts
valvula at 3080 ->
valvula generate a DUNNO, OK, REJECT or error log.
Because at some point this pipeline is not connected, valvula is not
receiving any request to reject, accept or whatever...
Once you manage to contact your postfix and have your postfix contact
valvula, you will see it working..
El mié, 06-02-2019 a las 12:55 -0500, Oscar Manuel Seoane Cereijo
escribió:
> Hello Francis.
>
> Thanks for your answer.
>
> If I send a pack of 100 mails, all emails arrives on the destination.
> Ten minutes after, If I send another pack of 500 emails, all arrives on the destination.
>
> All emails are sending from the same account using a script.
>
> tail -f /var/log/messages
>
> Feb 6 11:21:01 mfgalera1 check-valvulad.py: check-valvula: info: Valvulad server is working right
>
> Regards
>
>
> El Mie, 6 de Feb de 19, a las 11:02 AM, Francis Brosnan Blázquez escribió:
> > Hello Oscar,
> >
> > How are you testing your solution to come to the conclusion valvula is
> > not filtering?
> >
> > What about log files at /var/log/{syslog,messages}?
> >
> > First impression is that your configuration is ok...
> >
> >
> > El mié, 06-02-2019 a las 11:51 -0500, Oscar Manuel Seoane Cereijo
> > escribió: Hello
> >
> > I am testing a solution based on postfix, haproxy and valvula. I have a
> > server with haproxy like a load balancer. Also I have three servers
> > with galera (MariaDB Cluster) and valvula installed.
> >
> > The problem is valvula does not filter any mails.
> >
> > The load balancer (haproxy) runs fine.
> > Galera runs ok on the three servers.
> > Valvula does not have any errors.
> > Postfix have open relay to my network and runs ok.
> >
> > [root en mfgalera1 ~]# valvulad -b
> > INFO: Database connection working OK
> >
> > [root en mfgalera1 ~]# netstat -ntpl
> > Active Internet connections (only servers)
> > Proto Recv-Q Send-Q Local Address Foreign Address
> > State PID/Program name
> > tcp 0 0 127.0.0.1:3080 0.0.0.0:*
> > LISTEN 5291/valvulad
> > tcp 0 0 0.0.0.0:3306 0.0.0.0:*
> > LISTEN 5127/mysqld
> > tcp 0 0 0.0.0.0:22 0.0.0.0:*
> > LISTEN 4765/sshd
> > tcp 0 0 0.0.0.0:4567 0.0.0.0:*
> > LISTEN 5127/mysqld
> > tcp 0 0 0.0.0.0:25 0.0.0.0:*
> > LISTEN 4911/master
> > tcp6 0 0 :::22 :::*
> > LISTEN 4765/sshd
> > tcp6 0 0 :::25 :::*
> > LISTEN 4911/master
> >
> > [root en mfgalera1 ~]# systemctl status postfix
> > postfix.service - Postfix Mail Transport Agent
> > Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled;
> > vendor preset: disabled)
> > Active: active (running) since mar 2019-02-05 12:29:57 CST; 22h ago
> > Process: 4798 ExecStart=/usr/sbin/postfix start (code=exited,
> > status=0/SUCCESS)
> > Process: 4786 ExecStartPre=/usr/libexec/postfix/chroot-update
> > (code=exited, status=0/SUCCESS)
> > Process: 4763 ExecStartPre=/usr/libexec/postfix/aliasesdb
> > (code=exited, status=0/SUCCESS)
> > Main PID: 4911 (master)
> > CGroup: /system.slice/postfix.service
> > ├─3374 pickup -l -t unix -u
> > ├─4911 /usr/libexec/postfix/master -w
> > ├─4919 qmgr -l -t unix -u
> > ├─6193 smtpd -n smtp -t inet -u -o stress= -s 2 -o
> > smtpd_recipient_restrictions=check_policy_service,inet:127.0.0.1:3080,permit_mynetworks,permit_sasl_authenticated,reject
> > └─6194 proxymap -t unix -u
> >
> > And this is my valvula.conf
> >
> > <?xml version='1.0' ?>
> > <valvula>
> > <!-- -*- nxml -*- -->
> > <!-- server configuration -->
> > <global-settings>
> > <!-- make valvula server to run with a low privileges user -->
> > <running user='valvulad' group='valvulad' enabled='no' />
> > <!-- uncomment the following instruction to make valvula to log
> > all SQL sentences run by the engine. It is not recommended to
> > have it enabled by default: it create lots of logs -->
> > <!-- <debug-queries debug="yes" /> -->
> > <log-reporting enabled='yes' use-syslog='yes' />
> > <!-- Default signal action to take when a wrong signal is
> > recevied (SIGSEGV or SIGABRT).
> > reexec : do a fresh server restart
> > hold : holds the process until it is killed for debugging.
> > backtrace : prints a backtrace to the console
> > default : if nothing is configured, kills the process after receiving
> > this signal
> > -->
> > <signal action='reexec' />
> > <!-- request line limit (leave it as is unless you know what you
> > are doing). This is the number of lines a request can have
> > before closing the connection. A request should be served in
> > 80 lines as much. -->
> > <request-line limit='80' />
> > </global-settings>
> > <!-- GENERAL: configuration -->
> > <general>
> > <listen host='127.0.0.1' port='3080'>
> > <run module='mod-mquota' />
> > </listen>
> > </general>
> > <database>
> > <!-- default mysql configuration -->
> > <config driver='mysql' dbname='policyv' user='root' password=''
> > host='localhost' port='' />
> > </database>
> > <enviroment>
> > <!-- the following declaration will make valvula server to
> > detect
> > postfix configuration by opening its configuration, and
> > taking a look into virtual_mailbox_domains and other postfix
> > declarations. If everything works ok, the server will be able
> > to know what domains, accounts and aliases are considered
> > local so valvula can make better decisions. -->
> > <local-domains config='autodetect' />
> > <!-- if previous declaration does not work, try one these -->
> > <!-- <local-domains
> > config="mysql:user:password:database:hosts:SELECT domain FROM
> > domain_table WHERE domain='%s' AND is_active = 1" /> -->
> > <!-- <local-domains config="file:///etc/postfix/local_domains"
> > <file:///etc/postfix/local_domains%3E> /> -->
> > <!-- mod-slm configuration -->
> > <!-- Last paramter (allow-empty-mail-from) will allow sending
> > empty mail from:<> as defined by RFC. This is
> > something that should be left enabled if you want to get DSN
> > and/or mail error notifications.
> > Of course, there are people that do not agree. If any case, if
> > you want a recommendation, leave it on (yes).
> > For more information see:
> > https://lists.debian.org/debian-isp/2004/01/msg00259.html
> >
> > If nothing is configured, it is assumed
> > allow-empty-mail-from="yes"
> > -->
> > <sender-login-mismatch mode='same-domain'
> > allow-empty-mail-from='yes' />
> > <!-- sending and receiving quotas: used by mod-mquota -->
> > <default-sending-quota status='full' if-no-match='first'
> > debug='yes'>
> > <!-- account limit: 150/minute, 250/hour and 750/global
> > from 09:00 to 21:00
> > domain limit: 300/minute, 500/hour and 2500/global
> >
> > note: use -1 to disable any of the limits.
> > For example, to disable global limit, use globa-limit="-1"
> > -->
> > <limit label='day quota' from='9:00' to='21:00'
> > status='full' minute-limit='15' hour-limit='100' global-limit='300'
> > domain-minute-limit='15' domain-hour-limit='100'
> > domain-global-limit='300' />
> > <!-- limit 15/minute, 50/hour and 150/global from 21:00 to
> > 09:00 -->
> > <limit label='night quota' from='21:00' to='9:00'
> > status='full' minute-limit='5' hour-limit='50' global-limit='150'
> > domain-minute-limit='5' domain-hour-limit='50'
> > domain-global-limit='150' />
> > </default-sending-quota>
> > <!-- <bwl debug="no" /> -->
> > <!-- <lmm debug="no" /> -->
> > <!-- mod-mw : mysql works -->
> > <!-- It allows to run user defined sql queries with the provided
> > credentials. Each SQL query is then personalized with support
> > substitutions. All substitutions takes the value indicated or
> > evals to emtpy string. -->
> > <!-- Allowed substitutions are:
> >
> > - #queue-id# if defined, it is replaced by reported queue id
> > - #size# if defined, it is replaced by reported size (single size,
> > you may have to consider having this value by #rpct-count# to have
> > actual size to handle/send.
> > - #sasl_user# if defined, it is replaced by sasl user account used.
> > - #mail-from# if defined, it is replaced by mail from: reported
> > account used.
> > - #rcpt-count# if defined, it is replaced by reported recipient count
> > (recipient_count reported by postfix).This value is only reliable if
> > valvula is connected to smtpd_data_restrictions.
> > - #rcpt-to# if defined, it is replaced by reported rcpt to: This
> > value isn't reliable if connected to smtpd_data_restrictions (it may be
> > empty for multi recipients operations). Connect valvula to
> > smtpd_sender_restrictions if you want a reliable #rcpt-to# value.
> > - #client-address# if defined, it is replaced by reported connecting
> > ip
> > -->
> > <!-- configuration example follows: -->
> > <!--
> > <mysql-works>
> > <with-db-def use="valvula" port="3579">
> > <run-on-request sql="INSERT INTO example_table (sasl_user, mail_from,
> > rcpt_count) VALUES ('#sasl_user#', '#mail-from#', '#rcpt-count#')" />
> > <run-every-hour sql="DELETE FROM example_table" />
> > </with-db-def>
> > </mysql-works> -->
> > </enviroment>
> > <!-- MODULE: configuration -->
> > <modules>
> > <!-- directory where to find modules to load -->
> > <directory src='/etc/valvula/mods-enabled' />
> > </modules>
> > </valvula>
> >
> > Any idea?
> >
> > Best regards.
> > _______________________________________________
> > Valvula mailing list
> > > Valvula en lists.aspl.es
> > > http://lists.aspl.es/cgi-bin/mailman/listinfo/valvula
> > >
> >
--
Francis Brosnan Blázquez -- ASPL --ASPLhosting
Foro de soporte: https://support.asplhosting.com
Síguenos en Twitter: @aspl_es @asplhosting
91 134 14 22 - 91 134 14 45
http://asplhosting.com
http://aspl.es
https://www.linkedin.com/in/francis-brosnan-bl%C3%A1zquez-1353a218/
AVISO LEGAL
Este mensaje se dirige exclusivamente a su destinatario. Los datos
incluidos en el presente correo son confidenciales y sometidos a
secreto profesional, se prohíbe divulgarlos, en virtud de las leyes
vigentes. Si usted no lo es y lo ha recibido por error o tiene
conocimiento del mismo por cualquier motivo, le rogamos que nos lo
comunique por este medio y proceda a destruirlo o borrarlo.
En virtud de lo dispuesto en la Ley Orgánica 15/1999, de 13 de
diciembre, de Protección de Datos de Carácter Personal, le informamos
de que sus datos de carácter personal, recogidos de fuentes accesibles
al público o datos que usted nos ha facilitado previamente, proceden de
bases de datos propiedad de Advanced Software Production Line, S.L.
(ASPL). No obstante, usted puede ejercitar sus derechos de acceso,
rectificación, cancelación y oposición dispuestos en la mencionada Ley
Orgánica, notificándolo por escrito a: ASPL - Protección Datos,
C/Antonio Suárez 10 A-102, 28802, Alcalá de Henares (Madrid).
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://lists.aspl.es/pipermail/valvula/attachments/20190206/448d023f/attachment-0001.html>
Más información sobre la lista de distribución Valvula