<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/4.8.5">
</HEAD>
<BODY>
Hello Oscar,<BR>
<BR>
Given your logs, valvula is not receiving any indication about emails<BR>
your are sending...which also means postfix is not receiving those<BR>
emails to be filtered or at least the smtpd postfix process connected<BR>
to valvula.<BR>
<BR>
The pipeline you are describing (more or less) is:<BR>
<BR>
Your client SMTP software -><BR>
contacts with your haproxy at some port -><BR>
Haproxy contacts postfix at 25 -> <BR>
postfix (due to <FONT COLOR="#737373">smtpd_recipient_restrictions=</FONT>) contacts valvula at 3080 -><BR>
valvula generate a DUNNO, OK, REJECT or error log.<BR>
<BR>
Because at some point this pipeline is not connected, valvula is not<BR>
receiving any request to reject, accept or whatever...<BR>
<BR>
Once you manage to contact your postfix and have your postfix contact<BR>
valvula, you will see it working..<BR>
<BR>
El mié, 06-02-2019 a las 12:55 -0500, Oscar Manuel Seoane Cereijo escribió:
<BLOCKQUOTE TYPE=CITE>
<PRE>
Hello Francis.
Thanks for your answer.
If I send a pack of 100 mails, all emails arrives on the destination.
Ten minutes after, If I send another pack of 500 emails, all arrives on the destination.
All emails are sending from the same account using a script.
tail -f /var/log/messages
Feb 6 11:21:01 mfgalera1 check-valvulad.py: check-valvula: info: Valvulad server is working right
Regards
El Mie, 6 de Feb de 19, a las 11:02 AM, Francis Brosnan Blázquez escribió:
<FONT COLOR="#737373">> Hello Oscar,</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> How are you testing your solution to come to the conclusion valvula is</FONT>
<FONT COLOR="#737373">> not filtering?</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> What about log files at /var/log/{syslog,messages}?</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> First impression is that your configuration is ok...</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> El mié, 06-02-2019 a las 11:51 -0500, Oscar Manuel Seoane Cereijo </FONT>
<FONT COLOR="#737373">> escribió: Hello</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> I am testing a solution based on postfix, haproxy and valvula. I have a </FONT>
<FONT COLOR="#737373">> server with haproxy like a load balancer. Also I have three servers </FONT>
<FONT COLOR="#737373">> with galera (MariaDB Cluster) and valvula installed. </FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> The problem is valvula does not filter any mails.</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> The load balancer (haproxy) runs fine.</FONT>
<FONT COLOR="#737373">> Galera runs ok on the three servers.</FONT>
<FONT COLOR="#737373">> Valvula does not have any errors.</FONT>
<FONT COLOR="#737373">> Postfix have open relay to my network and runs ok.</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> [root@mfgalera1 ~]# valvulad -b</FONT>
<FONT COLOR="#737373">> INFO: Database connection working OK</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> [root@mfgalera1 ~]# netstat -ntpl</FONT>
<FONT COLOR="#737373">> Active Internet connections (only servers)</FONT>
<FONT COLOR="#737373">> Proto Recv-Q Send-Q Local Address Foreign Address </FONT>
<FONT COLOR="#737373">> State PID/Program name </FONT>
<FONT COLOR="#737373">> tcp 0 0 127.0.0.1:3080 0.0.0.0:* </FONT>
<FONT COLOR="#737373">> LISTEN 5291/valvulad </FONT>
<FONT COLOR="#737373">> tcp 0 0 0.0.0.0:3306 0.0.0.0:* </FONT>
<FONT COLOR="#737373">> LISTEN 5127/mysqld </FONT>
<FONT COLOR="#737373">> tcp 0 0 0.0.0.0:22 0.0.0.0:* </FONT>
<FONT COLOR="#737373">> LISTEN 4765/sshd </FONT>
<FONT COLOR="#737373">> tcp 0 0 0.0.0.0:4567 0.0.0.0:* </FONT>
<FONT COLOR="#737373">> LISTEN 5127/mysqld </FONT>
<FONT COLOR="#737373">> tcp 0 0 0.0.0.0:25 0.0.0.0:* </FONT>
<FONT COLOR="#737373">> LISTEN 4911/master </FONT>
<FONT COLOR="#737373">> tcp6 0 0 :::22 :::* </FONT>
<FONT COLOR="#737373">> LISTEN 4765/sshd </FONT>
<FONT COLOR="#737373">> tcp6 0 0 :::25 :::* </FONT>
<FONT COLOR="#737373">> LISTEN 4911/master </FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> [root@mfgalera1 ~]# systemctl status postfix</FONT>
<FONT COLOR="#737373">> postfix.service - Postfix Mail Transport Agent</FONT>
<FONT COLOR="#737373">> Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; </FONT>
<FONT COLOR="#737373">> vendor preset: disabled)</FONT>
<FONT COLOR="#737373">> Active: active (running) since mar 2019-02-05 12:29:57 CST; 22h ago</FONT>
<FONT COLOR="#737373">> Process: 4798 ExecStart=/usr/sbin/postfix start (code=exited, </FONT>
<FONT COLOR="#737373">> status=0/SUCCESS)</FONT>
<FONT COLOR="#737373">> Process: 4786 ExecStartPre=/usr/libexec/postfix/chroot-update </FONT>
<FONT COLOR="#737373">> (code=exited, status=0/SUCCESS)</FONT>
<FONT COLOR="#737373">> Process: 4763 ExecStartPre=/usr/libexec/postfix/aliasesdb </FONT>
<FONT COLOR="#737373">> (code=exited, status=0/SUCCESS)</FONT>
<FONT COLOR="#737373">> Main PID: 4911 (master)</FONT>
<FONT COLOR="#737373">> CGroup: /system.slice/postfix.service</FONT>
<FONT COLOR="#737373">> ├─3374 pickup -l -t unix -u</FONT>
<FONT COLOR="#737373">> ├─4911 /usr/libexec/postfix/master -w</FONT>
<FONT COLOR="#737373">> ├─4919 qmgr -l -t unix -u</FONT>
<FONT COLOR="#737373">> ├─6193 smtpd -n smtp -t inet -u -o stress= -s 2 -o </FONT>
<FONT COLOR="#737373">> smtpd_recipient_restrictions=check_policy_service,inet:127.0.0.1:3080,permit_mynetworks,permit_sasl_authenticated,reject</FONT>
<FONT COLOR="#737373">> └─6194 proxymap -t unix -u</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> And this is my valvula.conf</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> <?xml version='1.0' ?></FONT>
<FONT COLOR="#737373">> <valvula></FONT>
<FONT COLOR="#737373">> <!-- -*- nxml -*- --></FONT>
<FONT COLOR="#737373">> <!-- server configuration --></FONT>
<FONT COLOR="#737373">> <global-settings></FONT>
<FONT COLOR="#737373">> <!-- make valvula server to run with a low privileges user --></FONT>
<FONT COLOR="#737373">> <running user='valvulad' group='valvulad' enabled='no' /></FONT>
<FONT COLOR="#737373">> <!-- uncomment the following instruction to make valvula to log</FONT>
<FONT COLOR="#737373">> all SQL sentences run by the engine. It is not recommended to</FONT>
<FONT COLOR="#737373">> have it enabled by default: it create lots of logs --></FONT>
<FONT COLOR="#737373">> <!-- <debug-queries debug="yes" /> --></FONT>
<FONT COLOR="#737373">> <log-reporting enabled='yes' use-syslog='yes' /></FONT>
<FONT COLOR="#737373">> <!-- Default signal action to take when a wrong signal is </FONT>
<FONT COLOR="#737373">> recevied (SIGSEGV or SIGABRT).</FONT>
<FONT COLOR="#737373">> reexec : do a fresh server restart</FONT>
<FONT COLOR="#737373">> hold : holds the process until it is killed for debugging.</FONT>
<FONT COLOR="#737373">> backtrace : prints a backtrace to the console</FONT>
<FONT COLOR="#737373">> default : if nothing is configured, kills the process after receiving </FONT>
<FONT COLOR="#737373">> this signal</FONT>
<FONT COLOR="#737373">> --></FONT>
<FONT COLOR="#737373">> <signal action='reexec' /></FONT>
<FONT COLOR="#737373">> <!-- request line limit (leave it as is unless you know what you</FONT>
<FONT COLOR="#737373">> are doing). This is the number of lines a request can have</FONT>
<FONT COLOR="#737373">> before closing the connection. A request should be served in</FONT>
<FONT COLOR="#737373">> 80 lines as much. --></FONT>
<FONT COLOR="#737373">> <request-line limit='80' /></FONT>
<FONT COLOR="#737373">> </global-settings></FONT>
<FONT COLOR="#737373">> <!-- GENERAL: configuration --></FONT>
<FONT COLOR="#737373">> <general></FONT>
<FONT COLOR="#737373">> <listen host='127.0.0.1' port='3080'></FONT>
<FONT COLOR="#737373">> <run module='mod-mquota' /></FONT>
<FONT COLOR="#737373">> </listen></FONT>
<FONT COLOR="#737373">> </general></FONT>
<FONT COLOR="#737373">> <database></FONT>
<FONT COLOR="#737373">> <!-- default mysql configuration --></FONT>
<FONT COLOR="#737373">> <config driver='mysql' dbname='policyv' user='root' password='' </FONT>
<FONT COLOR="#737373">> host='localhost' port='' /></FONT>
<FONT COLOR="#737373">> </database></FONT>
<FONT COLOR="#737373">> <enviroment></FONT>
<FONT COLOR="#737373">> <!-- the following declaration will make valvula server to </FONT>
<FONT COLOR="#737373">> detect</FONT>
<FONT COLOR="#737373">> postfix configuration by opening its configuration, and</FONT>
<FONT COLOR="#737373">> taking a look into virtual_mailbox_domains and other postfix</FONT>
<FONT COLOR="#737373">> declarations. If everything works ok, the server will be able</FONT>
<FONT COLOR="#737373">> to know what domains, accounts and aliases are considered</FONT>
<FONT COLOR="#737373">> local so valvula can make better decisions. --></FONT>
<FONT COLOR="#737373">> <local-domains config='autodetect' /></FONT>
<FONT COLOR="#737373">> <!-- if previous declaration does not work, try one these --></FONT>
<FONT COLOR="#737373">> <!-- <local-domains </FONT>
<FONT COLOR="#737373">> config="mysql:user:password:database:hosts:SELECT domain FROM </FONT>
<FONT COLOR="#737373">> domain_table WHERE domain='%s' AND is_active = 1" /> --></FONT>
<FONT COLOR="#737373">> <!-- <local-domains config="<A HREF="file:///etc/postfix/local_domains>">file:///etc/postfix/local_domains"</A> </FONT>
<FONT COLOR="#737373">> <<A HREF="file:///etc/postfix/local_domains%3E">file:///etc/postfix/local_domains%3E</A>> /> --></FONT>
<FONT COLOR="#737373">> <!-- mod-slm configuration --></FONT>
<FONT COLOR="#737373">> <!-- Last paramter (allow-empty-mail-from) will allow sending </FONT>
<FONT COLOR="#737373">> empty mail from:<> as defined by RFC. This is </FONT>
<FONT COLOR="#737373">> something that should be left enabled if you want to get DSN </FONT>
<FONT COLOR="#737373">> and/or mail error notifications. </FONT>
<FONT COLOR="#737373">> Of course, there are people that do not agree. If any case, if </FONT>
<FONT COLOR="#737373">> you want a recommendation, leave it on (yes).</FONT>
<FONT COLOR="#737373">> For more information see: </FONT>
<FONT COLOR="#737373">> <A HREF="https://lists.debian.org/debian-isp/2004/01/msg00259.html">https://lists.debian.org/debian-isp/2004/01/msg00259.html</A></FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> If nothing is configured, it is assumed </FONT>
<FONT COLOR="#737373">> allow-empty-mail-from="yes"</FONT>
<FONT COLOR="#737373">> --></FONT>
<FONT COLOR="#737373">> <sender-login-mismatch mode='same-domain' </FONT>
<FONT COLOR="#737373">> allow-empty-mail-from='yes' /></FONT>
<FONT COLOR="#737373">> <!-- sending and receiving quotas: used by mod-mquota --></FONT>
<FONT COLOR="#737373">> <default-sending-quota status='full' if-no-match='first' </FONT>
<FONT COLOR="#737373">> debug='yes'></FONT>
<FONT COLOR="#737373">> <!-- account limit: 150/minute, 250/hour and 750/global </FONT>
<FONT COLOR="#737373">> from 09:00 to 21:00 </FONT>
<FONT COLOR="#737373">> domain limit: 300/minute, 500/hour and 2500/global </FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> note: use -1 to disable any of the limits. </FONT>
<FONT COLOR="#737373">> For example, to disable global limit, use globa-limit="-1" </FONT>
<FONT COLOR="#737373">> --></FONT>
<FONT COLOR="#737373">> <limit label='day quota' from='9:00' to='21:00' </FONT>
<FONT COLOR="#737373">> status='full' minute-limit='15' hour-limit='100' global-limit='300' </FONT>
<FONT COLOR="#737373">> domain-minute-limit='15' domain-hour-limit='100' </FONT>
<FONT COLOR="#737373">> domain-global-limit='300' /></FONT>
<FONT COLOR="#737373">> <!-- limit 15/minute, 50/hour and 150/global from 21:00 to </FONT>
<FONT COLOR="#737373">> 09:00 --></FONT>
<FONT COLOR="#737373">> <limit label='night quota' from='21:00' to='9:00' </FONT>
<FONT COLOR="#737373">> status='full' minute-limit='5' hour-limit='50' global-limit='150' </FONT>
<FONT COLOR="#737373">> domain-minute-limit='5' domain-hour-limit='50' </FONT>
<FONT COLOR="#737373">> domain-global-limit='150' /></FONT>
<FONT COLOR="#737373">> </default-sending-quota></FONT>
<FONT COLOR="#737373">> <!-- <bwl debug="no" /> --></FONT>
<FONT COLOR="#737373">> <!-- <lmm debug="no" /> --></FONT>
<FONT COLOR="#737373">> <!-- mod-mw : mysql works --></FONT>
<FONT COLOR="#737373">> <!-- It allows to run user defined sql queries with the provided</FONT>
<FONT COLOR="#737373">> credentials. Each SQL query is then personalized with support</FONT>
<FONT COLOR="#737373">> substitutions. All substitutions takes the value indicated or</FONT>
<FONT COLOR="#737373">> evals to emtpy string. --></FONT>
<FONT COLOR="#737373">> <!-- Allowed substitutions are: </FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> - #queue-id# if defined, it is replaced by reported queue id</FONT>
<FONT COLOR="#737373">> - #size# if defined, it is replaced by reported size (single size, </FONT>
<FONT COLOR="#737373">> you may have to consider having this value by #rpct-count# to have </FONT>
<FONT COLOR="#737373">> actual size to handle/send.</FONT>
<FONT COLOR="#737373">> - #sasl_user# if defined, it is replaced by sasl user account used.</FONT>
<FONT COLOR="#737373">> - #mail-from# if defined, it is replaced by mail from: reported </FONT>
<FONT COLOR="#737373">> account used.</FONT>
<FONT COLOR="#737373">> - #rcpt-count# if defined, it is replaced by reported recipient count </FONT>
<FONT COLOR="#737373">> (recipient_count reported by postfix).This value is only reliable if </FONT>
<FONT COLOR="#737373">> valvula is connected to smtpd_data_restrictions.</FONT>
<FONT COLOR="#737373">> - #rcpt-to# if defined, it is replaced by reported rcpt to: This </FONT>
<FONT COLOR="#737373">> value isn't reliable if connected to smtpd_data_restrictions (it may be </FONT>
<FONT COLOR="#737373">> empty for multi recipients operations). Connect valvula to </FONT>
<FONT COLOR="#737373">> smtpd_sender_restrictions if you want a reliable #rcpt-to# value.</FONT>
<FONT COLOR="#737373">> - #client-address# if defined, it is replaced by reported connecting </FONT>
<FONT COLOR="#737373">> ip</FONT>
<FONT COLOR="#737373">> --></FONT>
<FONT COLOR="#737373">> <!-- configuration example follows: --></FONT>
<FONT COLOR="#737373">> <!-- </FONT>
<FONT COLOR="#737373">> <mysql-works></FONT>
<FONT COLOR="#737373">> <with-db-def use="valvula" port="3579"> </FONT>
<FONT COLOR="#737373">> <run-on-request sql="INSERT INTO example_table (sasl_user, mail_from, </FONT>
<FONT COLOR="#737373">> rcpt_count) VALUES ('#sasl_user#', '#mail-from#', '#rcpt-count#')" /></FONT>
<FONT COLOR="#737373">> <run-every-hour sql="DELETE FROM example_table" /></FONT>
<FONT COLOR="#737373">> </with-db-def></FONT>
<FONT COLOR="#737373">> </mysql-works> --></FONT>
<FONT COLOR="#737373">> </enviroment></FONT>
<FONT COLOR="#737373">> <!-- MODULE: configuration --></FONT>
<FONT COLOR="#737373">> <modules></FONT>
<FONT COLOR="#737373">> <!-- directory where to find modules to load --></FONT>
<FONT COLOR="#737373">> <directory src='/etc/valvula/mods-enabled' /></FONT>
<FONT COLOR="#737373">> </modules></FONT>
<FONT COLOR="#737373">> </valvula></FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> Any idea?</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> Best regards.</FONT>
<FONT COLOR="#737373">> _______________________________________________</FONT>
<FONT COLOR="#737373">> Valvula mailing list</FONT>
<FONT COLOR="#737373">> > <A HREF="mailto:Valvula@lists.aspl.es">Valvula@lists.aspl.es</A></FONT>
<FONT COLOR="#737373">> > <A HREF="http://lists.aspl.es/cgi-bin/mailman/listinfo/valvula">http://lists.aspl.es/cgi-bin/mailman/listinfo/valvula</A></FONT>
<FONT COLOR="#737373">> > </FONT>
<FONT COLOR="#737373">></FONT>
</PRE>
</BLOCKQUOTE>
<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
-- <BR>
<BR>
Francis Brosnan Blázquez -- ASPL --ASPLhosting<BR>
Foro de soporte: <A HREF="https://support.asplhosting.com/">https://support.asplhosting.com</A><BR>
Síguenos en Twitter: @aspl_es @asplhosting<BR>
91 134 14 22 - 91 134 14 45 <BR>
<BR>
<A HREF="http://asplhosting.com">http://asplhosting.com</A> <BR>
<A HREF="http://aspl.es">http://aspl.es</A> <BR>
<A HREF="https://www.linkedin.com/in/francis-brosnan-bl%C3%A1zquez-1353a218/">https://www.linkedin.com/in/francis-brosnan-bl%C3%A1zquez-1353a218/</A><BR>
<BR>
AVISO LEGAL <BR>
<BR>
Este mensaje se dirige exclusivamente a su destinatario. Los datos<BR>
incluidos en el presente correo son confidenciales y sometidos a<BR>
secreto profesional, se prohíbe divulgarlos, en virtud de las leyes<BR>
vigentes. Si usted no lo es y lo ha recibido por error o tiene<BR>
conocimiento del mismo por cualquier motivo, le rogamos que nos lo<BR>
comunique por este medio y proceda a destruirlo o borrarlo. <BR>
<BR>
En virtud de lo dispuesto en la Ley Orgánica 15/1999, de 13 de<BR>
diciembre, de Protección de Datos de Carácter Personal, le informamos<BR>
de que sus datos de carácter personal, recogidos de fuentes accesibles<BR>
al público o datos que usted nos ha facilitado previamente, proceden de<BR>
bases de datos propiedad de Advanced Software Production Line, S.L.<BR>
(ASPL). No obstante, usted puede ejercitar sus derechos de acceso,<BR>
rectificación, cancelación y oposición dispuestos en la mencionada Ley<BR>
Orgánica, notificándolo por escrito a: ASPL - Protección Datos,<BR>
C/Antonio Suárez 10 A-102, 28802, Alcalá de Henares (Madrid).
</TD>
</TR>
</TABLE>
</BODY>
</HTML>