From: Wietse Venema on
Proniewski Patrick:
> Hello,
>
> I used to have a old SMTP server, with after-queue content filtering.
> My new setup involve a before-queue content filter (amavisd).
> Unfortunately, Amavisd is a little bit strict about the smtp
> session: it bounces email sent using "MAIL FROM: address" instead
> of "MAIL FROM:<address>".
> It's ok for my all my clients but one. It's an appliance, so I
> cannot change anything about its way to handle SMTP protocol.

Besides making this configurable for Amavisd-new, the other
option is to use the Postfix 2.7 smtpd_command_filter feature
to replace the RCPT TO command very carefully.

If the applicance sends mail to only one address, be sure to
modify only that RCPT TO command and nothing else.

Wietse

smtpd_command_filter (default: empty)
A mechanism to transform commands from remote SMTP clients. This is a
last-resort tool to work around client commands that break inter-oper-
ability with the Postfix SMTP server. Other uses involve fault injec-
tion to test Postfix's handling of invalid commands.

Specify the name of a "type:table" lookup table. The search string is
the SMTP command as received from the remote SMTP client, except that
initial whitespace and the trailing <CR><LF> are removed. The result
value is executed by the Postfix SMTP server.

There is no need to use smtpd_command_filter for the following cases:

o Use "resolve_numeric_domain = yes" to accept "user(a)ipaddress".

o Postfix already accepts the correct form "user@[ipaddress]". Use
virtual_alias_maps or canonical_maps to translate these into
domain names if necessary.

o Use "strict_rfc821_envelopes = no" to accept "RCPT TO:<User Name
<user(a)example.com>>". Postfix will ignore the "User Name" part
and deliver to the <user(a)example.com> address.

Examples of problems that can be solved with the smtpd_command_filter
feature:

/etc/postfix/main.cf:
smtpd_command_filter = pcre:/etc/postfix/command_filter

/etc/postfix/command_filter:
# Work around clients that send malformed HELO commands.
/^HELO\s*$/ HELO domain.invalid

# Work around clients that send empty lines.
/^\s*$/ NOOP

# Work around clients that send RCPT TO:<'user(a)domain'>.
# WARNING: do not lose the parameters that follow the address.
/^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/ RCPT TO:<$1>$2

# Bounce-never mail sink. Use notify_classes=bounce,resource,software
# to send bounced mail to the postmaster (with message body removed).
/^(RCPT\s+TO:.*?)\bNOTIFY=\S+\b(.*)/ $1 NOTIFY=NEVER $2
/^(RCPT\s+TO:.*)/ $1 NOTIFY=NEVER

This feature is available in Postfix 2.7.

From: Noel Jones on
On 6/9/2010 10:11 AM, Proniewski Patrick wrote:
> Hello,
>
> I used to have a old SMTP server, with after-queue content filtering. My new setup involve a before-queue content filter (amavisd). Unfortunately, Amavisd is a little bit strict about the smtp session: it bounces email sent using "MAIL FROM: address" instead of "MAIL FROM:<address>".
> It's ok for my all my clients but one. It's an appliance, so I cannot change anything about its way to handle SMTP protocol.
>
> Here is a debug session:
>
> smtp/smtpd[86566]: connect from extron.domain.tld[192.168.42.241]
> smtp/smtpd[86566]: match_hostaddr: 192.168.42.241 ~? 127.0.0.1
> smtp/smtpd[86566]: match_hostaddr: 192.168.42.241 ~? 192.168.0.0/16
> smtp/smtpd[86566]:> extron.domain.tld[192.168.42.241]: 220 smtp.domain.tld ESMTP
> smtp/smtpd[86566]:< extron.domain.tld[192.168.42.241]: HELO extron.domain.tld
> smtp/smtpd[86566]:> extron.domain.tld[192.168.42.241]: 250 smtp.domain.tld
> smtp/smtpd[86566]:< extron.domain.tld[192.168.42.241]: MAIL FROM: appliance(a)domain.tld
> smtp/smtpd[86566]:> extron.domain.tld[192.168.42.241]: 250 2.1.0 Ok
> smtp/smtpd[86566]:< extron.domain.tld[192.168.42.241]: RCPT TO: techservice(a)domain.tld
> smtp/smtpd[86566]: check_namadr_access: name extron.domain.tld addr 192.168.42.241
> smtp/smtpd[86566]: check_addr_access: 192.168.42.241
> smtp/smtpd[86566]: permit_mynetworks: extron.domain.tld 192.168.42.241
> smtp/smtpd[86566]: match_hostaddr: 192.168.42.241 ~? 127.0.0.1
> smtp/smtpd[86566]: match_hostaddr: 192.168.42.241 ~? 192.168.0.0/16
> smtp/smtpd[86566]:> 127.0.0.1:10024: XFORWARD NAME=extron.domain.tld ADDR=192.168.42.241 PORT=2488 HELO=extron.domain.tld PROTO=SMTP SOURCE=LOCAL
> smtp/smtpd[86566]:> extron.domain.tld[192.168.42.241]: 501 5.5.2 Syntax: MAIL FROM:<address>
> smtp/smtpd[86566]: match_hostaddr: 192.168.42.241 ~? 127.0.0.1
> smtp/smtpd[86566]: match_hostaddr: 192.168.42.241 ~? 192.168.0.0/16
> smtp/smtpd[86566]: lost connection after RCPT from extron.domain.tld[192.168.42.241]
> smtp/smtpd[86566]: disconnect from extron.domain.tld[192.168.42.241]
>
> I've read the Postfix documentation, especially this part:
>
>> The content filter should accept the same MAIL FROM and RCPT TO command syntax as the before-filter Postfix SMTP server, and should forward the commands without modification to the after-filter SMTP server. If the content filter or after-filter SMTP server does not support all the ESMTP features that the before-filter Postfix SMTP server supports, then the missing features must be turned off in the before-filter Postfix SMTP server with the smtpd_discard_ehlo_keywords parameter.
>
> I know the problem is on Amavisd's side. But I'm sure others have been confronted to this issue. Any idea other than patching amavisd?
>
> thanks,
>
> Patrick PRONIEWSKI


For problems with amavisd-new, better to ask on the
amavis-users list.

I don't think this is configurable in amavisd-new, in which
case the easiest solution is to redirect the problem client to
an unfiltered postfix listener.

Either have the client connect to a different IP:port, or use
firewall redirect rules.

-- Noel Jones