Postfix/Spamassassin/Milter error

Question

I set up a postfix email server following an article series from the linux babe for my company and it seems to be working fine with a couple of exceptions. In the maillog I am seeing the following warnings:

postfix/10025/smtpd[169161]: warning: milter inet:127.0.0.1:783: unreasonable packet length: 1397768525 > 1073741823
postfix/10025/smtpd[169161]: warning: milter inet:127.0.0.1:783: read error in initial handshake

Did anyone encounter this type of error?

Alma Linux 8
Postfix version 2:3.5.8-4.el8
Postgrey version 1.37-9.el8
Spamass-milter version 0.4.0-13.el8
Spamassassin version 3.4.6-1.el8

postfix/main.cf section:
<--- Start --->
policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
   permit_mynetworks
   permit_sasl_authenticated
   reject_unauth_destination
   check_policy_service unix:private/policyd-spf
   check_policy_service unix:postgrey/socket
   check_client_access hash:/etc/postfix/rbl_override
   reject_rhsbl_helo dbl.spamhaus.org
   reject_rhsbl_reverse_client dbl.spamhaus.org
   reject_rhsbl_sender dbl.spamhaus.org
   permit_dnswl_client list.dnswl.org=127.0.[0..255].[1..3]
   reject_rbl_client zen.spamhaus.org
##Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:783,unix:/run/spamass-milter/spamass-milter.sock
non_smtpd_milters = $smtpd_milters
content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd_proxy_options = speed_adjust
<--- end --->
postfix/master.cf section:
<--- start --->
#==========================================================================
#service type  private unpriv  chroot  wakeup  maxproc command + args
#(yes)   (yes)   (no)    (never) (100)
#==========================================================================
smtp      inet  n       -       n       -       -       smtpd
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o content_filter=smtp-amavis:[127.0.0.1]:10026
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o content_filter=smtp-amavis:[127.0.0.1]:10026
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o syslog_name=postfix/$service_name
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
policyd-spf  unix  -       n       n       -       0       spawn user=policyd-spf argv=/usr/libexec/postfix/policyd-spf
smtp-amavis  unix  -       -       n       -       2       smtp
        -o syslog_name=postfix/amavis
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o max_use=20
        -o smtp_tls_security_level=none
127.0.0.1:10025   inet   n    -     n     -     -    smtpd
        -o syslog_name=postfix/10025
        -o content_filter=
        -o mynetworks_style=host
        -o mynetworks=127.0.0.0/8
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o strict_rfc821_envelopes=yes
        -o smtp_tls_security_level=none
        -o smtpd_tls_security_level=none
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
<--- end --->
sysconfig/spamass-milter section:
<--- start --->
EXTRA_FLAGS="-e mydomainname.com -u sa-milt -m -r 8 -R SPAM_ARE_NOT_ALLOWED_HERE -i 127.0.0.1 -g sa-milt -- --max-size=5120000"
<--- end --->
sysconfig/spamassassin section:
<--- Start --->
SPAMDOPTIONS="-c -m5 -H --razor-home-dir='/var/lib/razor/' --razor-log-file='sys-syslog' --nouser-config --virtual-config-dir=/var/vmail/%d/%l/spamassassin --username=vmail"
<--- end --->

score 1 · Answer 1 · answered Mar 09 '23 at 18:03

I suspect that your most pressing configuration issue is that you added the spamassassin daemon (that normally talks to programs like spamc or spamass-milter) to the Postfix interface that speaks the Sendmail Milter protocol.

This line now mentions spamassassin twice, more importantly, once referring to a port that does not speak the Milter protocol postfix expected of entries of this configuration:

smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:783,unix:/run/spamass-milter/spamass-milter.sock

Remove that entry, you already have spamassass-milter listed here, listening on a unix socket clearly spelling out the name:

smtpd_milters = inet:127.0.0.1:8891,unix:/run/spamass-milter/spamass-milter.sock

After this change, you are not done, you still need to investigate why you are calling Milters twice. Your global configuration sets milters which affect the smtpd services calling them both before (that would produce log prefixes like postfix/smtpd) and after (thats is what the postfix/10025/smtpd log line refers to) amavis.

Postfix/Spamassassin/Milter error

1 Answers1