0

Attempting to send a message through Postfix on a jailed instance of FreeBSD-11 results in the following error when amavisd is configured:

/usr/local/sbin/amavisd[47180]: (!)DENIED ACCESS from IP 127.0.32.1, policy bank ''

The lo interface for the jail is cloned to 127.0.32.1. The only place where this address is explicitly used in any of the related configuration files is in postfix/main.cf for the inet_interfaces assignment (postfix listening address assignments cannot be redirected by the jail software). All other places, including /etc/hosts, refer solely to 127.0.0.1.

Does anyone have this combination (postfix/amavisd) running successfully in a FreeBSD jail? How is it done?

If not then what alternatives are there to obtain the same benefits provided by amavisd if this combination cannot be made to work in a FreeBSD jail?

alexander.polomodov
  • 1,060
  • 3
  • 10
  • 14
James B. Byrne
  • 317
  • 4
  • 14

1 Answers1

0

When running Postfix (3.3.0) inside a jailed FreeBSD instance be aware that the automatic localhost/127.0.0.1 remapping to that jail's assigned cloned lo# interface does not work for the network interfaces defined in Postfix's .../etc/postfix/main.cf. The actual IP address assigned to the cloned lo# i/f must be specified. Because of this .../etc/amavisd.conf also must be modified to allow connections from that cloned i/f address in place of the default, 127.0.0.1.

For example:

If /etc/rc.conf on the host system contains:

cloned_interfaces="lo1"
ipv4_addrs_lo1="127.0.31.1/32"
ipv6_addrs_lo1="::31"

And a jail using lo1:127.0.31.1 as its loopback i/f address is used to run Postfix together with Amavisd then the following configuration is required in the jail:

In ../postfix/main.cf:

inet_interfaces = 127.0.31.1, 192.168.31.31, A.B.C.31, . . .

And in ../etc/amavisd.conf:

@inet_acl = qw( 127.0.31.1 [::31]);

And for completeness:

If saslauthd is installed and smtpd_sasl_auth_enable = yes and smtpd_sasl_path = smtpd are set in ../etc/postfix/main.cf then the file /usr/local/lib/sasl2/smtpd.conf must be created and configured to contain:

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
James B. Byrne
  • 317
  • 4
  • 14