But... you already discovered almost everything!
You have an additional smtpd
service which is usually set up in master.cf
like this:
smtp:10025 inet n - n - - smtpd
...
Amavis is configured to reinject mail back to 127.0.0.1:10025
(or whichever port you use). The idea is this: you run special private service on non-default firewalled port to only accept processed mail.
This kind of configuration works like this:
- One of Postfix
smtpd
instances, mail exchanger or submission, receives mail from outside and logs it for the first time (and calls policy service)
- Then, according to a configuration, it pushes it into Amavis
- Amavis, after processing, reinjects mail back to Postfix, but it gives it to special
smtpd
instance which is configured to not give mail back to Amavis, because it expects all mail comes into it from Amavis
- This additional
smtpd
logs that mail again (and calls policy service) and then forwards it according to usual rules.
There is no way to fix double logging in such setup, because it is caused by this inherently inferior way to insert Amavis into processing via SMTP. But you still have a way to at least reduce the impact of this double logging. You may give your additional smtpd
instance distinct log prefix, thereby creating a way to distingush which one processes the mail this time. After the line where the additional smtpd
service is defined in the master.cf
, add the line:
-o syslog_name=postfix/reinject
(or whatever you're going to use to distingush it from other smtpd
instances, mail exchanger and submission).
Also, you may disable policy service processing for this instance, so the postfwd
won't count mail twice. You have to replicate your all smtpd_*_restrictions
in the master.cf
for this service where, not including this policy service:
...
-o smtpd_recipient_restrictions=...,reject_unauth_destination
...
never put spaces in master.cf
-o parameters!
Messy, I know. This is because this whole setup with reinjection is messy.
It's likely you already have some other parameters there; that's ok, they are still required. Also notice, this only changes smtpd
logging behaviour; it then puts mail into the common queue where other daemons pick it up and process and as we didn't created special logging configuration for them, you won't be able to easily distinguish whether they process original mail or processed this time (hint: mail queue ID is useful for that). So this is only a partial fix, but still it is very useful.
To completely fix that double logging, you have to redesign your mail system so that no single mail is going to go through it twice. So each mail will be accounted once, as by magic. Postfix has a special dedicated way to do mail processing, called milter ("mail filter"), which you're advised to employ instead of SMTP and reinjecting. You can connect Amavis or any other milter-supporting application (there are myriad of them) through this interface and you'll get much cleaner mail routing pathway inside mail system and less hassle with logs and other problems. Postfix will immediately reject spam mail instead of queuing, checking and then dropping. Read Postfix's perfect manual about Postfix before-queue Milter support