I want to configure Postfix to work with SpamAssassin. I have the issue, that the Mail will be bounced internally between Postfix and SpamAssassin until I recieve the Error of "Too many Hops".
Postfix Version:
postconf -d | grep mail_version
mail_version = 3.5.6
milter_macro_v = $mail_name $mail_version
SpamAssassin Version:
spamassassin -V
SpamAssassin version 3.4.6
running on Perl version 5.32.1
That's my X-Spam-Status Header:
X-Spam-Status: No, score=0.6 required=2.0 tests=HTML_MESSAGE,
RCVD_IN_ZEN_BLOCKED_OPENDNS,SPF_HELO_NONE,TVD_SPACE_RATIO,
TVD_SPACE_RATIO_MINFP,T_SCC_BODY_TEXT_LINE autolearn=no
autolearn_force=no version=3.4.6
Received: by example.com (Postfix, from userid 109)
id EA88EA716D; Mon, 28 Feb 2022 12:38:12 +0100 (CET)
Received: by example.com (Postfix, from userid 109)
id 04220A716E; Mon, 28 Feb 2022 12:37:59 +0100 (CET)
Received: by example.com (Postfix, from userid 109)
id B583DA716D; Mon, 28 Feb 2022 12:37:58 +0100 (CET)
...
main.cf
myorigin = localhost
mydestination = $myhostname localhost.$mydomain localhost
virtual_alias_domains = example.com
virtual_alias_maps = hash:/etc/postfix/virtual
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
message_size_limit = 15000000
broken_sasl_auth_clients = yes
smtp_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem
smtp_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_loglevel = 1
smtpd_banner = $myhostname ESMTP $mail_name
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_auth_only = yes
smtpd_sasl_auth_enable = yes
smtpd_tls_loglevel = 1
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/letsencrypt/live/mail2.brocksieper.de-0001/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail2.brocksieper.de-0001/privkey.pem
smtpd_client_connection_count_limit = 25
smtpd_tls_received_header = yes
smtpd_tls_eecdh_grade = strong
smtpd_tls_security_level = encrypt
smtpd_tls_mandatory_ciphers = high
smtpd_tls_exclude_ciphers = LOW, EXP, aNULL, RC4, DSS, SEED, IDEA, MD5, PSK, DES, SRP, CAMELLIA, SHA1, SHA256, SHA384
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_unauth_pipelining,reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client bl.spamcop.net,reject_rbl_client dul.dnsbl.sorbs.net,check_policy_service inet:127.0.0.1:10023
tls_preempt_cipherlist = yes
tls_ssl_options = NO_RENEGOTIATION
compatibility_level = 2
content_filter=spamassassin:[127.0.0.1]:783
mailbox_command = /usr/sbin/sendmail
Please note the line content_filter=spamassassin:[127.0.0.1]:783. If I comment out this line, Postfix works fine, but the mails do not go through the filter.
and finally my master.cf
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=spamassassin
spamassassin unix - n n - - pipe
user=debian-spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
