Q: Server 5.x install -> Amavis wrong domain setting
I am interested to get feedback from everyone regarding this query. I am not sure if the current Server 5.x install on El Capitan (clean install) is meant to have this (incorrect?) behaviour or not.
Here is the background:
- Clean install of OS X Server (5.0.15) on a clean install of El Capitan 10.11.2
- Server pre-flight preparation rigorously checked.
- Assume Internet legal domain is 'example.com' (real domain obviously different), server host name is 'server.example.com' and server name is 'Server'. Bonjour local hostname is 'Server.local'.
- DNS checked and double checked before setup of any other services — forward and reverse domains. Check. Internal (split-horizon) domain of example.com with OS X DNS server correctly acting as SOA. Check.
- Internet legal domain and DNS for 'example.com' with A record for 'server.example.com'.
- Internet legal SSL certificate for hostname 'server.example.com' installed in OS X Server and functioning for all services.
- Open Directory installed and working.
- Local Network Directory users created, e.g. User 'user' with email of user@example.com
- In / out email working flawlessly.
- It's all working.
Here's the issue though...
When I did the first install (I redid the whole thing when I saw this) and I was checking everything I saw in email headers that mail was being delivered saying this 'user@server.example.com' (the host name) instead of 'user@example.com' (the domain) as I used to see with server 3.x
============ EMAIL HEADER ============
Return-Path: <bounce-5308718-50395022@nowhere.com>
Delivered-To: user@server.example.com
Received: from localhost (localhost [127.0.0.1])
by server.example.com (Postfix) with ESMTP id BD9B5906982
for <user@example.com>; Wed, 30 Dec 2015 09:24:24 +0100 (CET)
X-Virus-Scanned: amavisd-new at server.example.com
Authentication-Results: server.example.com (amavisd-new);
dkim=pass (1024-bit key) header.d=nowhere.com
Received: from server.example.com ([127.0.0.1])
by localhost (server.example.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id F3rRxxYjQxCz for <user@example.com>;
Wed, 30 Dec 2015 09:24:23 +0100 (CET)
Received: from nowhere.com (svr03.nowhere.com [12.123.12.123])
by server.example.com (Postfix) with SMTP id 1AE2FF0892A
for <user@example.com>; Wed, 30 Dec 2015 09:24:22 +0100 (CET)
========================================
After I did the complete reinstall, and after double/triple checking everything it still said the same. As everything was working perfectly I thought it was just a change in how Apple had setup things from Server 3.x to 5.x and I left it.
Today I was looking at setting up DKIM and had occasion to look at the amavisd.conf file and saw the following
============ amavisd.conf ============
# COMMONLY ADJUSTED SETTINGS:
$mydomain = 'server.example.com'; # a convenient default for other settings
$MYHOME = '/Library/Server/Mail/Data/scanner/amavis'; # a convenient default for other settings, -H
8<------------------
# OTHER MORE COMMON SETTINGS (defaults may suffice):
# $myhostname = 'host.example.com'; # must be a fully-qualified domain name!
=======================================
I don't believe the (auto set by Apple setup) entry for $mydomain is correct, it should be obviously 'example.com' (it was that on my 3.x server). Also the $myhostname entry is disabled and has not been set by the Apple setup, it should be enabled and be 'server.example.com'. I will note that, as commonly happens (well it does for me) when you setup a server machine from scratch that the Apple DNS server initially makes a DNS domain of the hostname (server.example.com) which you have to delete. I did so, again, before enabling any other services esp. email.
Questions:
- What do others see on their new, from scratch, Server 5.x installs — the same behaviour?
- Do we agree that the $mydomain variable should be 'example.com'
- If I change this now (after email been running for a week) what will be the impact? To the Postfix mail service, the Amavis service?
- Would the change have any affect on already received user emails in the Dovecot IMAP folders.
Mac mini, OS X El Capitan (10.11.2), OS X Server 5
Posted on Dec 30, 2015 4:09 AM
Server 5 uses virtual_users to map address to local accounts.
cat /Library/Server/Mail/Config/postfix/virtual_users
The file is updated automatically by Server.app
Mail arrives for user@example.com then is mapped to user@server.example.com for local delivery.
If you are curious, this command pulls the relevant settings from postfix (space after mydomain is intentional)
grep -E '^(myhostname|mydomain |mydestination|virtual_alias)' /Library/Server/Mail/Config/postfix/main.cf
As you discovered, there is an issue with mydomain in amavisd.conf.
Your mail header shows a virus scan but not a spam scan (x-spam).
virus scans are performed regardless if mydomain matches the recipient address, but spam scans only occur when matched.
Change mydomain (in amavisd.conf) to example.com
Restart amavis
sudo launchctl stop org.amavis.amavisd
Note:
Its possible to change your setup to the old behavior (local, not virtual domains) but you might as well adapt to the way Apple defaults. It makes things easier and helps ensure compatability with their GUI.
Hope that helps.
Posted on Dec 30, 2015 12:40 PM