Johan Andersson wrote:
> We had MTA's that used a local AntiVirus to check incoming mails for
> virus (throw) and spam (mark and deliver)
> and outgoing mails for virus (reject)
> Now we added an extra layer of hosts to run the AntiVirus and SPAM
> checks for he incoming mails...
> but we still want to use the local one for the outgoing Virus checks.
> All the incoming "domains" are listed in the transport map as relayed to
> the new "AV" hosts, works fine
> i.e. in transport
> domain.se relay:[avhost.domain.se]
> that host in turn runs postfix and uses the AV as a content_filter and
> then the local transport on that sends it on
> to the final mailserver for storage.
> domain.se relay:[mail.domain.se]
> This part works fine for the incoming mail...
> the outgoing mail all arrive at the MTA's and those who dont match the
> transport map I want to run through
> the local AV on that system...
> Before the change this was a content_filter
> i.e. in main.cf
> with master.cf telling it what to do with it...
> pmx unix - - n - 10 smtp
> localhost:10026 inet n - n - 500 smtpd
> -o content_filter=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o mynetworks=127.0.0.0/8
> now with the change, we though we could get all the outgoing mail, not
> matching transport
> run through the av by setting
> relayhost = [localhost]:10025
> and no content_filter
> in main.cf
> -o relayhost=
> in master.cf for the incoming localhost:10026 service
> but that seems to loop outgoing mail through the filter...
> or at least resending them there at intervals...
> incoming routes correctly to the avhost.domain.se
> outgoing are relayed through [127.0.0.1]:10025
> but the never get relayed out as before...
> we removed the local relay for now, but would like to have an antivirus
> check on all we send out...
> what mistake did we make here?
you configured a relayhost but the relayhost is passing mail back to
your postfix. your attempt to disable relayhost in the second smtpd is
useless since smtpd does not route mail.
You can run two postfix instances (each with its config_directory, ...
etc). This way you can have different routing configs.
Alternatively, you can use the FILTER statement in access tables.
content_filter = scan:[127.0.0.1]:10025
/./ FILTER scan:[192.168.1.2]:12345