Loading ...
Sorry, an error occurred while loading the content.

221220Re: dedicated antivirus and anti spam

Expand Messages
  • mouss
    Jun 1, 2007
      cachak wrote:
      > hello
      > i have to server
      > one server for mail server with :
      > -postfix
      > -maildrop
      > -courier-auth
      > -courier-imap
      > -saslautd
      >
      > and other server for content filtering(antivirus and spam) with :
      > -amavisd
      > -kaspersky
      > -spamassasin
      >
      > if antivirus and mta in one server, mail server is fine, and my
      > configure in main is :
      > content_filter=smtp-amavis:[127.0.0.1]:10024
      > and in master.cf
      > smtp-amavis unix - - n - 2 lmtp

      calling an lmtp based transport smtp-amavis is asking for trouble... if
      using lmtp, better name it lmtp-amavis and adjust the conten_filter
      accordingly).
      > -o lmtp_data_done_timeout=1200
      > -o lmtp_send_xforward_command=yes
      >
      > 127.0.0.1:10025 inet n - n - - smtpd
      > -o content_filter=
      > -o local_recipient_maps=
      > -o relay_recipient_maps=
      > -o smtpd_restriction_classes=
      > -o smtpd_client_restrictions=
      > -o smtpd_helo_restrictions=
      > -o smtpd_sender_restrictions=
      > -o smtpd_recipient_restrictions=permit_mynetworks,reject
      > -o mynetworks=127.0.0.0/8
      > -o strict_rfc821_envelopes=yes
      > -o smtpd_error_sleep_time=0
      > -o smtpd_soft_error_limit=1001
      > -o smtpd_hard_error_limit=1000
      >
      >
      > if i m use dedicated content filter i dont know to configure
      > how to configure in main.cf,master.cf(server one) and in server two
      >
      > server one is with ip public
      > server two with ip private

      you need to

      - set the content filter to be the remote amavisd. something like
      content_filter=smtp-amavis:[192.168.9.10]:10024
      where 192.168..9.10 is an IP of the remote filtering box.

      - in master.cf, replace lmtp with smtp in the definition of smtp-amavis.
      change the options too (lmtp options would be useless in an smtp
      transport). please take a look at the amavisd-new README.postfix (the
      old and the new): you'll find useful options to add to your transport.

      - replace 127.0.0.1:10025 by 192.168.9.1:10025, where 192.168.9.1 is an
      IP of the postfix server (reachable from the LAN side).

      - configure amavisd on the remote machine to listen on 192.168.9.10
      (instead of 127.0.0.1). for this, set
      $inet_socket_bind = '192.168.9.10'. (you don't need the unix socket
      anymore, since you will be using smtp over TCP).

      - configure amavisd to forward mail back to 192.168.9.9 port 10025
      (where 192.168.9.9 is an IP of the postfix server). for this, set
      $forward_method = 'smtp:[192.168.9.1]:10025

      check amavid
    • Show all 5 messages in this topic