295610Re: need to purge clamav from postfix configuration
- Sep 21, 2013-----BEGIN PGP SIGNED MESSAGE-----
On 09/21/2013 09:39 AM, DTNX Postmaster wrote:
> While the desire to have it 'just work' is recognizable, you cannot
> expect it to always do so if you copy bits and pieces from here to
> there without understanding what they actually do. Especially if
> you have copied an older configuration from a different distro that
> may have its own quirks.
Then we are very close to the point where I'll just have to turn
everything over to Google Apps. Because I am *never* going to
understand postfix configuration. This isn't even something that's
within a fuzzy or distant view, let alone just outside my grasp. It's
all complete magic to me.
> We use Postfix on Debian in its 'stock' Debian chroot setup, with
> clamav-milter as the bridge between Postfix and clamd. This
> requires no configuration in 'master.cf' and only two lines in
> smtpd_milters = unix:/clamav/clamav-milter.ctl
> milter_default_action = accept
> Permissions is where it gets tricky, because the socket needs to be
> writable by both processes. As our own ClamAV setup is up for
> review anyway, I don't mind writing up a bit of a how-to for it
> that you can use to reimplement virus scanning with ClamAV, if you
> are still interested in doing so?
At least within postfix, there is a very nice command to just fix the
permissions. (Did Wietse get tired of seeing that particular problem?)
I have no idea what they should be for clamd.ctl because, as near as I
can tell, it isn't a permanent file, so I can't even see it in the
emergency backup I did from a rescue system after the Arch upgrade
hosed my server (which is remote, by the way).
At this point, my first priority has to be just getting mail back up.
I've had a lot of these domains for a decade or more. I get a lot of
spam, hence the postscreen stuff, but I also get a lot of mail. Then,
maybe, I can think about reimplementing clamav.
see https://parts-unknown.org/node/2 if you don't understand the
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
- << Previous post in topic Next post in topic >>