Loading ...
Sorry, an error occurred while loading the content.

Re: Body checks on incoming only

Expand Messages
  • Ralf Hildebrandt
    ... All mail comes in first and then goes out. Try to rephrase that question ... Yes. Only the first $body_checks_size_limit bytes are scanned -- Ralf
    Message 1 of 18 , Aug 1 1:28 AM
    • 0 Attachment
      * Thomas Domingo Dahlmann <domingo@...>:
      > Hi
      >
      > Q1: What is the easiest way of only making body_checks on incoming mail?

      All mail comes in first and then goes out.
      Try to rephrase that question

      > Q2:
      > "body_checks_size_limit
      > The amount of content per message body segment (attachment) that
      > is subjected to $body_checks filtering."
      >
      > I don't understand that description. Is body_checks_size_limit a
      > description of how much attachment data is to be scanned?

      Yes. Only the first $body_checks_size_limit bytes are scanned

      --
      Ralf Hildebrandt (Ralf.Hildebrandt@...) spamtrap@...
      Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
      http://www.postfix-buch.com
      llama would be a more fitting name for OpenLDAP:
      It's big, stubborn and spits in your face when you need it the most.
    • Thomas Domingo Dahlmann
      ... Okay fair enough ;ø). I only want body_checks on mail coming from external sources. When I send mail out of the house I don t want it to be
      Message 2 of 18 , Aug 1 1:56 AM
      • 0 Attachment
        On Tue, August 1, 2006 10:28, Ralf Hildebrandt wrote:
        > * Thomas Domingo Dahlmann <domingo@...>:
        >
        >> Hi
        >>
        >>
        >> Q1: What is the easiest way of only making body_checks on incoming
        >> mail?
        >
        > All mail comes in first and then goes out.
        > Try to rephrase that question

        Okay fair enough ;ø). I only want body_checks on mail coming from external
        sources. When I send mail out of the house I don't want it to be
        body_checks'ed.

        >
        >
        >> Q2:
        >> "body_checks_size_limit
        >> The amount of content per message body segment (attachment) that
        >> is subjected to $body_checks filtering."
        >>
        >> I don't understand that description. Is body_checks_size_limit a
        >> description of how much attachment data is to be scanned?
        >
        > Yes. Only the first $body_checks_size_limit bytes are scanned

        Just to be sure. When I talk about attachement I mean fx. an attached
        file/document etc.


        Thx again.

        /Domingo
        Registered Linux user number 411788
        http://wiki.lnxgeek.org

        >
        >
        > --
        > Ralf Hildebrandt (Ralf.Hildebrandt@...)
        > spamtrap@... Postfix - Einrichtung, Betrieb und Wartung Tel.
        > +49 (0)30-450 570-155
        > http://www.postfix-buch.com
        > llama would be a more fitting name for OpenLDAP: It's big, stubborn and
        > spits in your face when you need it the most.
        >
        > !DSPAM:44cf110e16648385619744!
        >
        >
        >
      • Ralf Hildebrandt
        ... You need two instances of Postfix for that. One WITHOUT body_checks bound to the internal interface and one WITH body_checks bound to the external
        Message 3 of 18 , Aug 1 1:58 AM
        • 0 Attachment
          * Thomas Domingo Dahlmann <domingo@...>:

          > Okay fair enough ;ø). I only want body_checks on mail coming from external
          > sources. When I send mail out of the house I don't want it to be
          > body_checks'ed.

          You need two instances of Postfix for that. One WITHOUT body_checks
          bound to the internal interface and one WITH body_checks bound to the
          external interface.

          You could also use two smtpd instances with receive_override_options.
          --
          Ralf Hildebrandt (Ralf.Hildebrandt@...) spamtrap@...
          Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
          http://www.postfix-buch.com
          Why you can't find your system administrators:
          they're busy rerouting their support telephone to the luser of the day
        • Thomas Domingo Dahlmann
          ... Sound good. Thx. /Domingo Registered Linux user number 411788 http://wiki.lnxgeek.org
          Message 4 of 18 , Aug 1 2:40 AM
          • 0 Attachment
            On Tue, August 1, 2006 10:58, Ralf Hildebrandt wrote:
            > * Thomas Domingo Dahlmann <domingo@...>:
            >
            >
            >> Okay fair enough ;ø). I only want body_checks on mail coming from
            >> external sources. When I send mail out of the house I don't want it to
            >> be body_checks'ed.
            >
            > You need two instances of Postfix for that. One WITHOUT body_checks
            > bound to the internal interface and one WITH body_checks bound to the
            > external interface.
            >
            > You could also use two smtpd instances with receive_override_options.

            Sound good. Thx.

            /Domingo
            Registered Linux user number 411788
            http://wiki.lnxgeek.org

            > --
            > Ralf Hildebrandt (Ralf.Hildebrandt@...)
            > spamtrap@... Postfix - Einrichtung, Betrieb und Wartung Tel.
            > +49 (0)30-450 570-155
            > http://www.postfix-buch.com
            > Why you can't find your system administrators:
            > they're busy rerouting their support telephone to the luser of the day
            >
            > !DSPAM:44cf18b579521888050393!
            >
            >
            >
          • Kyle Dent
            ... I have a How-To at http://www.seaglass.com/postfix/turning_off_body_checks.html that describes this second option. Kyle
            Message 5 of 18 , Aug 1 7:08 AM
            • 0 Attachment
              On Tue, Aug 01, 2006 at 10:58:58AM +0200, Ralf Hildebrandt wrote:
              > * Thomas Domingo Dahlmann <domingo@...>:
              >
              > > Okay fair enough ;?). I only want body_checks on mail coming from external
              > > sources. When I send mail out of the house I don't want it to be
              > > body_checks'ed.
              >
              > You need two instances of Postfix for that. One WITHOUT body_checks
              > bound to the internal interface and one WITH body_checks bound to the
              > external interface.
              >
              > You could also use two smtpd instances with receive_override_options.

              I have a How-To at
              http://www.seaglass.com/postfix/turning_off_body_checks.html that
              describes this second option.

              Kyle
            • mouss
              ... or with different cleanup services.
              Message 6 of 18 , Aug 1 4:14 PM
              • 0 Attachment
                Ralf Hildebrandt wrote:
                > * Thomas Domingo Dahlmann <domingo@...>:
                >
                >
                >> Okay fair enough ;ø). I only want body_checks on mail coming from external
                >> sources. When I send mail out of the house I don't want it to be
                >> body_checks'ed.
                >>
                >
                > You need two instances of Postfix for that. One WITHOUT body_checks
                > bound to the internal interface and one WITH body_checks bound to the
                > external interface.
                >
                > You could also use two smtpd instances with receive_override_options.
                >
                or with different cleanup services.
              • Thomas Domingo Dahlmann
                ... Thx Kyle. /Domingo Registered Linux user number 411788 http://wiki.lnxgeek.org
                Message 7 of 18 , Aug 1 11:47 PM
                • 0 Attachment
                  On Tue, August 1, 2006 16:08, Kyle Dent wrote:
                  > On Tue, Aug 01, 2006 at 10:58:58AM +0200, Ralf Hildebrandt wrote:
                  >
                  >> * Thomas Domingo Dahlmann <domingo@...>:
                  >>
                  >>
                  >>> Okay fair enough ;?). I only want body_checks on mail coming from
                  >>> external sources. When I send mail out of the house I don't want it to
                  >>> be body_checks'ed.
                  >>
                  >> You need two instances of Postfix for that. One WITHOUT body_checks
                  >> bound to the internal interface and one WITH body_checks bound to the
                  >> external interface.
                  >>
                  >> You could also use two smtpd instances with receive_override_options.
                  >>
                  >
                  > I have a How-To at
                  > http://www.seaglass.com/postfix/turning_off_body_checks.html that
                  > describes this second option.

                  Thx Kyle.

                  /Domingo
                  Registered Linux user number 411788
                  http://wiki.lnxgeek.org

                  >
                  > Kyle
                  >
                  >
                  >
                  > !DSPAM:44cf606d325338108619379!
                  >
                  >
                  >
                • Thomas Domingo Dahlmann
                  ... Could you help me with the syntax? /Domingo Registered Linux user number 411788 http://wiki.lnxgeek.org
                  Message 8 of 18 , Aug 1 11:48 PM
                  • 0 Attachment
                    On Wed, August 2, 2006 01:14, mouss wrote:
                    > Ralf Hildebrandt wrote:
                    >
                    >> * Thomas Domingo Dahlmann <domingo@...>:
                    >>
                    >>
                    >>
                    >>> Okay fair enough ;ø). I only want body_checks on mail coming from
                    >>> external sources. When I send mail out of the house I don't want it to
                    >>> be body_checks'ed.
                    >>>
                    >>
                    >> You need two instances of Postfix for that. One WITHOUT body_checks
                    >> bound to the internal interface and one WITH body_checks bound to the
                    >> external interface.
                    >>
                    >> You could also use two smtpd instances with receive_override_options.
                    >>
                    >>
                    > or with different cleanup services.

                    Could you help me with the syntax?


                    /Domingo
                    Registered Linux user number 411788
                    http://wiki.lnxgeek.org

                    >
                    > !DSPAM:44cfe05725501562027968!
                    >
                    >
                    >
                  • Magnus Bäck
                    On Wednesday, August 02, 2006 at 08:48 CEST, ... master.cf: 1.2.3.4:smtp inet n - n - - smtpd 1.2.3.5:smtp inet n
                    Message 9 of 18 , Aug 2 1:08 AM
                    • 0 Attachment
                      On Wednesday, August 02, 2006 at 08:48 CEST,
                      Thomas Domingo Dahlmann <domingo@...> wrote:

                      > Could you help me with the syntax?

                      master.cf:
                      1.2.3.4:smtp inet n - n - - smtpd
                      1.2.3.5:smtp inet n - n - - smtpd
                      -o receive_override_options=no_header_body_checks
                      127.0.0.1:smtp inet n - n - - smtpd
                      -o receive_override_options=no_header_body_checks

                      1.2.3.4 is your external interface and 1.2.3.5 and 127.0.0.1 are your
                      internal interfaces. You might be able to get away with

                      1.2.3.4:smtp inet n - n - - smtpd
                      smtp inet n - n - - smtpd
                      -o receive_override_options=no_header_body_checks

                      as well, I'm not sure.

                      --
                      Magnus Bäck
                      magnus@...
                    • Thomas Domingo Dahlmann
                      ... I was thinking of the syntax when doing a second cleanup instance. But thanks anyway. /Domingo Registered Linux user number 411788 http://wiki.lnxgeek.org
                      Message 10 of 18 , Aug 2 2:12 AM
                      • 0 Attachment
                        On Wed, August 2, 2006 10:08, Magnus Bäck wrote:
                        > On Wednesday, August 02, 2006 at 08:48 CEST,
                        > Thomas Domingo Dahlmann <domingo@...> wrote:
                        >
                        >
                        >> Could you help me with the syntax?
                        >>
                        >
                        > master.cf:
                        > 1.2.3.4:smtp inet n - n - - smtpd
                        > 1.2.3.5:smtp inet n - n - - smtpd
                        > -o receive_override_options=no_header_body_checks
                        > 127.0.0.1:smtp inet n - n - - smtpd
                        > -o receive_override_options=no_header_body_checks
                        >
                        >
                        > 1.2.3.4 is your external interface and 1.2.3.5 and 127.0.0.1 are your
                        > internal interfaces. You might be able to get away with
                        >
                        > 1.2.3.4:smtp inet n - n - - smtpd
                        > smtp inet n - n - - smtpd -o
                        > receive_override_options=no_header_body_checks
                        >
                        > as well, I'm not sure.

                        I was thinking of the syntax when doing a second cleanup instance. But
                        thanks anyway.


                        /Domingo
                        Registered Linux user number 411788
                        http://wiki.lnxgeek.org


                        >
                        > --
                        > Magnus Bäck
                        > magnus@...
                        >
                        > !DSPAM:44d05d7937206811418128!
                        >
                        >
                        >
                      • Magnus Bäck
                        On Wednesday, August 02, 2006 at 11:12 CEST, ... 1.2.3.4:smtp inet n - n - - smtpd 1.2.3.5:smtp inet n -
                        Message 11 of 18 , Aug 2 2:25 AM
                        • 0 Attachment
                          On Wednesday, August 02, 2006 at 11:12 CEST,
                          Thomas Domingo Dahlmann <domingo@...> wrote:

                          > I was thinking of the syntax when doing a second cleanup instance. But
                          > thanks anyway.

                          1.2.3.4:smtp inet n - n - - smtpd
                          1.2.3.5:smtp inet n - n - - smtpd
                          -o cleanup_service_name=foocleanup
                          127.0.0.1:smtp inet n - n - - smtpd
                          -o cleanup_service_name=foocleanup
                          foocleanup unix n - n - 0 cleanup
                          -o body_checks= -o header_checks=

                          --
                          Magnus Bäck
                          magnus@...
                        • Thomas Domingo Dahlmann
                          ... Simple an beautiful - nothing like Postfix ;ø) Thx. /Domingo Registered Linux user number 411788 http://wiki.lnxgeek.org
                          Message 12 of 18 , Aug 2 4:22 AM
                          • 0 Attachment
                            On Wed, August 2, 2006 11:25, Magnus Bäck wrote:
                            > On Wednesday, August 02, 2006 at 11:12 CEST,
                            > Thomas Domingo Dahlmann <domingo@...> wrote:
                            >
                            >
                            >> I was thinking of the syntax when doing a second cleanup instance. But
                            >> thanks anyway.
                            >
                            > 1.2.3.4:smtp inet n - n - - smtpd
                            > 1.2.3.5:smtp inet n - n - - smtpd
                            > -o cleanup_service_name=foocleanup
                            > 127.0.0.1:smtp inet n - n - - smtpd
                            > -o cleanup_service_name=foocleanup
                            > foocleanup unix n - n - 0 cleanup -o
                            > body_checks= -o header_checks=

                            Simple an beautiful - nothing like Postfix ;ø)
                            Thx.


                            /Domingo
                            Registered Linux user number 411788
                            http://wiki.lnxgeek.org


                            >
                            > --
                            > Magnus Bäck
                            > magnus@...
                            >
                            > !DSPAM:44d0704c187997389134864!
                            >
                            >
                            >
                          • Alex Palenschat
                            ... I am trying to do this same thing and bypass the content filter as well. But the difference with my situation is that my postfix is configured as an email
                            Message 13 of 18 , Aug 2 1:00 PM
                            • 0 Attachment
                              > I have a How-To at
                              > http://www.seaglass.com/postfix/turning_off_body_checks.html that
                              > describes this second option.

                              > Kyle

                              I am trying to do this same thing and bypass the content filter as well.
                              But the difference with my situation is that my postfix is configured as
                              an email firewall/gateway. I have two interfaces, one with a public IP
                              and one an internal IP. If I use inet_interfaces to only have postfix
                              listen on the public IP then it can't forward mail to the internal MDAs.


                              I have tried reading the docs on inet_interfaces and
                              receive_override_options but don't seem to be getting it.
                              If I specify:

                              /etc/postfix/main.cf
                              inet_interfaces = all

                              and in master.cf

                              <Public IP>:smtp inet n - n - - smtpd

                              And

                              <Internal IP>:smtp inet n - n - - smtpd
                              -o content_filter=
                              -o receive_override_options=no_header_body_checks

                              Will I accomplish having all external email filtered but all outbound
                              (mail from users) not filtered? Or will this confuse postfix and I need
                              to run two separate instances?

                              alex
                            • Noel Jones
                              ... The above sample config looks correct, and should do what you want. Postfix supports multiple smtpd listeners with different settings; that s a fairly
                              Message 14 of 18 , Aug 2 1:41 PM
                              • 0 Attachment
                                At 03:00 PM 8/2/2006, Alex Palenschat wrote:
                                >I am trying to do this same thing and bypass the content
                                >filter as well.
                                >But the difference with my situation is that my postfix is
                                >configured as
                                >an email firewall/gateway. I have two interfaces, one with
                                >a public IP
                                >and one an internal IP. If I use inet_interfaces to only
                                >have postfix
                                >listen on the public IP then it can't forward mail to the
                                >internal MDAs.
                                >
                                >
                                >I have tried reading the docs on inet_interfaces and
                                >receive_override_options but don't seem to be getting it.
                                >If I specify:
                                >
                                >/etc/postfix/main.cf
                                >inet_interfaces = all
                                >
                                >and in master.cf
                                >
                                ><Public IP>:smtp inet n - n - - smtpd
                                >
                                >And
                                >
                                ><Internal IP>:smtp inet n - n - - smtpd
                                > -o content_filter=
                                > -o receive_override_options=no_header_body_checks
                                >
                                >Will I accomplish having all external email filtered but
                                >all outbound
                                >(mail from users) not filtered? Or will this confuse
                                >postfix and I need
                                >to run two separate instances?
                                >
                                >alex

                                The above sample config looks correct, and should do what
                                you want. Postfix supports multiple smtpd listeners with
                                different settings; that's a fairly common setup. You only
                                need multiple postfix instances if a) you need different
                                transport maps, b) the gyrations in master.cf become so
                                obtuse that the administrator cannot follow it, c) you want
                                to separate the logging.

                                --
                                Noel Jones
                              • Kyle Dent
                                ... One smtpd instance listens on the public interface and a second smtpd instance listens on the internal one. ... You probably don t have to specify the
                                Message 15 of 18 , Aug 2 1:53 PM
                                • 0 Attachment
                                  Alex Palenschat wrote:
                                  >> I have a How-To at
                                  >> http://www.seaglass.com/postfix/turning_off_body_checks.html that
                                  >> describes this second option.
                                  >
                                  >> Kyle
                                  >
                                  > I am trying to do this same thing and bypass the content filter as well.
                                  > But the difference with my situation is that my postfix is configured as
                                  > an email firewall/gateway. I have two interfaces, one with a public IP
                                  > and one an internal IP. If I use inet_interfaces to only have postfix
                                  > listen on the public IP then it can't forward mail to the internal MDAs.

                                  One smtpd instance listens on the public interface and a second smtpd
                                  instance listens on the internal one.

                                  > I have tried reading the docs on inet_interfaces and
                                  > receive_override_options but don't seem to be getting it.
                                  > If I specify:
                                  >
                                  > /etc/postfix/main.cf
                                  > inet_interfaces = all
                                  >
                                  > and in master.cf
                                  >
                                  > <Public IP>:smtp inet n - n - - smtpd
                                  >
                                  > And
                                  >
                                  > <Internal IP>:smtp inet n - n - - smtpd
                                  > -o content_filter=
                                  > -o receive_override_options=no_header_body_checks
                                  >
                                  > Will I accomplish having all external email filtered but all outbound
                                  > (mail from users) not filtered? Or will this confuse postfix and I need
                                  > to run two separate instances?

                                  You probably don't have to specify the public IP address in master.cf.
                                  Otherwise, this should do what you want.

                                  Kyle
                                • mouss
                                  ... That said, using multiple instances is cleaner, provided you find the overhead of managing multiple instances (write a script to start/stop/postqueue/...
                                  Message 16 of 18 , Aug 2 3:15 PM
                                  • 0 Attachment
                                    Thomas Domingo Dahlmann wrote:
                                    > On Wed, August 2, 2006 11:25, Magnus Bäck wrote:
                                    >
                                    >> On Wednesday, August 02, 2006 at 11:12 CEST,
                                    >> Thomas Domingo Dahlmann <domingo@...> wrote:
                                    >>
                                    >>
                                    >>
                                    >>> I was thinking of the syntax when doing a second cleanup instance. But
                                    >>> thanks anyway.
                                    >>>
                                    >> 1.2.3.4:smtp inet n - n - - smtpd
                                    >> 1.2.3.5:smtp inet n - n - - smtpd
                                    >> -o cleanup_service_name=foocleanup
                                    >> 127.0.0.1:smtp inet n - n - - smtpd
                                    >> -o cleanup_service_name=foocleanup
                                    >> foocleanup unix n - n - 0 cleanup -o
                                    >> body_checks= -o header_checks=
                                    >>
                                    >
                                    > Simple an beautiful - nothing like Postfix ;ø)
                                    > Thx.
                                    >
                                    That said, using multiple instances is cleaner, provided you find the
                                    overhead of managing multiple instances (write a script to
                                    start/stop/postqueue/... etc) but once this is done, you'll get the
                                    benefits of simple configuration (no more -o in master.cf, different
                                    syslog names, ...).
                                  • mouss
                                    ... we use the term instance for different instances of postfix: ie when your run postfix multiple times with different config dirs and queue dirs.
                                    Message 17 of 18 , Aug 2 3:18 PM
                                    • 0 Attachment
                                      Kyle Dent wrote:
                                      >> I am trying to do this same thing and bypass the content filter as well.
                                      >> But the difference with my situation is that my postfix is configured as
                                      >> an email firewall/gateway. I have two interfaces, one with a public IP
                                      >> and one an internal IP. If I use inet_interfaces to only have postfix
                                      >> listen on the public IP then it can't forward mail to the internal MDAs.
                                      >
                                      > One smtpd instance listens on the public interface and a second smtpd
                                      > instance listens on the internal one.
                                      >
                                      <nitpick>
                                      we use the term instance for different instances of postfix: ie when
                                      your run postfix multiple times with different config dirs and queue dirs.
                                      if using multiple smtpd in one master.cf, the term "multiple listeners"
                                      or "multiple smtpd listeners" is used
                                      </nitpick>
                                    Your message has been successfully submitted and would be delivered to recipients shortly.