Loading ...
Sorry, an error occurred while loading the content.

Re: amavisd-new: prevent calling SA/clamd on sec. MX?

Expand Messages
  • Noel Jones
    ... Nope. 1. the recipient address is always a domain name, never an IP address. 2. filtering by recipient is not reliable - the FILTER action applies to all
    Message 1 of 11 , Jan 29, 2007
    • 0 Attachment
      At 04:52 PM 1/29/2007, Jan Houtsma wrote:
      >On 29-1-2007 Jan Houtsma wrote:
      >>Yes i saw that. But what about doing the same on the secondary but
      >>with smtpd_recipient_restrictions i.s.o. smtpd_client_restrictions.
      >>And in the cidr file specifying the subnet of the primary? So that
      >>messages for the primary bypass scanning on the secondary?
      >
      >To be more precise:
      >
      >smtpd_recipient_restrictions =
      > check_recipient_access cidr:/etc/postfix/mx2
      >
      ># cat mx2
      ><mx1_ip_address>/32 FILTER relay:[127.0.0.1]:10025
      >
      >I think that would do the same but then on bypassing on the secondary.

      Nope.
      1. the recipient address is always a domain name, never an IP address.
      2. filtering by recipient is not reliable - the FILTER action applies
      to all recipients of the message, not just the one that triggers the
      rule. Multi-recipient mail is likely to be randomly misdirected.

      You can fix issue 2 above by using multiple instances of postfix
      (each with its own config and queue directory) with the content
      filter in between. Then use transport_maps to route mail to either
      the content filter or the second postfix instance as each recipient
      or domain requires. The content_filter setting is no longer used in
      this type setup. This works well, but is somewhat more complicated
      to configure. This does have the advantage of giving much clearer
      logging of what happens pre-filter and post-filter.

      --
      Noel Jones
    Your message has been successfully submitted and would be delivered to recipients shortly.