Loading ...
Sorry, an error occurred while loading the content.
 

Re: dedicated antivirus and anti spam

Expand Messages
  • mouss
    ... calling an lmtp based transport smtp-amavis is asking for trouble... if using lmtp, better name it lmtp-amavis and adjust the conten_filter accordingly).
    Message 1 of 5 , Jun 1, 2007
      cachak wrote:
      > hello
      > i have to server
      > one server for mail server with :
      > -postfix
      > -maildrop
      > -courier-auth
      > -courier-imap
      > -saslautd
      >
      > and other server for content filtering(antivirus and spam) with :
      > -amavisd
      > -kaspersky
      > -spamassasin
      >
      > if antivirus and mta in one server, mail server is fine, and my
      > configure in main is :
      > content_filter=smtp-amavis:[127.0.0.1]:10024
      > and in master.cf
      > smtp-amavis unix - - n - 2 lmtp

      calling an lmtp based transport smtp-amavis is asking for trouble... if
      using lmtp, better name it lmtp-amavis and adjust the conten_filter
      accordingly).
      > -o lmtp_data_done_timeout=1200
      > -o lmtp_send_xforward_command=yes
      >
      > 127.0.0.1:10025 inet n - n - - smtpd
      > -o content_filter=
      > -o local_recipient_maps=
      > -o relay_recipient_maps=
      > -o smtpd_restriction_classes=
      > -o smtpd_client_restrictions=
      > -o smtpd_helo_restrictions=
      > -o smtpd_sender_restrictions=
      > -o smtpd_recipient_restrictions=permit_mynetworks,reject
      > -o mynetworks=127.0.0.0/8
      > -o strict_rfc821_envelopes=yes
      > -o smtpd_error_sleep_time=0
      > -o smtpd_soft_error_limit=1001
      > -o smtpd_hard_error_limit=1000
      >
      >
      > if i m use dedicated content filter i dont know to configure
      > how to configure in main.cf,master.cf(server one) and in server two
      >
      > server one is with ip public
      > server two with ip private

      you need to

      - set the content filter to be the remote amavisd. something like
      content_filter=smtp-amavis:[192.168.9.10]:10024
      where 192.168..9.10 is an IP of the remote filtering box.

      - in master.cf, replace lmtp with smtp in the definition of smtp-amavis.
      change the options too (lmtp options would be useless in an smtp
      transport). please take a look at the amavisd-new README.postfix (the
      old and the new): you'll find useful options to add to your transport.

      - replace 127.0.0.1:10025 by 192.168.9.1:10025, where 192.168.9.1 is an
      IP of the postfix server (reachable from the LAN side).

      - configure amavisd on the remote machine to listen on 192.168.9.10
      (instead of 127.0.0.1). for this, set
      $inet_socket_bind = '192.168.9.10'. (you don't need the unix socket
      anymore, since you will be using smtp over TCP).

      - configure amavisd to forward mail back to 192.168.9.9 port 10025
      (where 192.168.9.9 is an IP of the postfix server). for this, set
      $forward_method = 'smtp:[192.168.9.1]:10025

      check amavid
    • mouss
      ... a unix socket cannot be reached from a remote machine.
      Message 2 of 5 , Jun 1, 2007
        Alexandre Balistrieri wrote:
        > On Friday 01 June 2007 08:20, cachak wrote:
        >
        >> hello
        >> i have to server
        >> one server for mail server with :
        >> -postfix
        >> -maildrop
        >> -courier-auth
        >> -courier-imap
        >> -saslautd
        >>
        >> and other server for content filtering(antivirus and spam) with :
        >> -amavisd
        >> -kaspersky
        >> -spamassasin
        >>
        >> if antivirus and mta in one server, mail server is fine, and my
        >> configure in main is :
        >> content_filter=smtp-amavis:[127.0.0.1]:10024
        >> and in master.cf
        >> smtp-amavis unix - - n - 2 lmtp
        >> -o lmtp_data_done_timeout=1200
        >> -o lmtp_send_xforward_command=yes
        >>
        >> 127.0.0.1:10025 inet n - n - - smtpd
        >> -o content_filter=
        >> -o local_recipient_maps=
        >> -o relay_recipient_maps=
        >> -o smtpd_restriction_classes=
        >> -o smtpd_client_restrictions=
        >> -o smtpd_helo_restrictions=
        >> -o smtpd_sender_restrictions=
        >> -o smtpd_recipient_restrictions=permit_mynetworks,reject
        >> -o mynetworks=127.0.0.0/8
        >> -o strict_rfc821_envelopes=yes
        >> -o smtpd_error_sleep_time=0
        >> -o smtpd_soft_error_limit=1001
        >> -o smtpd_hard_error_limit=1000
        >>
        >>
        >> if i m use dedicated content filter i dont know to configure
        >> how to configure in main.cf,master.cf(server one) and in server two
        >>
        >> server one is with ip public
        >> server two with ip private
        >>
        >> Regard,
        >> Sahir
        >> Administrator
        >>
        >
        > my settings,
        > host with postfix (ip public and 10.0.0.1)
        >
        > host with amvisd-new (10.0.0.2)
        >
        > main.cf:
        > content_filter=smtp-amavis:10.0.0.2:10024
        >
        > master.cf
        > smtp-amavis unix - - n - 2 lmtp
        >

        a unix socket cannot be reached from a remote machine.

        > -o lmtp_data_done_timeout=1200
        > -o lmtp_send_xforward_command=yes
        > -o disable_dns_lookups=yes
        > -o max_use=20
        >
        > 10.0.0.1:10025 inet n - n - - smtpd
        > -o content_filter=
        > -o local_recipient_maps=
        > -o relay_recipient_maps=
        > -o smtpd_restriction_classes=
        > -o smtpd_client_restrictions=
        > -o smtpd_helo_restrictions=
        > -o smtpd_sender_restrictions=
        > -o smtpd_recipient_restrictions=permit_mynetworks,reject
        > -o mynetworks=127.0.0.0/8,10.0.0.0/8
        > -o strict_rfc821_envelopes=yes
        > -o smtpd_error_sleep_time=0
        > -o smtpd_soft_error_limit=1001
        > -o smtpd_hard_error_limit=1000
        > -o smtpd_client_connection_count_limit=0
        > -o smtpd_client_connection_rate_limit=0
        > -o
        > receive_override_options=no_header_body_checks,no_unknown_recipient_checks
        >
        > amavisd.conf
        > $forward_method = 'smtp:[10.0.0.1]:10025';
        > @inet_acl = qw(127/8 ::1 10.0.0.1);
        >
        >
      • Alexandre Balistrieri
        ... I did not understand! These is my settings and it is working. ... -- []s Bali
        Message 3 of 5 , Jun 1, 2007
          On Friday 01 June 2007 09:23, mouss wrote:
          > > my settings,
          > > host with postfix (ip public and 10.0.0.1)
          > >
          > > host with amvisd-new (10.0.0.2)
          > >
          > > main.cf:
          > > content_filter=smtp-amavis:10.0.0.2:10024
          > >
          > > master.cf
          > > smtp-amavis unix - - n - 2 lmtp
          >
          > a unix socket cannot be reached from a remote machine.

          I did not understand! These is my settings and it is working.

          > > -o lmtp_data_done_timeout=1200
          > > -o lmtp_send_xforward_command=yes
          > > -o disable_dns_lookups=yes
          > > -o max_use=20
          > >
          > > 10.0.0.1:10025 inet n - n - - smtpd
          > > -o content_filter=
          > > -o local_recipient_maps=
          > > -o relay_recipient_maps=
          > > -o smtpd_restriction_classes=
          > > -o smtpd_client_restrictions=
          > > -o smtpd_helo_restrictions=
          > > -o smtpd_sender_restrictions=
          > > -o smtpd_recipient_restrictions=permit_mynetworks,reject
          > > -o mynetworks=127.0.0.0/8,10.0.0.0/8
          > > -o strict_rfc821_envelopes=yes
          > > -o smtpd_error_sleep_time=0
          > > -o smtpd_soft_error_limit=1001
          > > -o smtpd_hard_error_limit=1000
          > > -o smtpd_client_connection_count_limit=0
          > > -o smtpd_client_connection_rate_limit=0
          > > -o
          > > receive_override_options=no_header_body_checks,no_unknown_recipient_check
          > >s
          > >
          > > amavisd.conf
          > > $forward_method = 'smtp:[10.0.0.1]:10025';
          > > @inet_acl = qw(127/8 ::1 10.0.0.1);

          --
          []s
          Bali
        Your message has been successfully submitted and would be delivered to recipients shortly.