Loading ...
Sorry, an error occurred while loading the content.
 

Re: Per user SPF and Anti Virus checks

Expand Messages
  • mouss
    ... you used a single instance. ... transports are global in an instance. you need to run multiple instances of postfix: run postfix multiple times (not just
    Message 1 of 11 , Apr 1, 2008
      Paul G. Allen wrote:
      > [snip]
      >>
      >
      > Before the responses thus far, I was able to sort of get it working
      > using transport_maps (instead of the content_filter that I had). The
      > only problem is that it was caught in a recursive loop where the
      > e-mails are being sent to AVG, the response is returned to Postfix,
      > then it's sent to AVG again, etc., etc. (NOTE: Postfix does properly
      > read the DB and only sends e-mails to AVG for accounts with Antispam
      > enabled, so I at least got that part right. :D )

      you used a single instance.
      >
      > It seems I read something somewhere about the possibility of this
      > happening and how to properly configure such a filter so it won't, but
      > I can't remember where it was, what it was, or how to do it.

      transports are global in an instance. you need to run multiple instances
      of postfix: run postfix multiple times (not just edit one master.cf).

      - one postfix handles mail on port 25 and uses transport_maps to
      redirect users to the corresponding filter. mail that should not be
      filtered is passed to the second instance (below) via relayhost for
      instance.

      - the other postfix uses a "standard" transport_maps (no filtering) and
      handles delivery.
    • Paul G. Allen
      ... I was finally able to get back to finishing this server and wanted to put closure on this thread. Thanks for the advice and help. What I did was setup a
      Message 2 of 11 , Apr 8, 2008
        mouss wrote:

        >
        > transports are global in an instance. you need to run multiple instances
        > of postfix: run postfix multiple times (not just edit one master.cf).
        >
        > - one postfix handles mail on port 25 and uses transport_maps to
        > redirect users to the corresponding filter. mail that should not be
        > filtered is passed to the second instance (below) via relayhost for
        > instance.
        >
        > - the other postfix uses a "standard" transport_maps (no filtering) and
        > handles delivery.
        >

        I was finally able to get back to finishing this server and wanted to
        put closure on this thread.

        Thanks for the advice and help.

        What I did was setup a second instance of Postfix to handle the
        filtering. The first (primary) instance checks the PostgreSQL database
        to see if the recipient has enabled Anti-Spam through the use of
        transport_maps. If they have, it sends the incoming message to the
        second instance listening on a local port.

        The second instance uses AVG to scan the message (content_filter). AVG
        returns the message back to the second instance, and it in turn relays
        the message to the qmail server.

        Note that the first instance also performs initial "inexpensive" checks
        on incoming e-mails to help weed out the bulk of spam before it's even
        queued. The way all this is configured each scanner (AVG and the SPF
        policy server, as well as our optional local blacklist) and each e-mail
        server could be run on different machines easily when traffic increases
        to the point tat it's necessary. Users have complete control over
        whether e-mail is scanned or not, and unlike the qmail server, the user
        settings actually work.

        During all this, I've decided I really like Postfix and qmail sucks. :)

        PGA
        --
        Paul G. Allen, BSIT/SE
        Network Administrator
        Greenest Host
        www.greenesthost.com
      • mouss
        ... if you do no rewrite on postfix, this is ok. if you do rewrite, you d better pass all mail through the second instance, possibly via spam filter (for users
        Message 3 of 11 , Apr 8, 2008
          Paul G. Allen wrote:
          > mouss wrote:
          >
          >>
          >> transports are global in an instance. you need to run multiple
          >> instances of postfix: run postfix multiple times (not just edit one
          >> master.cf).
          >>
          >> - one postfix handles mail on port 25 and uses transport_maps to
          >> redirect users to the corresponding filter. mail that should not be
          >> filtered is passed to the second instance (below) via relayhost for
          >> instance.
          >>
          >> - the other postfix uses a "standard" transport_maps (no filtering)
          >> and handles delivery.
          >>
          >
          > I was finally able to get back to finishing this server and wanted to
          > put closure on this thread.
          >
          > Thanks for the advice and help.
          >
          > What I did was setup a second instance of Postfix to handle the
          > filtering. The first (primary) instance checks the PostgreSQL database
          > to see if the recipient has enabled Anti-Spam through the use of
          > transport_maps. If they have, it sends the incoming message to the
          > second instance listening on a local port.

          if you do no rewrite on postfix, this is ok. if you do rewrite, you'd
          better pass all mail through the second instance, possibly via spam
          filter (for users that need filtering). This way you can do all rewrite
          in the second instance (so that the filter gets "original" addresses).
          in short, the first instance would have a relayhost pointing to the
          second instance, and you'll have transport entries for users who need
          filtering pointing to the filter. the filter then passes back all mail
          to the second instance. all like if you had multiple machines with
          different roles.

          >
          > The second instance uses AVG to scan the message (content_filter). AVG
          > returns the message back to the second instance, and it in turn relays
          > the message to the qmail server.
          >
          > Note that the first instance also performs initial "inexpensive"
          > checks on incoming e-mails to help weed out the bulk of spam before
          > it's even queued. The way all this is configured each scanner (AVG and
          > the SPF policy server, as well as our optional local blacklist) and
          > each e-mail server could be run on different machines easily when
          > traffic increases to the point tat it's necessary. Users have complete
          > control over whether e-mail is scanned or not, and unlike the qmail
          > server, the user settings actually work.
          >
          > During all this, I've decided I really like Postfix and qmail sucks. :)
          >
          > PGA
        Your message has been successfully submitted and would be delivered to recipients shortly.