Loading ...
Sorry, an error occurred while loading the content.

looking for solution

Expand Messages
  • Ilja Beeskow
    Hello @ll I have a little problem with postfix 2.5, trendmicro viruswall and an old exchange 2k behind it. Perhaps somebody could give me a hint because I m
    Message 1 of 5 , Mar 1, 2010
    • 0 Attachment
      Hello @ll

      I have a little problem with postfix 2.5, trendmicro viruswall and an old
      exchange 2k behind it. Perhaps somebody could give me a hint because I'm
      really confused after some days of trying different things.

      for incoming mail everything is clear:

      relay_domains and transport_maps, tmvw as a content_filter do the job!

      Internet DMZ Intranet
      -------- --------- ----------
      tmvw (as cf)
      10025
      ^ |
      | v 10026
      smtp (25)-> pf (25)-> exchange2k

      outgoing mail should be handled a litte different:

      Internet DMZ Intranet
      -------- --------- ----------
      tmvw (as cf) <---- (10025)
      | (10025) |
      (10026)| ^ | not possible!
      v | |
      MX <-(25) pf pf-sec <-(25) ex2k

      Because of the fact the ex2k was migrated from 5.5 we actually have the
      problem that ex2k is not configurable to use any other port than 25. This
      breaks the design of tmvw.

      My idea is a second smtp-process (I have two IPs) like this

      master.cf
      192.168.1.3:25 inet n - n - - smtpd
      192.168.1.4:25 inet n - n - - smtpd

      What I want ist a forwarding process getting it's mail on port 25 and
      forwarding it to port 10025 of tmvw. tmvw should reinject on port 10026 of the
      first (outbound) smtpd process .

      What I think to know is that my second process has to have set this

      192.168.1.4:25 inet n - n - - smtpd
      -o myhostname=gw.mydomain.local
      -o relayhost=smtp:[127.0.0.1]:10025
      -o content_filter=
      -o smtpd_use_tls=no
      -o mynetworks=192.168.0.0/24
      -o mydestination=
      -o relay_transport=

      Is this possible and why does it not forward to port 10025? Do you have a
      source for me dealing with a similar problem?


      with kind regards

      Ilja Beeskow
    • Martijn de Munnik
      ... I think it is easier to use a transparent proxy which redirects incoming connections to port 25 to localhost port 10025. Check your firewall documentation
      Message 2 of 5 , Mar 1, 2010
      • 0 Attachment
        On Mon, 2010-03-01 at 15:47 +0100, Ilja Beeskow wrote:
        > Hello @ll
        >
        > I have a little problem with postfix 2.5, trendmicro viruswall and an old
        > exchange 2k behind it. Perhaps somebody could give me a hint because I'm
        > really confused after some days of trying different things.
        >
        > for incoming mail everything is clear:
        >
        > relay_domains and transport_maps, tmvw as a content_filter do the job!
        >
        > Internet DMZ Intranet
        > -------- --------- ----------
        > tmvw (as cf)
        > 10025
        > ^ |
        > | v 10026
        > smtp (25)-> pf (25)-> exchange2k
        >
        > outgoing mail should be handled a litte different:
        >
        > Internet DMZ Intranet
        > -------- --------- ----------
        > tmvw (as cf) <---- (10025)
        > | (10025) |
        > (10026)| ^ | not possible!
        > v | |
        > MX <-(25) pf pf-sec <-(25) ex2k
        >
        > Because of the fact the ex2k was migrated from 5.5 we actually have the
        > problem that ex2k is not configurable to use any other port than 25. This
        > breaks the design of tmvw.
        >
        > My idea is a second smtp-process (I have two IPs) like this
        >
        > master.cf
        > 192.168.1.3:25 inet n - n - - smtpd
        > 192.168.1.4:25 inet n - n - - smtpd
        >
        > What I want ist a forwarding process getting it's mail on port 25 and
        > forwarding it to port 10025 of tmvw. tmvw should reinject on port 10026 of the
        > first (outbound) smtpd process .

        I think it is easier to use a transparent proxy which redirects incoming
        connections to port 25 to localhost port 10025. Check your firewall
        documentation for your platform. Ipchains of ipfilter or ...

        >
        > What I think to know is that my second process has to have set this
        >
        > 192.168.1.4:25 inet n - n - - smtpd
        > -o myhostname=gw.mydomain.local
        > -o relayhost=smtp:[127.0.0.1]:10025
        > -o content_filter=
        > -o smtpd_use_tls=no
        > -o mynetworks=192.168.0.0/24
        > -o mydestination=
        > -o relay_transport=
        >
        > Is this possible and why does it not forward to port 10025? Do you have a
        > source for me dealing with a similar problem?
        >
        >
        > with kind regards
        >
        > Ilja Beeskow
        >
      • Noel Jones
        ... The relayhost parameter is a property of trivial-rewrite, not smtpd, and can t be controlled this way. Use content_filter=smtp:[127.0.0.1]:10025 instead.
        Message 3 of 5 , Mar 1, 2010
        • 0 Attachment
          On 3/1/2010 8:47 AM, Ilja Beeskow wrote:
          > Hello @ll
          >
          > I have a little problem with postfix 2.5, trendmicro viruswall and an
          > old exchange 2k behind it. Perhaps somebody could give me a hint because
          > I'm really confused after some days of trying different things.
          >
          > for incoming mail everything is clear:
          >
          > relay_domains and transport_maps, tmvw as a content_filter do the job!
          >
          > Internet DMZ Intranet
          > -------- --------- ----------
          > tmvw (as cf)
          > 10025
          > ^ |
          > | v 10026
          > smtp (25)-> pf (25)-> exchange2k
          >
          > outgoing mail should be handled a litte different:
          >
          > Internet DMZ Intranet
          > -------- --------- ----------
          > tmvw (as cf) <---- (10025)
          > | (10025) |
          > (10026)| ^ | not possible!
          > v | |
          > MX <-(25) pf pf-sec <-(25) ex2k
          >
          > Because of the fact the ex2k was migrated from 5.5 we actually have the
          > problem that ex2k is not configurable to use any other port than 25.
          > This breaks the design of tmvw.
          >
          > My idea is a second smtp-process (I have two IPs) like this
          >
          > master.cf
          > 192.168.1.3:25 inet n - n - - smtpd
          > 192.168.1.4:25 inet n - n - - smtpd
          >
          > What I want ist a forwarding process getting it's mail on port 25 and
          > forwarding it to port 10025 of tmvw. tmvw should reinject on port 10026
          > of the first (outbound) smtpd process .
          >
          > What I think to know is that my second process has to have set this
          >
          > 192.168.1.4:25 inet n - n - - smtpd
          > -o myhostname=gw.mydomain.local
          > -o relayhost=smtp:[127.0.0.1]:10025
          > -o content_filter=
          > -o smtpd_use_tls=no
          > -o mynetworks=192.168.0.0/24
          > -o mydestination=
          > -o relay_transport=
          >
          > Is this possible and why does it not forward to port 10025? Do you have
          > a source for me dealing with a similar problem?

          The relayhost parameter is a property of trivial-rewrite, not
          smtpd, and can't be controlled this way.

          Use content_filter=smtp:[127.0.0.1]:10025 instead.

          -- Noel Jones
        • Ilja Beeskow
          Dear Martijn Your idea did it. Other problems I had were results of misconfiguration inside tmvw. Thank you very much! Ilja
          Message 4 of 5 , Mar 1, 2010
          • 0 Attachment
            Dear Martijn

            Your idea did it. Other problems I had were results of misconfiguration inside
            tmvw.

            Thank you very much!


            Ilja


            Martijn de Munnik schrieb:
            > On Mon, 2010-03-01 at 15:47 +0100, Ilja Beeskow wrote:
            >> Hello @ll
            >>
            >> I have a little problem with postfix 2.5, trendmicro viruswall and an old
            >> exchange 2k behind it. Perhaps somebody could give me a hint because I'm
            >> really confused after some days of trying different things.
            >>
            >> for incoming mail everything is clear:
            >>
            >> relay_domains and transport_maps, tmvw as a content_filter do the job!
            >>
            >> Internet DMZ Intranet
            >> -------- --------- ----------
            >> tmvw (as cf)
            >> 10025
            >> ^ |
            >> | v 10026
            >> smtp (25)-> pf (25)-> exchange2k
            >>
            >> outgoing mail should be handled a litte different:
            >>
            >> Internet DMZ Intranet
            >> -------- --------- ----------
            >> tmvw (as cf) <---- (10025)
            >> | (10025) |
            >> (10026)| ^ | not possible!
            >> v | |
            >> MX <-(25) pf pf-sec <-(25) ex2k
            >>
            >> Because of the fact the ex2k was migrated from 5.5 we actually have the
            >> problem that ex2k is not configurable to use any other port than 25. This
            >> breaks the design of tmvw.
            >>
            >> My idea is a second smtp-process (I have two IPs) like this
            >>
            >> master.cf
            >> 192.168.1.3:25 inet n - n - - smtpd
            >> 192.168.1.4:25 inet n - n - - smtpd
            >>
            >> What I want ist a forwarding process getting it's mail on port 25 and
            >> forwarding it to port 10025 of tmvw. tmvw should reinject on port 10026 of the
            >> first (outbound) smtpd process .
            >
            > I think it is easier to use a transparent proxy which redirects incoming
            > connections to port 25 to localhost port 10025. Check your firewall
            > documentation for your platform. Ipchains of ipfilter or ...
            >
            >> What I think to know is that my second process has to have set this
            >>
            >> 192.168.1.4:25 inet n - n - - smtpd
            >> -o myhostname=gw.mydomain.local
            >> -o relayhost=smtp:[127.0.0.1]:10025
            >> -o content_filter=
            >> -o smtpd_use_tls=no
            >> -o mynetworks=192.168.0.0/24
            >> -o mydestination=
            >> -o relay_transport=
            >>
            >> Is this possible and why does it not forward to port 10025? Do you have a
            >> source for me dealing with a similar problem?
            >>
            >>
            >> with kind regards
            >>
            >> Ilja Beeskow
            >>
            >
            >
            >
            >
          • Ilja Beeskow
            Dear Noel Your hint was useful too! The way suddenly seemed much too complicated and using the content_filter statement is the point where vw will definitely
            Message 5 of 5 , Mar 2, 2010
            • 0 Attachment
              Dear Noel

              Your hint was useful too! The way suddenly seemed much too complicated and
              using the content_filter statement is the point where vw will definitely not
              be able to distinguish in- and outbound messages (in theory). Otherwise
              following your idea I could have forwarded outbound mail directly to the first
              pf instance which already is listening to port 25.

              After all vw is still unable to distinguish in/out. What a unhandy piece of
              software...

              Thanks

              Ilja



              Noel Jones schrieb:
              > On 3/1/2010 8:47 AM, Ilja Beeskow wrote:
              >> Hello @ll
              >>
              >> I have a little problem with postfix 2.5, trendmicro viruswall and an
              >> old exchange 2k behind it. Perhaps somebody could give me a hint because
              >> I'm really confused after some days of trying different things.
              >>
              >> for incoming mail everything is clear:
              >>
              >> relay_domains and transport_maps, tmvw as a content_filter do the job!
              >>
              >> Internet DMZ Intranet
              >> -------- --------- ----------
              >> tmvw (as cf)
              >> 10025
              >> ^ |
              >> | v 10026
              >> smtp (25)-> pf (25)-> exchange2k
              >>
              >> outgoing mail should be handled a litte different:
              >>
              >> Internet DMZ Intranet
              >> -------- --------- ----------
              >> tmvw (as cf) <---- (10025)
              >> | (10025) |
              >> (10026)| ^ | not possible!
              >> v | |
              >> MX <-(25) pf pf-sec <-(25) ex2k
              >>
              >> Because of the fact the ex2k was migrated from 5.5 we actually have the
              >> problem that ex2k is not configurable to use any other port than 25.
              >> This breaks the design of tmvw.
              >>
              >> My idea is a second smtp-process (I have two IPs) like this
              >>
              >> master.cf
              >> 192.168.1.3:25 inet n - n - - smtpd
              >> 192.168.1.4:25 inet n - n - - smtpd
              >>
              >> What I want ist a forwarding process getting it's mail on port 25 and
              >> forwarding it to port 10025 of tmvw. tmvw should reinject on port 10026
              >> of the first (outbound) smtpd process .
              >>
              >> What I think to know is that my second process has to have set this
              >>
              >> 192.168.1.4:25 inet n - n - - smtpd
              >> -o myhostname=gw.mydomain.local
              >> -o relayhost=smtp:[127.0.0.1]:10025
              >> -o content_filter=
              >> -o smtpd_use_tls=no
              >> -o mynetworks=192.168.0.0/24
              >> -o mydestination=
              >> -o relay_transport=
              >>
              >> Is this possible and why does it not forward to port 10025? Do you have
              >> a source for me dealing with a similar problem?
              >
              > The relayhost parameter is a property of trivial-rewrite, not smtpd, and
              > can't be controlled this way.
              >
              > Use content_filter=smtp:[127.0.0.1]:10025 instead.
              >
              > -- Noel Jones
              >
              >
            Your message has been successfully submitted and would be delivered to recipients shortly.