Loading ...
Sorry, an error occurred while loading the content.

Re: looking for solution

Expand Messages
  • Martijn de Munnik
    ... I think it is easier to use a transparent proxy which redirects incoming connections to port 25 to localhost port 10025. Check your firewall documentation
    Message 1 of 5 , Mar 1, 2010
    • 0 Attachment
      On Mon, 2010-03-01 at 15:47 +0100, Ilja Beeskow wrote:
      > Hello @ll
      >
      > I have a little problem with postfix 2.5, trendmicro viruswall and an old
      > exchange 2k behind it. Perhaps somebody could give me a hint because I'm
      > really confused after some days of trying different things.
      >
      > for incoming mail everything is clear:
      >
      > relay_domains and transport_maps, tmvw as a content_filter do the job!
      >
      > Internet DMZ Intranet
      > -------- --------- ----------
      > tmvw (as cf)
      > 10025
      > ^ |
      > | v 10026
      > smtp (25)-> pf (25)-> exchange2k
      >
      > outgoing mail should be handled a litte different:
      >
      > Internet DMZ Intranet
      > -------- --------- ----------
      > tmvw (as cf) <---- (10025)
      > | (10025) |
      > (10026)| ^ | not possible!
      > v | |
      > MX <-(25) pf pf-sec <-(25) ex2k
      >
      > Because of the fact the ex2k was migrated from 5.5 we actually have the
      > problem that ex2k is not configurable to use any other port than 25. This
      > breaks the design of tmvw.
      >
      > My idea is a second smtp-process (I have two IPs) like this
      >
      > master.cf
      > 192.168.1.3:25 inet n - n - - smtpd
      > 192.168.1.4:25 inet n - n - - smtpd
      >
      > What I want ist a forwarding process getting it's mail on port 25 and
      > forwarding it to port 10025 of tmvw. tmvw should reinject on port 10026 of the
      > first (outbound) smtpd process .

      I think it is easier to use a transparent proxy which redirects incoming
      connections to port 25 to localhost port 10025. Check your firewall
      documentation for your platform. Ipchains of ipfilter or ...

      >
      > What I think to know is that my second process has to have set this
      >
      > 192.168.1.4:25 inet n - n - - smtpd
      > -o myhostname=gw.mydomain.local
      > -o relayhost=smtp:[127.0.0.1]:10025
      > -o content_filter=
      > -o smtpd_use_tls=no
      > -o mynetworks=192.168.0.0/24
      > -o mydestination=
      > -o relay_transport=
      >
      > Is this possible and why does it not forward to port 10025? Do you have a
      > source for me dealing with a similar problem?
      >
      >
      > with kind regards
      >
      > Ilja Beeskow
      >
    • Noel Jones
      ... The relayhost parameter is a property of trivial-rewrite, not smtpd, and can t be controlled this way. Use content_filter=smtp:[127.0.0.1]:10025 instead.
      Message 2 of 5 , Mar 1, 2010
      • 0 Attachment
        On 3/1/2010 8:47 AM, Ilja Beeskow wrote:
        > Hello @ll
        >
        > I have a little problem with postfix 2.5, trendmicro viruswall and an
        > old exchange 2k behind it. Perhaps somebody could give me a hint because
        > I'm really confused after some days of trying different things.
        >
        > for incoming mail everything is clear:
        >
        > relay_domains and transport_maps, tmvw as a content_filter do the job!
        >
        > Internet DMZ Intranet
        > -------- --------- ----------
        > tmvw (as cf)
        > 10025
        > ^ |
        > | v 10026
        > smtp (25)-> pf (25)-> exchange2k
        >
        > outgoing mail should be handled a litte different:
        >
        > Internet DMZ Intranet
        > -------- --------- ----------
        > tmvw (as cf) <---- (10025)
        > | (10025) |
        > (10026)| ^ | not possible!
        > v | |
        > MX <-(25) pf pf-sec <-(25) ex2k
        >
        > Because of the fact the ex2k was migrated from 5.5 we actually have the
        > problem that ex2k is not configurable to use any other port than 25.
        > This breaks the design of tmvw.
        >
        > My idea is a second smtp-process (I have two IPs) like this
        >
        > master.cf
        > 192.168.1.3:25 inet n - n - - smtpd
        > 192.168.1.4:25 inet n - n - - smtpd
        >
        > What I want ist a forwarding process getting it's mail on port 25 and
        > forwarding it to port 10025 of tmvw. tmvw should reinject on port 10026
        > of the first (outbound) smtpd process .
        >
        > What I think to know is that my second process has to have set this
        >
        > 192.168.1.4:25 inet n - n - - smtpd
        > -o myhostname=gw.mydomain.local
        > -o relayhost=smtp:[127.0.0.1]:10025
        > -o content_filter=
        > -o smtpd_use_tls=no
        > -o mynetworks=192.168.0.0/24
        > -o mydestination=
        > -o relay_transport=
        >
        > Is this possible and why does it not forward to port 10025? Do you have
        > a source for me dealing with a similar problem?

        The relayhost parameter is a property of trivial-rewrite, not
        smtpd, and can't be controlled this way.

        Use content_filter=smtp:[127.0.0.1]:10025 instead.

        -- Noel Jones
      • Ilja Beeskow
        Dear Martijn Your idea did it. Other problems I had were results of misconfiguration inside tmvw. Thank you very much! Ilja
        Message 3 of 5 , Mar 1, 2010
        • 0 Attachment
          Dear Martijn

          Your idea did it. Other problems I had were results of misconfiguration inside
          tmvw.

          Thank you very much!


          Ilja


          Martijn de Munnik schrieb:
          > On Mon, 2010-03-01 at 15:47 +0100, Ilja Beeskow wrote:
          >> Hello @ll
          >>
          >> I have a little problem with postfix 2.5, trendmicro viruswall and an old
          >> exchange 2k behind it. Perhaps somebody could give me a hint because I'm
          >> really confused after some days of trying different things.
          >>
          >> for incoming mail everything is clear:
          >>
          >> relay_domains and transport_maps, tmvw as a content_filter do the job!
          >>
          >> Internet DMZ Intranet
          >> -------- --------- ----------
          >> tmvw (as cf)
          >> 10025
          >> ^ |
          >> | v 10026
          >> smtp (25)-> pf (25)-> exchange2k
          >>
          >> outgoing mail should be handled a litte different:
          >>
          >> Internet DMZ Intranet
          >> -------- --------- ----------
          >> tmvw (as cf) <---- (10025)
          >> | (10025) |
          >> (10026)| ^ | not possible!
          >> v | |
          >> MX <-(25) pf pf-sec <-(25) ex2k
          >>
          >> Because of the fact the ex2k was migrated from 5.5 we actually have the
          >> problem that ex2k is not configurable to use any other port than 25. This
          >> breaks the design of tmvw.
          >>
          >> My idea is a second smtp-process (I have two IPs) like this
          >>
          >> master.cf
          >> 192.168.1.3:25 inet n - n - - smtpd
          >> 192.168.1.4:25 inet n - n - - smtpd
          >>
          >> What I want ist a forwarding process getting it's mail on port 25 and
          >> forwarding it to port 10025 of tmvw. tmvw should reinject on port 10026 of the
          >> first (outbound) smtpd process .
          >
          > I think it is easier to use a transparent proxy which redirects incoming
          > connections to port 25 to localhost port 10025. Check your firewall
          > documentation for your platform. Ipchains of ipfilter or ...
          >
          >> What I think to know is that my second process has to have set this
          >>
          >> 192.168.1.4:25 inet n - n - - smtpd
          >> -o myhostname=gw.mydomain.local
          >> -o relayhost=smtp:[127.0.0.1]:10025
          >> -o content_filter=
          >> -o smtpd_use_tls=no
          >> -o mynetworks=192.168.0.0/24
          >> -o mydestination=
          >> -o relay_transport=
          >>
          >> Is this possible and why does it not forward to port 10025? Do you have a
          >> source for me dealing with a similar problem?
          >>
          >>
          >> with kind regards
          >>
          >> Ilja Beeskow
          >>
          >
          >
          >
          >
        • Ilja Beeskow
          Dear Noel Your hint was useful too! The way suddenly seemed much too complicated and using the content_filter statement is the point where vw will definitely
          Message 4 of 5 , Mar 2, 2010
          • 0 Attachment
            Dear Noel

            Your hint was useful too! The way suddenly seemed much too complicated and
            using the content_filter statement is the point where vw will definitely not
            be able to distinguish in- and outbound messages (in theory). Otherwise
            following your idea I could have forwarded outbound mail directly to the first
            pf instance which already is listening to port 25.

            After all vw is still unable to distinguish in/out. What a unhandy piece of
            software...

            Thanks

            Ilja



            Noel Jones schrieb:
            > On 3/1/2010 8:47 AM, Ilja Beeskow wrote:
            >> Hello @ll
            >>
            >> I have a little problem with postfix 2.5, trendmicro viruswall and an
            >> old exchange 2k behind it. Perhaps somebody could give me a hint because
            >> I'm really confused after some days of trying different things.
            >>
            >> for incoming mail everything is clear:
            >>
            >> relay_domains and transport_maps, tmvw as a content_filter do the job!
            >>
            >> Internet DMZ Intranet
            >> -------- --------- ----------
            >> tmvw (as cf)
            >> 10025
            >> ^ |
            >> | v 10026
            >> smtp (25)-> pf (25)-> exchange2k
            >>
            >> outgoing mail should be handled a litte different:
            >>
            >> Internet DMZ Intranet
            >> -------- --------- ----------
            >> tmvw (as cf) <---- (10025)
            >> | (10025) |
            >> (10026)| ^ | not possible!
            >> v | |
            >> MX <-(25) pf pf-sec <-(25) ex2k
            >>
            >> Because of the fact the ex2k was migrated from 5.5 we actually have the
            >> problem that ex2k is not configurable to use any other port than 25.
            >> This breaks the design of tmvw.
            >>
            >> My idea is a second smtp-process (I have two IPs) like this
            >>
            >> master.cf
            >> 192.168.1.3:25 inet n - n - - smtpd
            >> 192.168.1.4:25 inet n - n - - smtpd
            >>
            >> What I want ist a forwarding process getting it's mail on port 25 and
            >> forwarding it to port 10025 of tmvw. tmvw should reinject on port 10026
            >> of the first (outbound) smtpd process .
            >>
            >> What I think to know is that my second process has to have set this
            >>
            >> 192.168.1.4:25 inet n - n - - smtpd
            >> -o myhostname=gw.mydomain.local
            >> -o relayhost=smtp:[127.0.0.1]:10025
            >> -o content_filter=
            >> -o smtpd_use_tls=no
            >> -o mynetworks=192.168.0.0/24
            >> -o mydestination=
            >> -o relay_transport=
            >>
            >> Is this possible and why does it not forward to port 10025? Do you have
            >> a source for me dealing with a similar problem?
            >
            > The relayhost parameter is a property of trivial-rewrite, not smtpd, and
            > can't be controlled this way.
            >
            > Use content_filter=smtp:[127.0.0.1]:10025 instead.
            >
            > -- Noel Jones
            >
            >
          Your message has been successfully submitted and would be delivered to recipients shortly.