Loading ...
Sorry, an error occurred while loading the content.

Re: looking for solution

Expand Messages
  • Ilja Beeskow
    Dear Martijn Your idea did it. Other problems I had were results of misconfiguration inside tmvw. Thank you very much! Ilja
    Message 1 of 5 , Mar 1, 2010
    • 0 Attachment
      Dear Martijn

      Your idea did it. Other problems I had were results of misconfiguration inside
      tmvw.

      Thank you very much!


      Ilja


      Martijn de Munnik schrieb:
      > On Mon, 2010-03-01 at 15:47 +0100, Ilja Beeskow wrote:
      >> Hello @ll
      >>
      >> I have a little problem with postfix 2.5, trendmicro viruswall and an old
      >> exchange 2k behind it. Perhaps somebody could give me a hint because I'm
      >> really confused after some days of trying different things.
      >>
      >> for incoming mail everything is clear:
      >>
      >> relay_domains and transport_maps, tmvw as a content_filter do the job!
      >>
      >> Internet DMZ Intranet
      >> -------- --------- ----------
      >> tmvw (as cf)
      >> 10025
      >> ^ |
      >> | v 10026
      >> smtp (25)-> pf (25)-> exchange2k
      >>
      >> outgoing mail should be handled a litte different:
      >>
      >> Internet DMZ Intranet
      >> -------- --------- ----------
      >> tmvw (as cf) <---- (10025)
      >> | (10025) |
      >> (10026)| ^ | not possible!
      >> v | |
      >> MX <-(25) pf pf-sec <-(25) ex2k
      >>
      >> Because of the fact the ex2k was migrated from 5.5 we actually have the
      >> problem that ex2k is not configurable to use any other port than 25. This
      >> breaks the design of tmvw.
      >>
      >> My idea is a second smtp-process (I have two IPs) like this
      >>
      >> master.cf
      >> 192.168.1.3:25 inet n - n - - smtpd
      >> 192.168.1.4:25 inet n - n - - smtpd
      >>
      >> What I want ist a forwarding process getting it's mail on port 25 and
      >> forwarding it to port 10025 of tmvw. tmvw should reinject on port 10026 of the
      >> first (outbound) smtpd process .
      >
      > I think it is easier to use a transparent proxy which redirects incoming
      > connections to port 25 to localhost port 10025. Check your firewall
      > documentation for your platform. Ipchains of ipfilter or ...
      >
      >> What I think to know is that my second process has to have set this
      >>
      >> 192.168.1.4:25 inet n - n - - smtpd
      >> -o myhostname=gw.mydomain.local
      >> -o relayhost=smtp:[127.0.0.1]:10025
      >> -o content_filter=
      >> -o smtpd_use_tls=no
      >> -o mynetworks=192.168.0.0/24
      >> -o mydestination=
      >> -o relay_transport=
      >>
      >> Is this possible and why does it not forward to port 10025? Do you have a
      >> source for me dealing with a similar problem?
      >>
      >>
      >> with kind regards
      >>
      >> Ilja Beeskow
      >>
      >
      >
      >
      >
    • Ilja Beeskow
      Dear Noel Your hint was useful too! The way suddenly seemed much too complicated and using the content_filter statement is the point where vw will definitely
      Message 2 of 5 , Mar 2, 2010
      • 0 Attachment
        Dear Noel

        Your hint was useful too! The way suddenly seemed much too complicated and
        using the content_filter statement is the point where vw will definitely not
        be able to distinguish in- and outbound messages (in theory). Otherwise
        following your idea I could have forwarded outbound mail directly to the first
        pf instance which already is listening to port 25.

        After all vw is still unable to distinguish in/out. What a unhandy piece of
        software...

        Thanks

        Ilja



        Noel Jones schrieb:
        > On 3/1/2010 8:47 AM, Ilja Beeskow wrote:
        >> Hello @ll
        >>
        >> I have a little problem with postfix 2.5, trendmicro viruswall and an
        >> old exchange 2k behind it. Perhaps somebody could give me a hint because
        >> I'm really confused after some days of trying different things.
        >>
        >> for incoming mail everything is clear:
        >>
        >> relay_domains and transport_maps, tmvw as a content_filter do the job!
        >>
        >> Internet DMZ Intranet
        >> -------- --------- ----------
        >> tmvw (as cf)
        >> 10025
        >> ^ |
        >> | v 10026
        >> smtp (25)-> pf (25)-> exchange2k
        >>
        >> outgoing mail should be handled a litte different:
        >>
        >> Internet DMZ Intranet
        >> -------- --------- ----------
        >> tmvw (as cf) <---- (10025)
        >> | (10025) |
        >> (10026)| ^ | not possible!
        >> v | |
        >> MX <-(25) pf pf-sec <-(25) ex2k
        >>
        >> Because of the fact the ex2k was migrated from 5.5 we actually have the
        >> problem that ex2k is not configurable to use any other port than 25.
        >> This breaks the design of tmvw.
        >>
        >> My idea is a second smtp-process (I have two IPs) like this
        >>
        >> master.cf
        >> 192.168.1.3:25 inet n - n - - smtpd
        >> 192.168.1.4:25 inet n - n - - smtpd
        >>
        >> What I want ist a forwarding process getting it's mail on port 25 and
        >> forwarding it to port 10025 of tmvw. tmvw should reinject on port 10026
        >> of the first (outbound) smtpd process .
        >>
        >> What I think to know is that my second process has to have set this
        >>
        >> 192.168.1.4:25 inet n - n - - smtpd
        >> -o myhostname=gw.mydomain.local
        >> -o relayhost=smtp:[127.0.0.1]:10025
        >> -o content_filter=
        >> -o smtpd_use_tls=no
        >> -o mynetworks=192.168.0.0/24
        >> -o mydestination=
        >> -o relay_transport=
        >>
        >> Is this possible and why does it not forward to port 10025? Do you have
        >> a source for me dealing with a similar problem?
        >
        > The relayhost parameter is a property of trivial-rewrite, not smtpd, and
        > can't be controlled this way.
        >
        > Use content_filter=smtp:[127.0.0.1]:10025 instead.
        >
        > -- Noel Jones
        >
        >
      Your message has been successfully submitted and would be delivered to recipients shortly.