|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
2-server setup for MTA + Content Filtering?
From: William Kimball, Jr. (popauth3
teamdelsol.com)
Date: Tue Jun 08 2004 - 20:56:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've been at this for three days and Google, as well as the postfix archives, tend to throw me down dead-ends. I'm
trying to off-load content filtering and virus scanning to a second server, off the MTA box. I just want the "postfix
box" to handle perimeter mail tasks (SMTP and POP3) with no additional content filtering/scanning, and the "content
filter box" to handle the UCE/virus/etc identification (for ALL mail; I won't be excluding anyone from these filters).
It is my goal to incorporate the following software for the scanning duties (essentially in this order and exclusively
on the filtering box):
1) ClamAV
2) DSPAM
3) Anomy
I have no interest in SpamAssassin (I've been running it on the MTA for a while now and have found it to be largely
ineffective), but over the last few days, I have experimented with it (and Razor) because most of the How-Tos I
encountered use them in their model. In theory, I should be able to find a working solution by taking the How-Tos and
splitting the scanning duties off onto the second box. Unfortunately, this isn't working very well.
At best, I created a situation where all mail WAS being sent off to the filtering box before being sent outside the LAN
or being delivered locally. Yay for that. Unfortunately, this only worked when the originating message came from
within the LAN. ALL mail that originated from outside the LAN was being looped back by the MTA onto itself using it's
*external* IP (the postfix box has 2 IPs, internal and external). This behavior baffled me mostly because I could not
find any instruction anywhere that was forcing it to do so, deliberately. Because I prohibit other boxes from
identifying themselves as my MTA, these loop attempts failed unconditionally and the mail (that originated outside the
LAN) was not being filtered or delivered.
While I could show you my configs, I'd rather not because they have been disabled (ALL filtering has been disabled, at
this point) and they were experimental, anyway (using Amavisd-new and SpamAssassin+Razor on the filter box). I'd rather
just ask you guys to point me to a resource that specifically discusses the scenario I am attempting to implement, and
start over.
Thanks!
--
William Kimball, Jr.
"Programming is an art-form that fights back!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]