From: Chris Wisecarver (chriswisecarvermpowercom.net)
Date: Fri Apr 01 2005 - 13:41:31 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello postfix-users...

I'm setting up an SMTP server with Postfix+MySQL+MailScanner. I want to separate the actual SMTP traffic from the virus/spam scanning so we don't reject mail under heavy scanning load. So I will have one server running Postfix+MySQL(RX-TX) to answer SMTP requests on the standard port.

I want that server to pass all mail to it's sister server running MailScanner(VSCAN) for scanning and then have the mail passed back to the RX-TX server for delivery. Because MailScanner doesn't talk SMTP like amavisd does I need to have Postfix running on the VSCAN box as well.

My question is how do I get the VSCAN server to drop the mail into the queue so that MailScanner can pick it up and then forward it back to the RX-TX server once it's been scanned and placed in the incoming queue.
  o I tried using transport_maps to send the mail back to the server but that gets processed before queueing.
  o I tried setting the server up to forward all mail to the RX-TX server but that gets processed before queueing.
  o I tried setting the server up to recieve mail and use the header_checks to drop mail into the HOLD queue, ala the MailScanner install guide, but obviously VSCAN rejects the mail because it's not destined for it.

I'm sure there are a million ways to do this and I just haven't gotten any of the ones I tried quite right.

Any help would be appreciated.

Below are excerpts from my config files I thought were relevant.

##VSCAN#postconf -n ##############################
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 2000
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
in_flow_delay = 0
inet_interfaces = 192.168.253.81 # Internal Address of
local_recipient_maps =
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydomain = cyclops.XXXXXXX.XXX
myhostname = cyclops
mynetworks = 192.168.253.80 # Internal address of RX-TX server
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
#################################################

#VSCAN#master.cf########################################
#only the portion I changed from default###########################
####################################################

##below commented to reject smtp from outside interface
#smtp inet n - n - - smtpd

192.168.253.81:10024 inet n - y - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8,192.168.253.80
    -o mynetworks_style=host
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
#####################################################

##VSCAN#header_checks############################
/^Received:/ HOLD
#################################################

##RX-TX#postconf -n #############################
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-mailscanner:[192.168.253.81]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
in_flow_delay = 0
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydomain = XXXXXXX.XXX
myhostname = pheng.XXXXXXX.XXX
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = XXXXXX.com XXXXXXX.com
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox.cf
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
##################################################

#RX-TX#master.cf##################################
#this is only the portion changed from the default
##################################################
smtp-mailscanner unix - - y - 5 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes

192.168.253.80:10025 inet n - y - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8,192.168.253.81
    -o mynetworks_style=host
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
####################################################

--
Chris Wisecarver
Linux/Network Engineer
Mpower Communications
(702) 310-8074

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]