Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1261
  • Last Modified:

Postfix: Check only incoming mails with content_filter over amavisd

Hi,

I am using Postfix with amavisd and confixx.

Virtual Adresses and Virtual Domains are used in the main.cf

Additional Amavisd is called by content_filter =   smtp-amavis:[serveraddress]:port

My problem is, that every Mail is delivered through amavis. I only want to check incoming emails.

How can i get this working?
0
bananentoast
Asked:
bananentoast
1 Solution
 
Kerem ERSOYPresidentCommented:
Hi,

To accomplish this you need to use more than one address on your postfix system. Let assume that you've assigned 192.168.1.10 and 192.168.1.11 to your SMTP server. The idea is your external hosts to reach 192.168.1.10 to deliver SMTP mail and they go through amavis but the internal users will deliver 192.168.1.11 and the address wil be set to bypass in amavisd. I am assuming that you've defined a secondary IP to your system for this purpose.

In this case you need to edit your main.cf file and make some modifications to it:
- Find "inet_interfaces = all" and comment it.
- Add "inet_interfaces = localhost, $myhostname, 192.168.1.11"
- Find "content_filter=smtp-amavis:[127.0.0.1]:10024" and comment it out.

Save and exit. Now edit your main.cf:
- Find "smtp    inet  n       -       n       -       -       smtpd" and comment it out.
- Add these lines just below it:

192.168.1.10:smtp   inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10024
127.0.0.1:smtp     inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10024
192.168.1.11:smtp inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10026
    -o mynetworks=127.0.0.0/8,!192.168.1.1,192.168.1.0/24
    -o smtpd_client_restrictions=permit_mynetworks,reject

This will allow you to split your network in 3. The first is your external IP, second is the localhost and the third is your internal SMTP servers. From now on your internal servers will be sending to this address instead of 192.168.1.10.
- Find this line and modify it to look like below::
pickup    fifo  n       -       n       60      1       pickup

to

pickup    fifo  n       -       n       60      1       pickup
    -o content_filter=smtp-amavis:[127.0.0.1]:10026

This is a side effect of removing global main.cf content_filter command. So we've disabled local pickup service too so we need to add this manually to keep it operating.



Edit your /etc/amavisd.conf and add these lines:

# change this from the original setting. Origianlly it is 10024 only. Add 10026 too.
$inet_socket_port = [10024, 10026];

# configure the new interface
$interface_policy{'10026'} = 'BYPASS';

$policy_bank{'BYPASS'} = {  # those configured to send mail to port 10026 from internal hosts
   bypass_spam_checks_maps   => [1],  # don't spam-check this mail
   bypass_banned_checks_maps => [1],  # don't banned-check this mail
   bypass_header_checks_maps => [1],  # don't header-check this mail  
};

Save and exit.  Don't forget to restart amavis and postfix.


Cheers,
K.
0
 
bananentoastAuthor Commented:
Hi, thank you for this answer!

My Clients will connect over sasl authentication. How do i have to add this to master.cf
192.168.1.11:smtp inet  n       -       n       -       -       smtpd
     -o content_filter=
     -o [some option to allow sasl-clients?]

Is this right?

And another Question:

in my main.cf i have some "global" restrictions. so i have to copy all of them unter the 192.168.1.11:smtp [...] parts in master.cf?

Dennis
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now