Postfix: Check only incoming mails with content_filter over amavisd

Hi,

I am using Postfix with amavisd and confixx.

Virtual Adresses and Virtual Domains are used in the main.cf

Additional Amavisd is called by content_filter =   smtp-amavis:[serveraddress]:port

My problem is, that every Mail is delivered through amavis. I only want to check incoming emails.

How can i get this working?
LVL 1
bananentoastAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kerem ERSOYPresidentCommented:
Hi,

To accomplish this you need to use more than one address on your postfix system. Let assume that you've assigned 192.168.1.10 and 192.168.1.11 to your SMTP server. The idea is your external hosts to reach 192.168.1.10 to deliver SMTP mail and they go through amavis but the internal users will deliver 192.168.1.11 and the address wil be set to bypass in amavisd. I am assuming that you've defined a secondary IP to your system for this purpose.

In this case you need to edit your main.cf file and make some modifications to it:
- Find "inet_interfaces = all" and comment it.
- Add "inet_interfaces = localhost, $myhostname, 192.168.1.11"
- Find "content_filter=smtp-amavis:[127.0.0.1]:10024" and comment it out.

Save and exit. Now edit your main.cf:
- Find "smtp    inet  n       -       n       -       -       smtpd" and comment it out.
- Add these lines just below it:

192.168.1.10:smtp   inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10024
127.0.0.1:smtp     inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10024
192.168.1.11:smtp inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10026
    -o mynetworks=127.0.0.0/8,!192.168.1.1,192.168.1.0/24
    -o smtpd_client_restrictions=permit_mynetworks,reject

This will allow you to split your network in 3. The first is your external IP, second is the localhost and the third is your internal SMTP servers. From now on your internal servers will be sending to this address instead of 192.168.1.10.
- Find this line and modify it to look like below::
pickup    fifo  n       -       n       60      1       pickup

to

pickup    fifo  n       -       n       60      1       pickup
    -o content_filter=smtp-amavis:[127.0.0.1]:10026

This is a side effect of removing global main.cf content_filter command. So we've disabled local pickup service too so we need to add this manually to keep it operating.



Edit your /etc/amavisd.conf and add these lines:

# change this from the original setting. Origianlly it is 10024 only. Add 10026 too.
$inet_socket_port = [10024, 10026];

# configure the new interface
$interface_policy{'10026'} = 'BYPASS';

$policy_bank{'BYPASS'} = {  # those configured to send mail to port 10026 from internal hosts
   bypass_spam_checks_maps   => [1],  # don't spam-check this mail
   bypass_banned_checks_maps => [1],  # don't banned-check this mail
   bypass_header_checks_maps => [1],  # don't header-check this mail  
};

Save and exit.  Don't forget to restart amavis and postfix.


Cheers,
K.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bananentoastAuthor Commented:
Hi, thank you for this answer!

My Clients will connect over sasl authentication. How do i have to add this to master.cf
192.168.1.11:smtp inet  n       -       n       -       -       smtpd
     -o content_filter=
     -o [some option to allow sasl-clients?]

Is this right?

And another Question:

in my main.cf i have some "global" restrictions. so i have to copy all of them unter the 192.168.1.11:smtp [...] parts in master.cf?

Dennis
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.