Solved

Postfix: Check only incoming mails with content_filter over amavisd

Posted on 2009-07-08
2
1,197 Views
Last Modified: 2013-11-30
Hi,

I am using Postfix with amavisd and confixx.

Virtual Adresses and Virtual Domains are used in the main.cf

Additional Amavisd is called by content_filter =   smtp-amavis:[serveraddress]:port

My problem is, that every Mail is delivered through amavis. I only want to check incoming emails.

How can i get this working?
0
Comment
Question by:bananentoast
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 500 total points
ID: 24809980
Hi,

To accomplish this you need to use more than one address on your postfix system. Let assume that you've assigned 192.168.1.10 and 192.168.1.11 to your SMTP server. The idea is your external hosts to reach 192.168.1.10 to deliver SMTP mail and they go through amavis but the internal users will deliver 192.168.1.11 and the address wil be set to bypass in amavisd. I am assuming that you've defined a secondary IP to your system for this purpose.

In this case you need to edit your main.cf file and make some modifications to it:
- Find "inet_interfaces = all" and comment it.
- Add "inet_interfaces = localhost, $myhostname, 192.168.1.11"
- Find "content_filter=smtp-amavis:[127.0.0.1]:10024" and comment it out.

Save and exit. Now edit your main.cf:
- Find "smtp    inet  n       -       n       -       -       smtpd" and comment it out.
- Add these lines just below it:

192.168.1.10:smtp   inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10024
127.0.0.1:smtp     inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10024
192.168.1.11:smtp inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10026
    -o mynetworks=127.0.0.0/8,!192.168.1.1,192.168.1.0/24
    -o smtpd_client_restrictions=permit_mynetworks,reject

This will allow you to split your network in 3. The first is your external IP, second is the localhost and the third is your internal SMTP servers. From now on your internal servers will be sending to this address instead of 192.168.1.10.
- Find this line and modify it to look like below::
pickup    fifo  n       -       n       60      1       pickup

to

pickup    fifo  n       -       n       60      1       pickup
    -o content_filter=smtp-amavis:[127.0.0.1]:10026

This is a side effect of removing global main.cf content_filter command. So we've disabled local pickup service too so we need to add this manually to keep it operating.



Edit your /etc/amavisd.conf and add these lines:

# change this from the original setting. Origianlly it is 10024 only. Add 10026 too.
$inet_socket_port = [10024, 10026];

# configure the new interface
$interface_policy{'10026'} = 'BYPASS';

$policy_bank{'BYPASS'} = {  # those configured to send mail to port 10026 from internal hosts
   bypass_spam_checks_maps   => [1],  # don't spam-check this mail
   bypass_banned_checks_maps => [1],  # don't banned-check this mail
   bypass_header_checks_maps => [1],  # don't header-check this mail  
};

Save and exit.  Don't forget to restart amavis and postfix.


Cheers,
K.
0
 
LVL 1

Author Comment

by:bananentoast
ID: 24839652
Hi, thank you for this answer!

My Clients will connect over sasl authentication. How do i have to add this to master.cf
192.168.1.11:smtp inet  n       -       n       -       -       smtpd
     -o content_filter=
     -o [some option to allow sasl-clients?]

Is this right?

And another Question:

in my main.cf i have some "global" restrictions. so i have to copy all of them unter the 192.168.1.11:smtp [...] parts in master.cf?

Dennis
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

731 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question