Solved

Postfix: Check only incoming mails with content_filter over amavisd

Posted on 2009-07-08
2
1,138 Views
Last Modified: 2013-11-30
Hi,

I am using Postfix with amavisd and confixx.

Virtual Adresses and Virtual Domains are used in the main.cf

Additional Amavisd is called by content_filter =   smtp-amavis:[serveraddress]:port

My problem is, that every Mail is delivered through amavis. I only want to check incoming emails.

How can i get this working?
0
Comment
Question by:bananentoast
2 Comments
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 500 total points
ID: 24809980
Hi,

To accomplish this you need to use more than one address on your postfix system. Let assume that you've assigned 192.168.1.10 and 192.168.1.11 to your SMTP server. The idea is your external hosts to reach 192.168.1.10 to deliver SMTP mail and they go through amavis but the internal users will deliver 192.168.1.11 and the address wil be set to bypass in amavisd. I am assuming that you've defined a secondary IP to your system for this purpose.

In this case you need to edit your main.cf file and make some modifications to it:
- Find "inet_interfaces = all" and comment it.
- Add "inet_interfaces = localhost, $myhostname, 192.168.1.11"
- Find "content_filter=smtp-amavis:[127.0.0.1]:10024" and comment it out.

Save and exit. Now edit your main.cf:
- Find "smtp    inet  n       -       n       -       -       smtpd" and comment it out.
- Add these lines just below it:

192.168.1.10:smtp   inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10024
127.0.0.1:smtp     inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10024
192.168.1.11:smtp inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10026
    -o mynetworks=127.0.0.0/8,!192.168.1.1,192.168.1.0/24
    -o smtpd_client_restrictions=permit_mynetworks,reject

This will allow you to split your network in 3. The first is your external IP, second is the localhost and the third is your internal SMTP servers. From now on your internal servers will be sending to this address instead of 192.168.1.10.
- Find this line and modify it to look like below::
pickup    fifo  n       -       n       60      1       pickup

to

pickup    fifo  n       -       n       60      1       pickup
    -o content_filter=smtp-amavis:[127.0.0.1]:10026

This is a side effect of removing global main.cf content_filter command. So we've disabled local pickup service too so we need to add this manually to keep it operating.



Edit your /etc/amavisd.conf and add these lines:

# change this from the original setting. Origianlly it is 10024 only. Add 10026 too.
$inet_socket_port = [10024, 10026];

# configure the new interface
$interface_policy{'10026'} = 'BYPASS';

$policy_bank{'BYPASS'} = {  # those configured to send mail to port 10026 from internal hosts
   bypass_spam_checks_maps   => [1],  # don't spam-check this mail
   bypass_banned_checks_maps => [1],  # don't banned-check this mail
   bypass_header_checks_maps => [1],  # don't header-check this mail  
};

Save and exit.  Don't forget to restart amavis and postfix.


Cheers,
K.
0
 
LVL 1

Author Comment

by:bananentoast
ID: 24839652
Hi, thank you for this answer!

My Clients will connect over sasl authentication. How do i have to add this to master.cf
192.168.1.11:smtp inet  n       -       n       -       -       smtpd
     -o content_filter=
     -o [some option to allow sasl-clients?]

Is this right?

And another Question:

in my main.cf i have some "global" restrictions. so i have to copy all of them unter the 192.168.1.11:smtp [...] parts in master.cf?

Dennis
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now