Solved

Postfix: Check only incoming mails with content_filter over amavisd

Posted on 2009-07-08
2
1,182 Views
Last Modified: 2013-11-30
Hi,

I am using Postfix with amavisd and confixx.

Virtual Adresses and Virtual Domains are used in the main.cf

Additional Amavisd is called by content_filter =   smtp-amavis:[serveraddress]:port

My problem is, that every Mail is delivered through amavis. I only want to check incoming emails.

How can i get this working?
0
Comment
Question by:bananentoast
2 Comments
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 500 total points
ID: 24809980
Hi,

To accomplish this you need to use more than one address on your postfix system. Let assume that you've assigned 192.168.1.10 and 192.168.1.11 to your SMTP server. The idea is your external hosts to reach 192.168.1.10 to deliver SMTP mail and they go through amavis but the internal users will deliver 192.168.1.11 and the address wil be set to bypass in amavisd. I am assuming that you've defined a secondary IP to your system for this purpose.

In this case you need to edit your main.cf file and make some modifications to it:
- Find "inet_interfaces = all" and comment it.
- Add "inet_interfaces = localhost, $myhostname, 192.168.1.11"
- Find "content_filter=smtp-amavis:[127.0.0.1]:10024" and comment it out.

Save and exit. Now edit your main.cf:
- Find "smtp    inet  n       -       n       -       -       smtpd" and comment it out.
- Add these lines just below it:

192.168.1.10:smtp   inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10024
127.0.0.1:smtp     inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10024
192.168.1.11:smtp inet  n       -       n       -       -       smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10026
    -o mynetworks=127.0.0.0/8,!192.168.1.1,192.168.1.0/24
    -o smtpd_client_restrictions=permit_mynetworks,reject

This will allow you to split your network in 3. The first is your external IP, second is the localhost and the third is your internal SMTP servers. From now on your internal servers will be sending to this address instead of 192.168.1.10.
- Find this line and modify it to look like below::
pickup    fifo  n       -       n       60      1       pickup

to

pickup    fifo  n       -       n       60      1       pickup
    -o content_filter=smtp-amavis:[127.0.0.1]:10026

This is a side effect of removing global main.cf content_filter command. So we've disabled local pickup service too so we need to add this manually to keep it operating.



Edit your /etc/amavisd.conf and add these lines:

# change this from the original setting. Origianlly it is 10024 only. Add 10026 too.
$inet_socket_port = [10024, 10026];

# configure the new interface
$interface_policy{'10026'} = 'BYPASS';

$policy_bank{'BYPASS'} = {  # those configured to send mail to port 10026 from internal hosts
   bypass_spam_checks_maps   => [1],  # don't spam-check this mail
   bypass_banned_checks_maps => [1],  # don't banned-check this mail
   bypass_header_checks_maps => [1],  # don't header-check this mail  
};

Save and exit.  Don't forget to restart amavis and postfix.


Cheers,
K.
0
 
LVL 1

Author Comment

by:bananentoast
ID: 24839652
Hi, thank you for this answer!

My Clients will connect over sasl authentication. How do i have to add this to master.cf
192.168.1.11:smtp inet  n       -       n       -       -       smtpd
     -o content_filter=
     -o [some option to allow sasl-clients?]

Is this right?

And another Question:

in my main.cf i have some "global" restrictions. so i have to copy all of them unter the 192.168.1.11:smtp [...] parts in master.cf?

Dennis
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question