Menu
▾
▴
Re: [AMaViS-user] amavisd trouble on debian woody + mail GW with amavis
|
From: Mark M. <Mar...@ij...> - 2003-01-30 19:16:28
|
Arnaud, | i've a trouble with installing amavisd on a debian woody. | i've installed debian package (0.3.12.pre5.20020310-5) | with apt-get amavis-postfix | | daemon amavisd is started (checked with ps auxw) | but not listening port 10024. I believe debian package (0.3.12.pre5.20020310-5) is not based on amavisd-new, but on older variant of amavis, which does not support accepting SMTP connections. | i've already installed amavisd (20020517-25) on a debian SID | platform and it's working fine ! 20020517 looks like a port of amavisd-new-20020517, which is still pretty old. The current version is amavisd-new-20021227-p2, see http://www.ijs.si/software/amavisd/ According to config lines you are showing, you are mixing three different variants/versions of amavis*. | 2) | i plan to configure a mail gateway (with no user account) to scan virus | for incoming/outgoing mail on the woody platform for the entire domain | and then forward it to an internal mail server (with the users maildir). | this mail GW will become the primary MX server (named | smtp.mydomain.tld). | | incoming mail : internet -> mailGW (with amavis+avscan) --> | internal-mail-server (with user maildir) | | outgoing mail / : local client -> mailGW (with amavis+avscan) --> internet | | internal mail / : local client -> mailGW (with amavis+avscan) --> | internal-mail-server | | local PC client are configured to use smtp.mydomain.org for SMTP, so if we | change the DNS entry to alias smtp.mydomain.tld to the mailGW, i think there | will be no problem for outgoing and internal mail. Correct. | i recently red a thread in this mailing-list about this. but it's not clear | in my head. | | for incoming mails, if i set up in postfix transport table with the | following line : | foo.org smtp:127.0.0.1:10024 # to pass all incoming mail to amavis) | | and in amavis.conf : | @inet_acl=(qw 127.0.0.1); ^^^^ @inet_acl=qw(127.0.0.1); | $forward_method = "smtp:internal-mail:25"; | $notify_method = "smtp:internal-mail:25"; | $relayhost_is_client = 0; | | is it enough ??? Well, yes, but you are telling amavisd-new to relay all mail to internal-mail, which may or may not be what you intend to achieve. This way internal-mail MTA will have to relay outgoing mail back to your mailGW, or deliver directly to the outside. According to the scheme you showed below you possibly want the mailGW to handle all the content filtering internally (as you have demonstrated by using content_filter Postfix option, instead of just simply setting relayhost or transport to point to amavisd, as in your example above). Both variants are ok, you just need to decide what you want to achieve. | content_filter=smtp-amavis:[127.0.0.1]:10024 | | smtp-amavis unix - n - - 4 smtp | -o smtp_data_done_timeout=1200s | -o disable_dns_lookups=yes | | localhost:10025 inet n - - - - smtpd | -o content_filter= | -o mynetworks=127.0.0.1/8 The README.postfix suggests some other options (http://www.ijs.si/software/amavisd/README.postfix), e.g.: -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 | $smtp_port = "10025"; | $localhost_name = "localhost"; | $localhost_ip = "127.0.0.1"; The $smtp_port option went away with amavisd-new-20020424, now the relay port is specified in: $forward_method = "smtp:internal-mail:25"; $notify_method = "smtp:internal-mail:25"; as you have stated above. | $inet_socket_port = "10024"; # accept SMTP on this local TCP port | $inet_socket_bind = "127.0.0.1"; # limit bind to loopback interface only | @inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost Looks Ok. To summarize: there are two ways to do it: 1) (classical): local mail submission (=outgoing or internal) --> (outgoing mail) internet and incoming mail --> mailGW --> (local domains) internal-mail-server | ^10025 10024 v | amavisd+avscan 2) local mail submission (=outgoing or internal) and incoming mail -> mailGW -> amavisd+avscan -> internal-mail-server -> deliver local mail -> send the rest to the internet Mark |