Another sendmail relaying problem.

Travis Fraser travis at snowpatch.net
Tue Jun 29 01:57:03 UTC 2004 

On Mon, 2004-06-28 at 21:04, Cowles, Steve wrote:
> Travis Fraser wrote:
> > Thank you for the smtpd_recipient_restrictions information. I have
> > been using Postfix on a test network first, as you suggest.
> > 
> > As far as implementing SpamAssassin with Postfix, I was looking at
> > Mailscanner or amavisd-new. Do you have a simpler suggestion for
> > calling SA from within the recipient_restrictions checks?
> 
> Before I answer your post, be sure you define your e-mail requirements to
> meet your needs. Mailscanner/Amavisd-new all have their purpose in life,
> especially if you are implementing a high volume mail server that requires
> both AV and SA to be called for each inbound e-mail. In my case, I admin a
> low volume (2000+) e-mail a day postfix MTA which front-ends an Exchange
> server. Furthermore, virus checking is done on the Exchange server, not
> through postfix filtering. So implementing a product such as amavisd-new was
> an unnecessary overhead in my opinion. Your requirements may differ.
> 
> With the above in mind, I simply call SA using postfix's builtin filtering
> capabilites as follows:
> 
> 1) Get SA (spamd) running on your MTA first. I'll leave the details of
> starting and verifying SA is working properly on your system to you.
> 
> 2) In /etc/mail/master.cf, add the following:
> filter  unix    -       n       n       -       10       pipe
>   flags=Fq
>   user=spamassassin
>   argv=/usr/bin/spamc -f -x -e /usr/sbin/sendmail -i -f $sender $recipient
> 
> NOTE: I limit postfix to spawning 10 instances of spamc simultainiously.
> This meets my load requirements. Also, adjust the flags setting to meet your
> requirements. The call to /usr/bin/sendmail is actully the postfix supplied
> sendmail, not the sendmail MTA. The postfix supplied sendmail simply
> re-injects the scanned (filtered) e-mail back into postfix on a pipe for
> final delivery.
> 
> 3) Add the following to /etc/postfix/main.cf smtpd_recipient_restrictions
> section.
> 
> smtpd_recipient_restrictions =
>   [snip...]
>   check_recipient_access hash:/etc/postfix/filtered_domains
>   permit
> 
> 4) In /etc/postfix/filtered_domains add an entry for each of your hosted
> domains:
> mydomain1.com   FILTER  filter:spamassassin
> mydomain2.com   FILTER  filter:spamassassin
> mydomain3.com   FILTER  filter:spamassassin
> 
> NOTE: My MTA is also a backup MX for another site, so I run spamassassin
> only for e-mail being delivered to the domains that I host, not for e-mail
> that is queued up on my MTA in a backup MX mode. Also, this stops outbound
> e-mail from being processed by SA, but still allows Exchange to scan
> outbound e-mail for viruses prior to submitting to postfix.
> 
> 5) Build the /etc/postfix/filtered_domains database
> # postmap /etc/postfix/filtered_domains
> 
> 6) Reload postfix and test. Be sure you test from an external source, not a
> system from your local network (mynetworks) or SA will not be called.
> Remember the order specified in smtpd_recipient_restrictions. If you want to
> test from a system on your network, move the call to check_recipient_access
> above mynetworks.
> 
> Again, the method I present above meets my requirements. This is NOT the
> preferred method if you are running a high volume MTA. Especially if you
> need to call both SA and AV filters for each inbound e-mail on your postfix
> MTA. If that's the case, use amavisd-new or a product that meets your
> requirements to perform filtering.
> 
> Steve Cowles
> 
Thank you for the SA with Postfix explanation. My mail server is not
what you would call high-volume, just a couple of small domains. I have
already setup SMTP AUTH with SASL and working on adding SSL/TLS.

Travis Fraser

More information about the fedora-list mailing list