[Gllug] PostFix
Bruce Richardson
itsbruce at uklinux.net
Fri Dec 14 17:37:32 UTC 2001
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 12/14/01, 3:20:02 PM, Stephen Harker <steve at pauken.co.uk> wrote
regarding Re: [Gllug] PostFix:
> On Friday 14 December 2001 14:05, you wrote:
> > > Does anyone know how to make PostFix listen on a different port
> > > than 25?
> >
> > Edit the master.cf file and change the line beginning
> >
> > smtp inet
> >
> > to
> >
> > 10025 inet
> >
> > (assuming you want port 10025).
> Thanks. Where was that hidden?
Vaguely in the FILTER_README document and in the FAQ somewhere.
> > My experience of virus-scanning proxies is that they are poor at
> > the basic smtp. So I prefer to use a content filter. That way
> > postfix handles both incoming and outgoing, passing them through
> > the filter (an smtp process on the same or other host) for the
> > virus-scanning. I can provide details if you're interested.
> Yes please!!
OK. You do this by a) setting a content_filter parameter, which diverts
all incoming mail to the indicated host/port and b) setting up a second
smtp process, a listener, which receives the mail back from the filter.
First, set up the listener. This is done by editing master.cf in just
the way I showed you before, except this time you create a copy of the
smtp line and edit that, rather than just editing the original. You also
need to add '-o content_filter=' to the end of the line (otherwise the
listener process would send the mail straight back to the content
filter). So if your original line looks like this:
smtp inet n - - - - smtpd
then the extra line should look like this:
10025 inet n - - - - smtpd -o content_filter=
Now add a content_filter parameter to main.cf. This is in the format
content_filter=smtp:[hostname]:port
(Note: the square brackets should be typed as shown, they do not indicate
an optional parameter).
Finally, for luck, add a transport record for the host that contains the
listening process (not needed if it's on localhost):
hostname smtp:[hostname]
You can now restart postfix. It will start up 2 smtp daemons rather than
the previous one. The first daemon will divert all mail to the
virus-proxy. The second daemon will listen on the specified port and
(since its content_filter parameter has been turned off) send it on. The
only remaining step is to configure your virus-proxy to route all its
mail to port 10025 (or whatever) on your Postfix box (maybe you'd better
do that before restarting postfix;)).
Things to consider: running a second smtp daemon means extra resources -
put extra memory in if you don't already have plenty in the box. As for
running the virus-scanner on the same box, I would really recommend NOT
doing that, to ease the load. Set up a box just for the virus scanning.
Also, you now have a second smtpd daemon listening on port 10025.
Anything sending mail to that port will bypass the virus check so make
sure that only local hosts (only the virus-scanning host, if possible)
can see that port. If you do run the sophos proxy on the same box then
you can tell the listener daemon only to listen for local connections to
port 10025 by changing the beginning of the master.cf line to
localhost:10025 inet
HTH
--
Bruce
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list