[Gllug] PostFix

[Bruce Richardson]

>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 12/14/01, 3:20:02 PM, Stephen Harker <steve at pauken.co.uk> wrote 
regarding Re: [Gllug] PostFix:


> On Friday 14 December 2001 14:05, you wrote:
> > > Does anyone know how to make PostFix listen on a different port
> > > than 25?
> >
> > Edit the master.cf file and change the line beginning
> >
> >         smtp inet
> >
> > to
> >
> >         10025 inet
> >
> > (assuming you want port 10025).
> Thanks. Where was that hidden?

Vaguely in the FILTER_README document and in the FAQ somewhere.

> > My experience of virus-scanning proxies is that they are poor at
> > the basic smtp.  So I prefer to use a content filter.  That way
> > postfix handles both incoming and outgoing, passing them through
> > the filter (an smtp process on the same or other host) for the
> > virus-scanning.  I can provide details if you're interested.
> Yes please!!

OK.  You do this by a) setting a content_filter parameter, which diverts 
all incoming mail to the indicated host/port and b) setting up a second 
smtp process, a listener, which receives the mail back from the filter.

First, set up the listener.  This is done by editing master.cf in just 
the way I showed you before, except this time you create a copy of the 
smtp line and edit that, rather than just editing the original.  You also 
need to add '-o content_filter=' to the end of the line (otherwise the 
listener process would send the mail straight back to the content 
filter).  So if your original line looks like this:

smtp inet n - - - - smtpd

then the extra line should look like this:

10025 inet n - - - - smtpd -o content_filter=

Now add a content_filter parameter to main.cf.  This is in the format

content_filter=smtp:[hostname]:port

(Note: the square brackets should be typed as shown, they do not indicate 
an optional parameter).

Finally, for luck, add a transport record for the host that contains the 
listening process (not needed if it's on localhost):

hostname smtp:[hostname]

You can now restart postfix.  It will start up 2 smtp daemons rather than 
the previous one.  The first daemon will divert all mail to the 
virus-proxy.  The second daemon will listen on the specified port and 
(since its content_filter parameter has been turned off) send it on.  The 
only remaining step is to configure your virus-proxy to route all its 
mail to port 10025 (or whatever) on your Postfix box (maybe you'd better 
do that before restarting postfix;)).

Things to consider: running a second smtp daemon means extra resources - 
put extra memory in if you don't already have plenty in the box.  As for 
running the virus-scanner on the same box, I would really recommend NOT 
doing that, to ease the load.  Set up a box just for the virus scanning.

Also, you now have a second smtpd daemon listening on port 10025.  
Anything sending mail to that port will bypass the virus check so make 
sure that only local hosts (only the virus-scanning host, if possible) 
can see that port. If you do run the sophos proxy on the same box then 
you can tell the listener daemon only to listen for local connections to 
port 10025 by changing the beginning of the master.cf line to 

localhost:10025 inet

HTH

-- 

Bruce


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug