[Gllug] PostFix
Stephen Harker
steve at pauken.co.uk
Fri Dec 14 18:12:27 UTC 2001
On Friday 14 December 2001 17:37, you wrote:
> >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
>
> On 12/14/01, 3:20:02 PM, Stephen Harker <steve at pauken.co.uk> wrote
>
> regarding Re: [Gllug] PostFix:
> > On Friday 14 December 2001 14:05, you wrote:
> > > > Does anyone know how to make PostFix listen on a different
> > > > port than 25?
> > >
> > > Edit the master.cf file and change the line beginning
> > >
> > > smtp inet
> > >
> > > to
> > >
> > > 10025 inet
> > >
> > > (assuming you want port 10025).
> >
> > Thanks. Where was that hidden?
>
> Vaguely in the FILTER_README document and in the FAQ somewhere.
>
> > > My experience of virus-scanning proxies is that they are poor
> > > at the basic smtp. So I prefer to use a content filter. That
> > > way postfix handles both incoming and outgoing, passing them
> > > through the filter (an smtp process on the same or other host)
> > > for the virus-scanning. I can provide details if you're
> > > interested.
> >
> > Yes please!!
>
> OK. You do this by a) setting a content_filter parameter, which
> diverts all incoming mail to the indicated host/port and b) setting
> up a second smtp process, a listener, which receives the mail back
> from the filter.
>
> First, set up the listener. This is done by editing master.cf in
> just the way I showed you before, except this time you create a
> copy of the smtp line and edit that, rather than just editing the
> original. You also need to add '-o content_filter=' to the end of
> the line (otherwise the listener process would send the mail
> straight back to the content filter). So if your original line
> looks like this:
>
> smtp inet n - - - - smtpd
>
> then the extra line should look like this:
>
> 10025 inet n - - - - smtpd -o content_filter=
>
> Now add a content_filter parameter to main.cf. This is in the
> format
>
> content_filter=smtp:[hostname]:port
>
> (Note: the square brackets should be typed as shown, they do not
> indicate an optional parameter).
>
> Finally, for luck, add a transport record for the host that
> contains the listening process (not needed if it's on localhost):
>
> hostname smtp:[hostname]
>
> You can now restart postfix. It will start up 2 smtp daemons
> rather than the previous one. The first daemon will divert all
> mail to the virus-proxy. The second daemon will listen on the
> specified port and (since its content_filter parameter has been
> turned off) send it on. The only remaining step is to configure
> your virus-proxy to route all its mail to port 10025 (or whatever)
> on your Postfix box (maybe you'd better do that before restarting
> postfix;)).
>
> Things to consider: running a second smtp daemon means extra
> resources - put extra memory in if you don't already have plenty in
> the box. As for running the virus-scanner on the same box, I would
> really recommend NOT doing that, to ease the load. Set up a box
> just for the virus scanning.
>
> Also, you now have a second smtpd daemon listening on port 10025.
> Anything sending mail to that port will bypass the virus check so
> make sure that only local hosts (only the virus-scanning host, if
> possible) can see that port. If you do run the sophos proxy on the
> same box then you can tell the listener daemon only to listen for
> local connections to port 10025 by changing the beginning of the
> master.cf line to
>
> localhost:10025 inet
>
> HTH
Brilliant. Thanks! I owe you at least 2 Guinesses for that.
Steve
--
Stephen Harker
steve at pauken.co.uk, http://www.pauken.co.uk
" " - Marcel Marceau
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list