Postfix support -- beta release

Peter Bates Peter.Bates at LSHTM.AC.UK
Thu Apr 17 12:37:52 IST 2003


Hello all...

I've been working with the new support for Postfix in MS, and just thought I'd add a few things to what Julian has already said (and some of which he's added to the Installation guide at http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml ...)

Firstly, I'd recommend copying over the chroot jail stuff over to the new /var/spool/postfix.in directory structure you create during the install:
cp -rp /var/spool/postfix/etc /var/spool/postfix.in/etc
cp -rp /var/spool/postfix/lib /var/spool/postfix.in/lib
cp -rp /var/spool/postfix/usr /var/spool/postfix.in/usr
... to avoid the 'unknown service' errors, but also to allow DNS lookups to operate in the chroot. If you're using RBLs/DNSBLs on your 'incoming' Postfix, they naturally won't work without it!

My Postfix box is used as a 'mail hub/gateway', and has no local users, so all of its mail uses the 'relay' transport, so the original suggestion of:

defer_transports = smtp local virtual 

was missing 'relay', so things didn't work until I changed it to:

defer_transports = smtp local virtual relay 

However, if you want to be really crafty, you can use Postfix's 'transport_maps' to be more specific about what you do with different domains... I already use this to force delivery to certain systems hidden behind my mailhub.

If you have:
transport_maps = hash:/etc/postfix.in/transport
in main.cf

You can then put lines in there like:

domain.x.com scanner:[a.b.c.d]

If you then add a definition for your 'scanner' transport to master.cf:

scanner unix    -       -       y       -       -       smtp

You can then put 

defer_transports = scanner

into main.cf, and only those specific domains you want
scanned will pass through MS at all... might be useful for some.

I've also found adding these sorts of aliases to your shell are very useful for diagnosis/fiddling:

alias inq='/usr/sbin/postqueue -c /etc/postfix.in -p'
alias outq='/usr/sbin/postqueue -c /etc/postfix -p'
alias postin='/usr/sbin/postfix -c /etc/postfix.in'
alias postout='/usr/sbin/postfix -c /etc/postfix'

So you can list the 'inbound' queue with 'inq', and the converse
for 'outq', and likewise type 'postin reload' to reload the configuration
on the incoming instance of Postfix.

My one remaining problem with regard to getting Postfix to 'route' the mail properly was that I'm using address verification (available in recent snapshots of Postfix) to cache the 'valid' addresses, as, being a relay, my Postfix box has no idea of whether a certain address is 'valid' or not.
Using deferred transports, these address lookups are then also deferred, so all mail is held off with a 45x error.

I'm working at using LDAP to verify the incoming addresses (this reduces the load on MS, etc.), but that's another story and nothing whatsoever to do with MailScanner at all!

Thanks as ever to Julian and crew (Mariano/Leo) for introducing the Postfix support in the first place...




--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, Network Support Team.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838 




More information about the MailScanner mailing list