spamhaus-XBL

Frank Louwers frank at OPENMINDS.BE
Tue Mar 15 14:43:51 GMT 2005 

On Tue, Mar 15, 2005 at 10:24:06PM +0800, Jason wrote:
> Frank,
>
> I'm now using sendmail, but actually considering switching to postfix. I
> would be most appreciate if you could send me the config. Thanks.

If you consider migrating to postfix, I recommend migrating to postfix
2.1.x. We still use 1.x on some hosts, including our main auth-smtp
server.

When reading the docs about integrating postfix 1.x and mailscanner,
you'll notice you'll basicly need 2 postfixes: an "incomming" one that
listens on port 25 and puts all mails in a queue, and and "outgoing" one
that gets fed by MailScanner. The config files for the "incomming" one
are in /etc/postfix.in, the files for the "outgoing" ones are in
/etc/postfix.

In my /etc/postfix.in/master.cf, I have:

smtp      inet  n       -       n       -       -       smtpd

(norman entry, tells postfix to listen on port 25 for incomming smtp
mails) and another entry:

587       inet  n       -       n       -       -       smtpd -o
smtpd_client_restrictions=permit_sasl_authenticated,reject -o
content_filter=authsmtpheader

This tells postfix to listen on port tcp/587 as well, with following
restrictions:
- require sasl_authenticated users, otherwise reject the ma
- use "authsmtpheader" as contentfilter.

Authsmtpheader is defined as follows (in the same master.cf file):

authsmtpheader  unix    -       n       n       -       -       pipe
  flags=Rhu user=mailboxes argv=/usr/local/sbin/authsmtpheader.pl
  ${recipient} ${sender}

This is a copy of /usr/local/sbin/authsmtpheader.pl:

--- begin /usr/local/sbin/authsmtpheader.pl

#!/usr/bin/perl
use strict;
use Mail::Audit;        # Audit mails
## apt-get install libmail-audit-perl if you use Debian


################################################

my $m_au = Mail::Audit->new( );

# Add Header
$m_au->put_header('X-Openminds-Authenticated-By',"tango");

# We get recipient as ARGV[0]:
my $recipient = $ARGV[0];

# We get sender as ARGV[1]:
my $sender = $ARGV[1];

# Re-inject mail into postfix system. As we use /usr/sbin/sendmail, the "outgoing" postfix gets used.
# This means:
#   - bypass mailscanner on local box
#   - all other mailscanners will see connections from tango, so no problems with clients on dynamic/blacklisted ips etc.

$m_au->pipe("/usr/sbin/sendmail -i -f $sender $recipient");

## Done
exit(0);

--- end /usr/local/sbin/authsmtpheader.pl

I add the extra header for trackability and to add a -20 score to all mails that have it...

Kind Regards,
Frank Louwers

--
Openminds bvba                www.openminds.be
Tweebruggenstraat 16  -  9000 Gent  -  Belgium

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list