Sandwich setup for viruscanning

[Hans Kristian Eiken]

Hi, i am trying to set up a sandwich solution of Postfix for virus scanning on a
solution where the virus-scanner is working like a SMTP-server (trust interscan
viruswall). All mail shall be relayed from this computer to several others.

The needed solution will work like this: ( on one computer)

- Postfix recieves mail at port 25 and checks if relaying is permitted, perhaps
checks if this is spam, and then sends it out again at port 5025 (localhost)

- Virusscanner recieves at port 5025, scans and sends out again at port 10025

- Postfix recieves at port 10025 and relays outbound email.

How can this be set up? have anyone done this?

I think this can be possibe by just by changing master.cf, but perhaps i do need a
dual daemon setup of postfix?

--
Hans Kristian Eiken

-
To unsubscribe, send mail to majo...@postfix.org with content
(not subject): unsubscribe postfix-users

[Vladimir Sharun]

HKE> Hi, i am trying to set up a sandwich solution of Postfix for virus scanning on a
HKE> solution where the virus-scanner is working like a SMTP-server (trust interscan
HKE> viruswall). All mail shall be relayed from this computer to several others.
HKE> The needed solution will work like this: ( on one computer)
HKE> - Postfix recieves mail at port 25 and checks if relaying is permitted, perhaps
HKE> checks if this is spam, and then sends it out again at port 5025 (localhost)
HKE> - Virusscanner recieves at port 5025, scans and sends out again at port 10025
HKE> - Postfix recieves at port 10025 and relays outbound email.
HKE> How can this be set up? have anyone done this?

In transport configuration file:

your_domain.com smtp:[127.0.0.1]:5025

Don't forget to "# postmap transport" and to setup transport file
support in main.cf

--
Best regards,
Vladimir Sharun
UkrNet ISP

[itsb...@uklinux.net]

On 10/10/01, 2:10:47 PM, Hans Kristian Eiken
<hans.kris...@nettkroken.no> wrote regarding Sandwich setup for
viruscanning:

> Hi, i am trying to set up a sandwich solution of Postfix for virus
scanning on a

> solution where the virus-scanner is working like a SMTP-server (trust
interscan

> viruswall). All mail shall be relayed from this computer to several
others.

> The needed solution will work like this: ( on one computer)

> - Postfix recieves mail at port 25 and checks if relaying is permitted,
perhaps

> checks if this is spam, and then sends it out again at port 5025
(localhost)

> - Virusscanner recieves at port 5025, scans and sends out again at port
10025

> - Postfix recieves at port 10025 and relays outbound email.

> How can this be set up? have anyone done this?

I have just this setup. Mail comes into the postfix box, which sends it
to a box running McAfee Webshield proxy (listening on port 25, cause it
doesn't receive any mail that isn't to be relayed back through the
postfix box). Webshield hands it back to postfix on port 10025.

Here are the relevant settings:

main.cf
-------

content_filter = smtp:[webshield.myorg]

master.cf
---------

10025 inet n - - - - smtpd -o content_filter=

transport
---------

webshield.myorg smtp:[webshield.myorg]

Don't restart postfix until you've changed all 3.

The line in master.cf creates the listening process and tells it not to
do content filtering (otherwise endless loop). I just copied the line
for the smtpd service, changing smtpd to 10025 (the port number). You do
want to ensure that only the viruscanning host can access the port of the
listening process, otherwise other people will be able to bypass your
virus scan.

--

Bruce

[Hans Kristian Eiken]

10.10.2001 14:05:54, skreiv itsb...@uklinux.net:

>Here are the relevant settings:
>
>main.cf
>-------
>
>content_filter = smtp:[webshield.myorg]
>
>master.cf
>---------
>
>10025 inet n - - - - smtpd -o content_filter=

Hm, i tries this but the content_filter refuses to use other ports than
main.cf:
content_filter = smtp:localhost:5025

transport:
localhost smtp : [127.0.0.1] : 5025

Error-messages:
Oct 10 16:42:10 localhost postfix/qmgr[16098]: warning: connect to transport
localhost: No such file or directory
Oct 10 16:42:10 localhost postfix/qmgr[16098]: warning: connect to transport
127.0.0.1: No such file or directory

Now both instances (all ports) are reciving messages, but sending from port 25 to
port 5025 is not working it seems.

To me it seems like it is something wrong in the variable content_filter, but I do not
find any documentation on this feature. Anyone knows how to use this?

--
Hans Kristian Eiken

[Wietse Venema]

Hans Kristian Eiken:

> transport:
> localhost smtp : [127.0.0.1] : 5025

Don't specify whitespace in the roght-hand side. Where does the
transport map tell you you can use whitespace there?

Wietse

[itsb...@uklinux.net]

:54:38 PM, Hans Kristian Eiken <hans.kris...@nettkroken.no> wrote
regarding Re: Sandwich setup for viruscanning:

> 10.10.2001 14:05:54, skreiv itsb...@uklinux.net:

> >Here are the relevant settings:
> >
> >main.cf
> >-------
> >
> >content_filter = smtp:[webshield.myorg]
> >
> >master.cf
> >---------
> >
> >10025 inet n - - - - smtpd -o content_filter=

> Hm, i tries this but the content_filter refuses to use other ports than
> main.cf:
> content_filter = smtp:localhost:5025

> transport:
> localhost smtp :
[127.0.0.1] : 5025

??? Why are you doing this? I thought you wanted to pass the mail to a
different mailhost to do the virus scanning?

--

Bruce

[Hans Kristian Eiken]

10.10.2001 16:36:02, wrote itsb...@uklinux.net:

>:54:38 PM, Hans Kristian Eiken <hans.kris...@nettkroken.no> wrote
>regarding Re: Sandwich setup for viruscanning:
>
>

>> transport:
>> localhost smtp :
>[127.0.0.1] : 5025
>
>??? Why are you doing this? I thought you wanted to pass the mail to a
>different mailhost to do the virus scanning?

No, the trouble is that both postfix-ports and the virus-scanner port is at the same
physical machine...

--
Hans Kristian Eiken

[Manuel Hendel]

On Wed, Oct 10, 2001 at 02:10:47PM +0100, Hans Kristian Eiken wrote:
>
> Hi, i am trying to set up a sandwich solution of Postfix for virus scanning on a
> solution where the virus-scanner is working like a SMTP-server (trust interscan
> viruswall). All mail shall be relayed from this computer to several others.
>
> The needed solution will work like this: ( on one computer)
>
> - Postfix recieves mail at port 25 and checks if relaying is permitted, perhaps
> checks if this is spam, and then sends it out again at port 5025 (localhost)
>
> - Virusscanner recieves at port 5025, scans and sends out again at port 10025
>
> - Postfix recieves at port 10025 and relays outbound email.
>
> How can this be set up? have anyone done this?
>
> I think this can be possibe by just by changing master.cf, but perhaps i do need a
> dual daemon setup of postfix?
>

This is exactly described in the "Linux Magazin" (06/2001), but it's
in german. You can get this article online from

http://www.linux-magazin.de/ausgabe/2001/06/Amavis/amavis.html

HTH

Manuel

--
Manuel Hendel, http://www.easygolucky.de

[Lars Hecking]

> Can anyone do better?

Try the amavis documentation directly ...

[Paul Reilly]

> This is exactly described in the "Linux Magazin" (06/2001), but it's
> in german. You can get this article online from
>
> http://www.linux-magazin.de/ausgabe/2001/06/Amavis/amavis.html
>

I came across this a while back as I'm trying to set up this too.
Are there any volunteers to translate this in to english?

It would be well worth it as there is growing demand for this kind of
HOWTO.

Unfortunately the google translation leaves much to be desired:

"Deaf ones are generally considered as carriers of diseases, whose trip
is viruses, worms or bacteria..... ....It is not particularly large
expenditure to protect the susceptible systems against such a dangerous
post office."

Can anyone do better?

Paul