Jorge Armando Medina wrote: > Javier Fox wrote: > >> Greetings, >> >> I've inherited a rather kludgy email system consisting of an >> overpriced, underpowered spam filtering appliance which I would very >> much like to replace with a simple *nix box running Postfix and some >> manner of spam filtering software (ie spamassassin). >> > I already used the configs describen in this doc: > > http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall > > I already replaced a cisco ironport appliance filtering so far 70k > messages a day,. > Postfix filters at session level with a bounch of smtpd_*_restrictions, most HELO checks and RBL, all that info learn from http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt and of course reading postconf(5) manpage for reference.
For content filtering I use amavisd-new+spamassassin+razor2,dcc2,clamav+thirdpartyrules. I writting some howtos for the this setup (in spanish) if you want I can send you my docs. >> I would like to be able to keep the present scheme of how mail is >> passed around if possible, but I'm not entirely certain where to begin >> with respect to Postfix. Currently, our mail flow looks like this: >> >> -MX for domain points to the spam filtering appliance >> For content filtering I use amavisd-new+spamassassin+razor2, >> -Appliance handles user verification (via ldap), rejection, >> quarantine, etc >> > Use relay_recipient_maps with LDAP, here a example: > > server_host = ldap.example.com > search_base = ou=Users,dc=example,dc=com > version = 3 > bind_dn = cn=postfix,ou=System,dc=example,dc=com > bind_pw = postfixpass > bind = yes > query_filter = > (&(|(mail=%s)(mailAlternateAddress=%s))(AccountStatus=active)) > result_attribute = mail > > > >> -'Clean' mail handed off to MTA for final delivery >> >> The slightly funky part is that there are a number of destination MTA >> servers, each servicing a subset of domains and mailboxes. A >> configuration setting on the Appliance maps each domain to its >> destination MTA server. >> > Use transport_maps, here a simple hash map: > > example.com smtp:[messagestore.example.com] > office1.example.com smtp:[messagestoreoffice1.example.com] > > Forgot to say, you can also store transport maps on your ldap directory. >> Is it possible to set up Postfix as a drop-in replacement for this >> appliance? Can I tell it "here are the domains to accept mail for, >> here is an LDAP full of mailboxes to accept, and here is a hash/sqldb >> mapping each domain to its destination MTA" >> >> Any advice or pointing in the right direction would be greatly >> appreciated, as I'm really not sure how this all falls under the >> Postfix definitions of canonical, virtual, relay, etc. >> >> Many thanks, >> J Fox >> > > >
signature.asc
Description: OpenPGP digital signature
