On 8/9/2012 2:16 PM, Viktor Dukhovni wrote:
On Thu, Aug 09, 2012 at 10:36:30AM -0400, Deeztek.com Support wrote:
So what are you saying is, instead of having amavis reinject back to
Postfix on 10022, to have it inject directly to the s/mime gateway
on port 10025 and then the s/mime gateway reinject back to postfix
on 10026? All the s/mime gateway is a custom implementation of the
java james smtp.
Yes, this will be much more disk I/O efficient, provided there is
no impedance mismatch between the two filters.
Is multiple postfix instances the absolute best way to handle this?
Yes.
It seems complicated.
Actually, IMHO it is simpler.
The problem I'm having is this. It's my understanding that Amavis has to
have an inject and re-inject port. In my case, I have changed the amavis
inject port to 10021 and my main.cf reflects that on "content_filter =
amavis:[127.0.0.1]:10021" directive. But as far as I knew, amavis has to
have a re-inject port which in my case is 10022 which is reflected in my
master.cf as such:
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10022 inet n - - - - smtpd
-o content_filter= smtp:127.0.0.1:10025
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1
If I change the amavis re-inject port to 10025 in order for the email to
go into the james smtp, I get the error that the port is already in use
because james smtp is using it already. So, I don't know how to get
around that hurdle first of all in order to remove the middle postfix
from my mailflow.
My postfix setup is simply a relay server.
Incoming Email is as follows: It receives email from the Internet, runs
it through amavis then the S/MIME routine and decrypts email if
necessary and then delivers it to an email recipient on another email
server in my network (Exchange in my case)
Outgoing Email is as follows: It receives email from the internal
Exchange server, runs it through the S/MIME routine and encrypts/signs
if necessary and delivers it to an outside recipient
If I were to implement two postfix instances, I would be curious to see
if both of them can be bound to the same address but on different ports.
So the whole setup would be something like below:
Incoming Email: First instance receives email on port 25 from the
Internet, runs through amavis, then S/MIME routine for decryption and
then to the second postfix instance on port 2525 for DKIM checking and
then to an email recipient on the Exchange Server.
Outgoing email: First instance receives email from the Exchange server
on port 25, runs through the S/MIME routine for encryption/signing, then
on to the second postfix instance on port 2525 for DKIM signing and then
to the outside recipient.
Is the way I'm thinking about this possible? I have found a couple of
guides on how to setup a second instance using different IPs (not what I
want) so how exactly would I setup each instance to listen to the same
IP but different ports? Also on the outbound email, since the second
instance will be delivering outside, wouldn't it try to deliver on port
2525 since it's listening on that port?
Sorry for my confusion. Maybe I'm trying to do too much.
Thanks a lot in advance.
