So at this time you are recommending two separate machines instead of two instances on the same machine?
-----Original Message----- From: Viktor Dukhovni <postfix-us...@dukhovni.org> To: postfix-users@postfix.org Sent: Thu, 09 Aug 2012 3:15 PM Subject: Re: Issue with Postfix Amavisd-new S/MIME encryption and DKIM On Thu, Aug 09, 2012 at 02:48:19PM -0400, Deeztek.com Support wrote: > The problem I'm having is this. It's my understanding that Amavis > has to have an inject and re-inject port. Certainly it listens for mail on the inject port, and forwards it to the re-in(ject) port. > In my case, I have changed > the amavis inject port to 10021 and my main.cf reflects that on > "content_filter = amavis:[127.0.0.1]:10021" directive. Good. > But as far as I knew, amavis has to have a re-inject port which is some appropriate SMTP server, so DO NOT make Postfix attempt to serve this port when it is handled by James. > in my case is 10022 which is reflected in my master.cf as such: Make it the James port. > amavis unix - - - - 2 smtp > -o smtp_data_done_timeout=1200 > -o smtp_send_xforward_command=yes Fine. > 127.0.0.1:10022 inet n - - - - smtpd > -o content_filter= smtp:127.0.0.1:10025 > -o local_recipient_maps= > -o relay_recipient_maps= > -o smtpd_restriction_classes= > -o smtpd_client_restrictions= > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions=permit_mynetworks,reject > -o mynetworks=127.0.0.0/8 > -o strict_rfc821_envelopes=yes > -o >receive_override_options=no_unknown_recipient_checks,no_header_body_checks > -o smtpd_bind_address=127.0.0.1 Delete this from master.cf, the Amavis re-injection port is handled by James. The James re-injection port is handled by the Postfix output instance. > If I change the amavis re-inject port to 10025 in order for the > email to go into the james smtp, I get the error that the port is > already in use because james smtp is using it already. So, I don't > know how to get around that hurdle first of all in order to remove > the middle postfix from my mailflow. Don't change the master.cf entry, delete it. > If I were to implement two postfix instances, I would be curious to > see if both of them can be bound to the same address but on > different ports. So the whole setup would be something like below: Certainly, that just depends on master.cf. Generally only the input instance uses the machine's public address, the instance downstream of the filter uses only 127.0.0.1. This is handled by setting inet_interfaces (and sometimes also smtp_bind_address) appropriately in each instance. > Incoming Email: First instance receives email on port 25 from the > Internet, runs through amavis, then S/MIME routine for decryption > and then to the second postfix instance on port 2525 for DKIM > checking and then to an email recipient on the Exchange Server. Yes. I would recommend separate machines for incoming and outgoing mail, but if hardware budget is tight, consider VMs or perhaps even multiple groups of multiple instances, which also works. -- Viktor.
