On Sep 21, 2013, at 21:29, David Benfell <dbenf...@gmail.com> wrote: > On 09/21/2013 09:39 AM, DTNX Postmaster wrote: > >> While the desire to have it 'just work' is recognizable, you cannot >> expect it to always do so if you copy bits and pieces from here to >> there without understanding what they actually do. Especially if >> you have copied an older configuration from a different distro that >> may have its own quirks. > > Then we are very close to the point where I'll just have to turn > everything over to Google Apps. Because I am *never* going to > understand postfix configuration. This isn't even something that's > within a fuzzy or distant view, let alone just outside my grasp. It's > all complete magic to me.
Outsourcing front-end processing to an external service is also an option; someone does the baseline stuff for you, like fending off bots and zombies and anything else that is obviously garbage, and then forwards the cleaned up feed to your server. This is how we operate our relay service, for example, and I bet there's a dozen others on this list that do something similar. Also, Google Apps is pretty much paid now, is it not? Except up to ten users, if you're already an existing client? You could also outsource the fix, and take over daily management again after that; there's a lot of consultants on this list as well. Or perhaps a basic hosting package somewhere that allows for some custom routing and whatnot, with a good filtering frontend, but that depends on what exactly your needs are? >> We use Postfix on Debian in its 'stock' Debian chroot setup, with >> clamav-milter as the bridge between Postfix and clamd. This >> requires no configuration in 'master.cf' and only two lines in >> 'main.cf'; >> >> smtpd_milters = unix:/clamav/clamav-milter.ctl >> milter_default_action = accept >> >> Permissions is where it gets tricky, because the socket needs to be >> writable by both processes. As our own ClamAV setup is up for >> review anyway, I don't mind writing up a bit of a how-to for it >> that you can use to reimplement virus scanning with ClamAV, if you >> are still interested in doing so? > > At least within postfix, there is a very nice command to just fix the > permissions. (Did Wietse get tired of seeing that particular problem?) > I have no idea what they should be for clamd.ctl because, as near as I > can tell, it isn't a permanent file, so I can't even see it in the > emergency backup I did from a rescue system after the Arch upgrade > hosed my server (which is remote, by the way). > > At this point, my first priority has to be just getting mail back up. > I've had a lot of these domains for a decade or more. I get a lot of > spam, hence the postscreen stuff, but I also get a lot of mail. Then, > maybe, I can think about reimplementing clamav. Sounds like a decent plan, given the situation you found yourself in. Basics first. Mvg, Joni
