I have a bunch of servers that send internal network only emails and
reports, e.g. logwatch data, etc. All servers are configured to use a
simple local postfix instance that delivers mail to my primary postfix
server, specified thus:
relayhost = [192.168.1.235]
That works fine, email hits that server on port 25 and is accepted
because the addresses are in mynetworks of postfix listening on
192.168.1.235:25. But at the moment it is then processed through ->
amavisd lmtp / spamassassin -> Postfix on port 10025 -> delivered. And
sometimes they get spam trapped (particularly the ones from logwatch
on postfix with spamassassin info in them).
I'd like the server to not run these internal only emails through
amavisd-new, but to just send them to the internal destination.
What's the best way?
I have a (currently empty) client_checks test that I could run
"192.168.1 FILTER [127.0.0.1]:10025" in, but if I try that at the
moment I get:
warning: connect to transport private/smtp[127.0.0.1]: No such file or
directory
warning: connect to transport private/retry: Connection refused
which I think is because my postfix on port 10025 is only configured
to listen to localhost (127.0.0.1:10025 inet;
smtpd_client_restrictions=permit_mynetworks,reject; and
mynetworks=127.0.0.0/8)... which makes sense, that service is pretty
much straight in.
So that got me thinking, is that the best way anyway?
I thought about submitting them to port 587 and disabling scanning on
MYNETS in amavisd - but then if one of my users gets compromised
outgoing email is not being spam scanned, so that's not my preference.
What recommendations for running internal source / internal
destination only emails through with minimal overhead - straight
through postfix to delivery?
Ideally I want something along the lines of
IF((source IP = 192.168.1.0/24) AND (destination =
(root,si...@simonandkate.net,whatever_other_internal)) THEN: send
through aliases and to delivery transport.
Simon.
--
Simon Wilson
M: 0400 12 11 16
