Laurent LEVIER wrote: > At 02:36 29/12/2007, mouss wrote: >> what is smtpd-laurent? symlink hacks aren't recommended. if you want >> different logs, use multiple instances. > That's a jail. If you dont setup something to discriminate process > between them, 8 jails will produce 8 smtpd in the global ps view.
But they are not listening on the same IP:port, so you should see they have different arguments (-n 127.0.0.1:25 ...). > Not very convenient for overall checks. So yes, it is a symlink. This > works perfectly. > The only symlink that does not work is with lmtp because Wietse forced > the 'lmtp' name, rejecting any other and is not willing to consider > anything else. > that's because lmtp now uses the same code as smtp, so the program name is what selects the protocol. I guess a command line argument would have achieved the same goal. but I don't remember the dicussion. >> This is fragile as documented in postfix FILTER README. amavisd-new is >> the right method if you don't want per recipient bayes. if you want per >> recipient bayes, then run spamc at delivery time (procmail, maildrop, >> ...). > I want all mails to be checked through SA. > How to setup a spamc at delivery time. I would definitely prefer this > because I have multiple layers of anti-spam and would like to have the > following > 1) Greylisting > 2) Postfix with black/white listings > 3) Antivirus-clean/reject > 4) SA > for SA, just use amavisd-new. It can also do antivirus check, but if you want to reject infected mail, then you need to run amavisd-new as a proxy_filter (before the queue). If you really want this, then configure amavisd-new to listen on multiple sockets and one of them will be a proxy_filter for AV checks only. while you can run SA at the same time, this is not recommended (if it takes time, the connection will timeout, ... etc). alternatively, use - clamsmtp as a proxy_filter to reject infected mail - amavisd-new as a content_filter to run SA (and why not, to also run another AV). In either case, you don't need to run spamd, as long as you don't want per-user Bayes. If you want per-user Bayes, then you should run spamc/spamd at delivery time (except if this is just a gateway, but then per user Bayes requires a lot of work...). >> Note that the above sets the content filter for mail received via smtp, >> not via the (compatibility) sendmail command. > Yes, I know this. SMTPd will receive the mail and 'SA' it, then will > send it to other filtering layers. > > >> are you starting a counter strike against (silly) /bin/bash >> practictioners? The most important thing in the shell is its >> portability. if you can't use /bin/sh, then try perl, python, php, ruby, >> java, ... etc. > I dont care about the shell. Legacy I used ksh and never had time to > learn more about bash ;-) > I use ksh by defaut because it can do more than Bourne's sh. my meaning was that your script doesn't seem to require any feature not available in /bin/sh (regarding /bin/bash, that was a "grin" because a lot of people use this but thier script uses no bash extensions. so the only effect is to make the script unusable without modification of the bang line. and since on linux /bin/sh is bash, ...). but let's keep this for another day:). > >> I too love cats. but "$cmd < $file" does the same as "cat $file | $cmd". >> >> by the way, what if ORIGIN or TARGET contain spaces or other characters? >> always quote (shell) arguments. > Yup, agreeing. I took this script from Internet and since my SA checks > are failing, I did not checked about its security. > I would love sending a mail to '[EMAIL PROTECTED];rm -rf /*' ;-) > But from my LAN, only I can attack my own box at the moment :-) Unfortunately, unless you control every piece of software, it's hard to guarantee that. "mieux vaut prévenir que guérir" (as in the books: translation is left as an excercice to the reader:-).
