MTA and LMTP

[dlochart]

I was reading another thread
Hooking in another process or content_filter?
that fits what i am looking to do sort of.

What I want to do is have the postfix/spam/av instance relay mails to another postfix that will do some more filtering and run special filters and then have it LMTP to the zimbra store and also receive SMTP on the way out

I saw this example flow in the thread:
source -> postfix:25 -> amavis:10024 -> postfix:10025 -> zcs:7025 (lmtp).

I have this question:

Where in the config files is postfix setup to send over LMTP? I grepped and grepped and for the life of me I could not find how postfix knows to send mail via LMTP to the zimbra mail store (BTW on a seperate box)

I ask because I will need to change this to point to another postfix instance. I am limited in experience with postfix and I assumed I would just setup the transport file to point to my other instance of postfix. Once I di that I will have to send that result over LMTP to the mail store.

Can someone please point me to where that config lives and how I might change it to do what I need to do.

(my postfix book is being shipped as we speak)

what I want is this:

source -> postfix:25 -> amavis:10024 -> postfix:10025 -> postfix2:2525 -> zcs:7025 (lmtp).

thanks

Doug

[dlochart]

Ok ... I see somehow that postfix is using ldap to determine that lmtp host an port. fine.

How to I change it from using lmtp to smtp to another MTA? Sorry guys I need help and I am a real newb at this stuff. I am a developer not a network admin. I want to learn but I am also under the gun.

thanks

Doug

[anand]

sounds to me like you want to run your SMTP in front of or within the Zimbra MTA setup, not the other way around. If you are all way in front (eg, spam appliance or cloud anti-spam service before delivery to Zimbra instance of postfix.) you have to configure your SMTP server to know what the accepted set of addresses are.

For mailboxes that do not live in Zimbra, you can do:

Code:

zmprov ma account@domain zimbraMailTransport smtp:other.server

The above is very very dangerous if you are then going to feed back mail to the zimbra server because our assumption is that if you ever modify zimbraMailTransport you will never touch zimbraMailHost - a key piece. Maybe we need a boolean on account to say zimbraMailTransport should not be automatically derived from zimbraMailHost for this account, but like I said before sounds to me like you should be running your SMTP filter in a different place.

Consider a chained content filter setup.

ie, do (a) postfix -> amavisd -> postfix -> your content filter -> postfix -> zimbra mailbox server.

do NOT (b) postfix ->amavisd -> postfix -> your filter -> zimbra mailbox

(a) is easy to do - look at the args passed to the return from amavisd -> postfix smtp and add a content_filter to it. Then add a new postfix smtpd to accept from your content_filter MTA.

This is a bit involved so you should carefully consult postfix docs on content filtering, master.cf and main.cf. Look for how to chain content filters on the web.

Note that the performance of chained filtering is sub-optimal. You should consider integrating your filter via amavisd-new if possible.

[dlochart]

First of all thanks for a detailed response. The reason we wanted to go in the MTA and Zimbra is because we only wanted to manipulate mail that has already passed the virus/spam scan. We will be removing all attachments to a secure ftp place (or something like that) and placing a message in the mail notifying of where to get them. This is just a requirement.

I plan to use anomy and we were also thinking of adding MailScanner to boot. I admit I am a complete newb at postfix/amavisd and all. I had tried to figure out how to add our piece to the existing amavisd/postfix configuration but I am at a complete loss as to how things flow in relation to the config options you have to set to affect change.

At this point anomy requires a shell script to start a new process for each message. This is how they say to integrate it into postfix

mailbox_command = /usr/bin/procmail -a "$EXTENSION" -p /etc/procmailrc

what I lack is the knowlege of where this fits into the grand scheme of things. Does this happen after or before amavisd. Thus I was thinking of adding another postfix instance that I could tinker with and possibly add other scanners/filters as desired.

What I also do not know is if I can accomplish integrating anomy after amavisd. The way I think it works is that postfix sends mail to amavisd over a socket and then amavisd sends it back. Anomy is not daemonized yet so I would have to find a hook in amavisd to call out (maybe via procmail or other).

Please, even if you cannot completely answer, the more information you can provide the better I can understand and perhaps craft my own solution.

thanks

Doug

[dlochart]

Quote:

Originally Posted by anand

...
Consider a chained content filter setup.

ie, do (a) postfix -> amavisd -> postfix -> your content filter -> postfix -> zimbra mailbox server.

(a) is easy to do - look at the args passed to the return from amavisd -> postfix smtp and add a content_filter to it. Then add a new postfix smtpd to accept from your content_filter MTA.
...

I do want to try this approach. However (sorry if I am a complete idiot) I do not know how to use these config files like the rest of you. Please assume I know nothing about mail/SA setup.

look at the args passed to the return from amavisd -> postfix smtp and add a content_filter to it.

Is this amavisd.conf or master.cf? I see a blank (empty) in master.cf in the following

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o virtual_mailbox_maps=
-o virtual_alias_maps=
-o relay_recipient_maps=

Is this what you are talking about. What args are you talking about? In amavisd.conf all I see (that I recognize is)

# $notify_method = 'smtp:[127.0.0.1]:10025';

Then add a new postfix smtpd to accept from your content_filter MTA.

What? I am sorry but I keep reading all the docs and they all speak to you as if you know this stuff already and I don't. I am sure I can figure out how to hook up anomy if I just knew some basics like I am asking.

Thank you. Sorry if I sound frustrated (I am) but its mainly due to a rushed timetable I am on that I do not agree with.