Results 1 to 4 of 4

Thread: [Solved] How to set content_filter in main.cf the 'Zimbra' way.

  1. #1
    sviriyala is offline Active Member
    Join Date
    Feb 2011
    Posts
    42
    Rep Power
    4

    Default [Solved] How to set content_filter in main.cf the 'Zimbra' way.

    I am trying to divert all local mail also via an external antispam/antivirus service. The Admin console setting won't do this. I don't want to enable antivirus, antispam service in zimbra and setup some rules there trying to fool the system. Simple plain, I want to be able to directly put value in /opt/zimbra/postfix/conf/main.cf. I can do this after I start Zimbra services via the postconf like this:

    > postconf -e content_filter=smtp:[av.as.server]
    > postfix reload

    This works fine, I tested, but if I restart the Zimbra service, the value is reset to blank/null.

    So without enabling Antivirus & Antispam services in Zimbra, then setting up filters etc how do I ensure the main.cf content_filter value is persistent across reboots/restarts?

    Can someone help me out?

    Thanks.

  2. #2
    cerri is offline Member
    Join Date
    Jan 2013
    Posts
    14
    Rep Power
    2

    Default

    Modify the master.cf.in file and reload zimbra.

  3. #3
    sviriyala is offline Active Member
    Join Date
    Feb 2011
    Posts
    42
    Rep Power
    4

    Default

    Quote Originally Posted by cerri View Post
    Modify the master.cf.in file and reload zimbra.
    Thanks Cerri. Doesn't work. I trust you were referring to modifying the below with the value I want, right?

    [QUOTE%%zimbraLocalBindAddress%%:10025 inet n - n - - smtpd
    -o content_filter=smtp:[as.as.server]
    -o local_recipient_maps=
    -o virtual_mailbox_maps=
    .[/QUOTE]
    This works if I turn on amavis, not otherwise. But the trouble is that once amavis is turned on, content_filter in main.cf doesn't seem to work.

    My idea is not to turn on any of Antivirus, Antispam in Zimbra & have an external server do the content filtering for all mails including local ones. I am aware of the convoluted solutions such as using filters for domains and then setting up postfix_sender_restrictions, but I don't want all that. When I can simply set a value in postfix main.cf and direct all mails directly to an outside content filter, why should I turn on amavis? I like to do it the simple way.

    I am sure there must be a way for admins to put values directly in main.cf and make them stick. Unfortunately Zimbra documentation is pretty poor (I must say), that almost 80% are not documented. The only way to find out something, is to painstakingly search Internet/forums, post in them, etc.

    Any help is greatly appreciated.

    Thanks

  4. #4
    sviriyala is offline Active Member
    Join Date
    Feb 2011
    Posts
    42
    Rep Power
    4

    Default [RESOLVED] How to direct all mails to an external Content Filter in ZImbra 8.x

    Hi,

    When I searched the forums/Intenet I could not find a solution to my problem, hence posting it in the forums, so that it maybe useful for others like me. Here is what I did:

    In a multiserver Zimbra Environment, I wanted all emails (including local delivery @mydomain.com) to be first delivered to an external Content Filtering server (like Symantec, Brightmail or any other commercial/freeware that is running exclusively on another server), then delivered it back to Zimbra. Pls note that this external Content Filter also acts as a Smart Host for me, so mydomain.com MX records point to this server (lets refer this server as AVAS). In Zimbra setup, relay host for both Webmail & external delivery are also set to AVAS. Pls note that I am doing this, because I don't want to turn on Antivirus & Antispam services on Zimbra servers

    Now I have setup two MTA Servers. MTA1 is identified and designated as 'incoming' only. So my AVAS delivers all mail to MTA1. Now MTA2 is designated as 'outgoing' only. In Zimbra setup, the MTA host is given as MTA2. All users also connect to MTA2 for sending out mails. So the Mail Flow is like this:
    Incoming: All mail from external domain to mydomain.com are delivered to AVAS, which after checking for spam & virus, delivers to MTA1. MTA1 delivers the mail to the appropriate Zimbra mailstore server.
    Outgoing: Whenever a user sends mail (either to external domains or to @mydomain.com) either via webmail or client like Thunderbird, Outlook, ZImbra Desktop etc, they connect to MTA2. MTA2 sends the mail to AVAS server. If the mail is destined for external domain, AVAS sends it to the appropriate server (Yahoo, Hotmail, Gmail etc). If the mail is for @mydomain.com then AVAS server sends it back to MTA1, which in turn delivers to the appropriate Zimbra MailStore server.

    IN order to achieve the above here is the configuration you need to do in Zimbra 8 (pls do this only on MTA2 server):

    1. As zimbra user do the following changes
    2. Create a file in /opt/zimbra/conf/zmconfigd
    3. postfix_external_content_filter.cf
    4. Add the following in the file
    5. smtp:[AV.AS.ServerName/IP]ort
    6. Edit the file /opt/zimbra/conf/zmconfigd.cf as follows (Exactly)
      SECTION amavis
      REWRITE conf/amavisd.conf.in conf/amavisd.conf
      POSTCONF content_filter FILE zmconfigd/postfix_external_content_filter.cf
      if SERVICE antivirus
      POSTCONF content_filter FILE zmconfigd/postfix_content_filter.cf
      fi
      if SERVICE antispam
      POSTCONF content_filter FILE zmconfigd/postfix_content_filter.cf
      fi
      if SERVICE archiving
      POSTCONF content_filter FILE zmconfigd/postfix_content_filter.cf
      fi
    7. Restart Zimbra services (zmcontrol restart)


    This config will survive across reboots, restarts. However this maynot survive upgrades etc. I have tested this on Zimbra 8.0.0 & 8.0.2 and it works.

    I would appreciate if someone can go thro the logic & find any potential issues with this kind of setup or config. If this is fine, can this be added to wiki?

    Thanks

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 11
    Last Post: 07-31-2011, 12:10 PM
  2. Replies: 1
    Last Post: 12-08-2009, 04:42 PM
  3. Hooking in another process or content_filter?
    By jmcknight in forum Developers
    Replies: 26
    Last Post: 10-21-2008, 09:21 AM
  4. Replies: 5
    Last Post: 05-22-2008, 08:13 AM
  5. Replies: 4
    Last Post: 09-10-2007, 01:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •