Help needed to setup up third party Antivirus scanning

[curious_guy]

Hi there,

First of all, Thank you for the great product which has got a bright future ahead. I'm one of the new deployments using open source edition of zimbra for production environment. Wish i could support zimbra community by purchasing the network edition, but my company's budget doestn't enable me to do so.,

Thank you for the great product once again, Now coming to the point.....

I'm using zimbra's latest version installed on CENT OS 4.2, Its good that this product comes with Clam AV and Spamassasin. But recently i've got a few email with virus escaped from Clam AV without being caught. So i Planned to have third party antivirus scanner in the place of AMAVIS, the product is Symantec AV for SMTP gateways. I managed to setup the product. and i've configured main.cf first line set to the symantec smtp port for the AV scanning and spam filtering. After scanning, teh symantec AV scanner will then hand over the mail back to the postfix proxy at 10025.

The above seems logically ok, however all my out going emails are being bounced back by this following error,

Quote:

" This is the Postfix program at host mail.mydomain.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The Postfix program

email_id@destination.com: host 127.0.0.1[127.0.0.1] said: 554

email_id@destination.com: Relay access denied (in reply to RCPT TO
command)



Final-Recipient: rfc822; email_id@destination.com
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; host 127.0.0.1[127.0.0.1] said: 554
email_id@destination.com: Relay access denied (in reply to RCPT TO
command) "

Here is my main.cf

Quote:

content_filter = smtp-amavis:[127.0.0.1]:11125
myhostname = mail.royaladelphi.com
recipient_delimiter =
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes
smtpd_use_tls = yes
disable_dns_lookups = no
message_size_limit = 10240000
relayhost =
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /opt/zimbra/postfix-2.2.9/sbin
daemon_directory = /opt/zimbra/postfix-2.2.9/libexec
header_checks = pcre:/opt/zimbra/conf/postfix_header_checks
mailq_path = /opt/zimbra/postfix-2.2.9/sbin/mailq
manpage_directory = /opt/zimbra/postfix-2.2.9/man
newaliases_path = /opt/zimbra/postfix-2.2.9/sbin/newaliases
queue_directory = /opt/zimbra/postfix-2.2.9/spool
sender_canonical_maps = ldap:/opt/zimbra/conf/ldap-scm.cf
sendmail_path = /opt/zimbra/postfix-2.2.9/sbin/sendmail
smtpd_client_restrictions = reject_unauth_pipelining
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_reject_unlisted_recipient = no
smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
smtpd_tls_loglevel = 1
transport_maps = ldap:/opt/zimbra/conf/ldap-transport.cf
version = 2.2.9
virtual_alias_domains = ldap://opt/zimbra/conf/ldap-vad.cf
virtual_alias_maps = ldap:/opt/zimbra/conf/ldap-vam.cf
virtual_mailbox_domains = ldap:/opt/zimbra/conf/ldap-vmd.cf
virtual_mailbox_maps = ldap:/opt/zimbra/conf/ldap-vmm.cf
virtual_transport = error

need assinstance in that matter, i've no problems recieving the incoming mails.

i've checked /var/log/maillog file. I found the clues. here is the log for an outgoing message

Quote:

Sep 30 13:07:35 mail postfix/smtpd[6950]: 294BD708519: client=myhost.mydomain.com[my.ip.address]
Sep 30 13:07:35 mail postfix/smtpd[6950]: E2358708519: client=myhost.mydomain.com[my.ip.address]
Sep 30 13:07:35 mail postfix/cleanup[10611]: E2358708519: message-id=FGECJGJKPJPFPAGPAGINAEIHDBAA.my_email_id@mydoma in.com
Sep 30 13:07:36 mail postfix/qmgr[6866]: E2358708519: from=my_email_id@mydomain.com, size=14001, nrcpt=1 (queue active)
Sep 30 13:07:36 mail inbound-mta/smtpd[10613]: connect from localhost.localdomain[127.0.0.1]
Sep 30 13:07:36 mail inbound-mta/smtpd[10613]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 554 some_id@gmail.com: Relay access denied; from=my_email_id@mydomain.com to=some_id@gmail.com proto=ESMTP helo=mail.mydomain.com
Sep 30 13:07:36 mail postfix/smtp[10612]: E2358708519: to=some_id@gmail.com, relay=127.0.0.1[127.0.0.1], delay=1, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 some_id@gmail.com: Relay access denied (in reply to RCPT TO command))
Sep 30 13:07:36 mail inbound-mta/smtpd[10613]: disconnect from localhost.localdomain[127.0.0.1]
Sep 30 13:07:36 mail postfix/cleanup[10611]: 24CCC70851C: message-id=20060930050736.24CCC70851C@mail.mydomain.com
Sep 30 13:07:36 mail postfix/qmgr[6866]: 24CCC70851C: from=, size=15912, nrcpt=1 (queue active)
Sep 30 13:07:36 mail postfix/qmgr[6866]: E2358708519: removed
Sep 30 13:07:36 mail postfix/smtpd[6950]: disconnect from myhost.mydomain.com[my.ip.address]
Sep 30 13:07:36 mail postfix/lmtp[10625]: 24CCC70851C: to=my_email_id@mydomain.com, relay=mail.mydomain.com[my.mail.domain.address], delay=0, status=sent (250 2.1.5 OK)
Sep 30 13:07:36 mail postfix/qmgr[6866]: 24CCC70851C: removed

AND HERE is the log for incoming email.

Quote:

Sep 30 13:56:59 mail postfix/smtpd[26199]: connect from py-out-1112.google.com[64.233.166.177]
Sep 30 13:57:00 mail postfix/smtpd[26199]: 2DA19708519: client=py-out-1112.google.com[64.233.166.177]
Sep 30 13:57:00 mail postfix/cleanup[26848]: 2DA19708519: message-id=a4c8ac520609292256i4bebb670l7ae2582be225043e@ma il.gmail.com
Sep 30 13:57:00 mail postfix/qmgr[26179]: 2DA19708519: from=from_email_id@gmail.com, size=1306, nrcpt=1 (queue active)
Sep 30 13:57:00 mail inbound-mta/smtpd[26850]: connect from localhost.localdomain[127.0.0.1]
Sep 30 13:57:00 mail inbound-mta/smtpd[26850]: E309D73025D: client=localhost.localdomain[127.0.0.1]
Sep 30 13:57:00 mail inbound-mta/cleanup[26854]: E309D73025D: message-id=a4c8ac520609292256i4bebb670l7ae2582be225043e@ma il.gmail.com
Sep 30 13:57:01 mail postfix/smtp[26849]: 2DA19708519: to=my_email_id@mydomain.com, relay=127.0.0.1[127.0.0.1], delay=2, status=sent (250 Ok: queued as E309D73025D)
Sep 30 13:57:01 mail inbound-mta/smtpd[26850]: disconnect from localhost.localdomain[127.0.0.1]
Sep 30 13:57:01 mail postfix/qmgr[26179]: 2DA19708519: removed
Sep 30 13:57:01 mail inbound-mta/qmgr[21144]: E309D73025D: from=from_email_id@gmail.com, size=1581, nrcpt=1 (queue active)
Sep 30 13:57:01 mail delivery-mta/smtpd[26856]: connect from unknown[127.0.0.1]
Sep 30 13:57:01 mail delivery-mta/smtpd[26856]: 1C52173026E: client=unknown[127.0.0.1]
Sep 30 13:57:01 mail delivery-mta/cleanup[26859]: 1C52173026E: message-id=a4c8ac520609292256i4bebb670l7ae2582be225043e@ma il.gmail.com
Sep 30 13:57:01 mail inbound-mta/smtp[26855]: E309D73025D: to=my_email_id@mydomain.com, relay=127.0.0.1[127.0.0.1], delay=1, status=sent (250 OK)
Sep 30 13:57:01 mail inbound-mta/qmgr[21144]: E309D73025D: removed
Sep 30 13:57:01 mail delivery-mta/smtpd[26856]: disconnect from unknown[127.0.0.1]
Sep 30 13:57:01 mail delivery-mta/qmgr[21150]: 1C52173026E: from=from_email_id@gmail.com, size=1821, nrcpt=1 (queue active)
Sep 30 13:57:01 mail postfix/smtpd[26861]: connect from localhost.localdomain[127.0.0.1]
Sep 30 13:57:01 mail postfix/smtpd[26861]: 543FF708519: client=localhost.localdomain[127.0.0.1]
Sep 30 13:57:01 mail postfix/cleanup[26848]: 543FF708519: message-id=a4c8ac520609292256i4bebb670l7ae2582be225043e@ma il.gmail.com
Sep 30 13:57:01 mail postfix/qmgr[26179]: 543FF708519: from=from_email_id@gmail.com, size=2027, nrcpt=1 (queue active)
Sep 30 13:57:01 mail postfix/smtpd[26861]: disconnect from localhost.localdomain[127.0.0.1]
Sep 30 13:57:01 mail delivery-mta/smtp[26860]: 1C52173026E: to=my_email_id@mydomain.com, relay=127.0.0.1[127.0.0.1], delay=0, status=sent (250 Ok: queued as 543FF708519)
Sep 30 13:57:01 mail delivery-mta/smtp[26860]: 1C52173026E: audit_id=c0a80001-ac7fbbb000004c1c-08-451e072cb3f9
Sep 30 13:57:01 mail delivery-mta/qmgr[21150]: 1C52173026E: removed
Sep 30 13:57:01 mail postfix/lmtp[26862]: 543FF708519: to=my_email_id@mydomain.com, relay=mail.mydomain.com[192.168.X.X], delay=0, status=sent (250 2.1.5 OK)
Sep 30 13:57:01 mail postfix/qmgr[26179]: 543FF708519: removed

From the bove i found two words which i belive it to be from Symantec AV scanner. inbound-mta and delivery-mta . if thats true then i've isolated the problem.

Thank you

[dijichi2]

Hi

The normal way for virus scanning is to use amavis - it is configured by default to pick up most virus scanners, and I think it takes commercial ones by default before clamav. Have you tried leaving the standard zimbra postfix as is? Look at /opt/zimbra/conf/amavisd.conf for further info about handoffs to your av scanner.