Sophie

Sophie

distrib > Mageia > cauldron > i586 > by-pkgid > e88b3afc52a49985e81beea4e45473c2 > files > 33

amavisd-new-2.11.0-7.mga7.noarch.rpm

Date: Wed, 03 Sep 2003 23:17:12 +0200
From: Andreas Zeidler <az@kreativkombinat.de>
Subject: [AMaViS-user] smtp only setup with exim 3.x (request for comments)
To: AMaViS-user <amavis-user@lists.sourceforge.net>
Message-id: <20030903211712.GA12537@kreativkombinat.de>

hi,

during the last two days i've finally found some time to setup
amavisd-new with exim v3, clamav and spamassassin.  after looking
around the web for a sample configuration, i found some remarks about
shortcomings of the amavis.c approach [1].  that is, feeding the mail in
question to amavisd by defining a transport like ...

  amavis:
    driver = pipe
    command = "/usr/sbin/amavis ${sender_address} ${pipe_addresses}"

also, judging from the comments in amavisd.conf, it seemed to me that
returning the now checked mail by...

  $forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr
      scanned-ok -i -f ${sender} -- ${recipient}';

is not preferable to using regular smtp.  while i've read about those
problems, i do not know under which exact circumstances the above
methods would cause trouble.

anyway, putting together several pieces and reading the exim
documentation i've come up with a setup that uses smtp both ways and
seems to work fine so far (it's been running for some 24 hours on our
mail server now).  so, the reason i'm writing is that i'd like some
comments about this setup, since i wouldn't know enough details to be
sure there are no other problems with it.

following are the relevant parts from the configuration of amavisd and
exim.  clamd and spamd are installed with their respective default
configuration.  the transport is defined as...

    amavis:
      driver = smtp
      hosts = localhost
      port = 10024
      allow_localhost
#     transport_filter = "/usr/bin/spamc"

which causes exim to relay the mail to amavisd listening on the local
port 10024 (the default).  thanks to a (indeed) neat suggestion [2]
the need for a second round-trip through spamassassin and several more
(exim) drivers is gone by using spamc as a transport filter.  also, the
generated spam-headers are conserved nicely.

the transport method for the way back is defined (in amavisd.conf),
so that the mail is re-injected into exim on the regular smtp port.
afaik exim 3.3 doesn't support listening on several ports at once,
so port 10025 is not possible...

    $forward_method = 'smtp:127.0.0.1:25';
    $notify_method = $forward_method;
    $localhost_name = "amavis";
    $relayhost_is_client = 0;

the 'localhost_name' setting is necessary in order to distinguish
amavis from other processes using smtp via localhost.  the director
is defined accordingly...

    amavis_director:
      condition = "${if and {{eq {$sender_host_address}{127.0.0.1}} \
                             {eq {$sender_helo_name}{amavis}}} {0}{1}}"
      driver = smartuser
      transport = amavis
      verify = false

the condition tests against the helo name provided by amavis and set
up in amavisd.conf as described above.  at the same time this is the
only flaw i can see with this setup so far.  a local user could use
this helo name to prevent the mail from being scanned by amavis, but
on the other hand that's also possible with the suggested setup for
exim 4.x (re-injecting through port 10025).  also, at least on our
mail server local users are pretty rare, so that's no problem...

for exim to receive a proper sender address it is also necessary
to make the user running amavisd trusted...

    trusted_users = mail:amavis

finally, if outgoing mail should be scanned as well, a possible
definition for a route could be...

    amavis_router:
      condition = "${if and {{eq {$sender_host_address}{127.0.0.1}} \
                             {eq {$sender_helo_name}{amavis}}} {0}{1}}"
      driver = domainlist
      transport = amavis
      route_list = "* localhost byname"
      verify = false
      self = send

i think that's about everything relevant.  like i said, this setup
is working fine here so far.  what do you think?  would this be
an okay way to run things or are there problems to be expected?

take care,


andi

[1] http://marc.theaimsgroup.com/?t=103014542500001&r=1&w=2
[2] http://marc.theaimsgroup.com/?l=exim-users&m=102977722707468&w=2

--
Kreativkombinat GbR
Konrad-Adenauer-Allee 25 * 86150 Augsburg
Telefon +49 821 4441269 * Fax +49 821 4401310
Web http://www.kreativkombinat.de/