a...@hypernote.com (Aaron Poffenberger), 2014.02.26 (Wed) 18:30 (CET):
> I recently configured smptd to replace a postfix-based solution.
> smtpd(8) is a joy to work with. In ~four rules I had a working email
> server!
>
> My next goals was to get content filtering in place. I decided on
> amavisd-new with clamav and spamassassin.
>
> I couldn't find any tutorials for using amavisd with smtpd(8) so I
> worked out my own solution based on some postfix tutorials and the
> excellent smtpd.conf(5) doc.
>
> Following are the steps and missteps that got me to the working
> smtpd.conf included at the bottom.
>
> I have also have one question for the smtpd(8) developers at the end.
>
> The goal was to have smtpd deliver via lmtp to amavisd. Fortunately
> smtpd in 5.4 (shipping) supports lmtp via the deliver and relay
> keywords. That?s important as we?ll see in a minute.
>
> Installing amavisd is easy. Configuration is another story. For now I'm
> assuming the user can handle pkg_add -i amavisd-new and starting the
> relevant daemons.
>
> The first step is to create a rule to send inbound email to amavisd
> rather than procmail.
>
> accept tagged default from any for domain <domains> \
> relay via lmtp://127.0.0.1:10024
>
> The reason for "relay via" will make sense shortly.
>
> Once I had mail delivering to amavisd I had to arrange for smtpd to
> listen on another port to receive the content-filtered email.
>
> The default in the amavis world is to listen on port 10024 and re-inject
> on 10025. I initially tried writing to rules to ?accept from if:port?.
> That failed miserably. Tagging is the solution. Each ?listen on? command
> can tag client sessions that are later used via ?accept tagged <tag>?.
> With that problem solved I was able to define 3 production listeners and
> one for testing:
>
> listen on lo0 port 10025 tag amavis hostname amavis # re-injection
> listen on lo0 port 1587 tag test hostname test # testing
> listen on msk0 port 25 tag default # external
> listen on lo0 tag default # internal
>
> It was at this point I discovered the need for "relay via" rather than
> "delivery to". Initially I sent mail to amavisd with this rule:
>
> accept tagged test from any for domain <domains> virtual <vmap> \
> deliver to lmtp 127.0.0.1:10024
>
> That failed. What would happen is "virtual <vmap>" was forwarding the
> emails to amavisd for delivery to the user?s system account.
> "To: <user-t...@example.com>" effectively became "To: <user>".
>
> When amavisd re-injected the email it was rejected by smtpd because "To:
> <user>" is an invalid recipient. The solution, then, was to defer the
> "virtual <vmap" lookup until re-injection. The way to do do that was to
> use "relay via":
>
> accept tagged default from any for domain <domains> \
> relay via lmtp://127.0.0.1:10024
>
> With those change in place content filtering began working and has
> continued to do so. smtpd(8) + spamd(1) + content-filtering = very
> little spam.
>
> The question I have for Gilles et al.: Is there a better way to send the
> emails to amavisd? It would be more efficient if emails went through
> "virtual <vmap>" first so invalid recipients were rejected before
> content filtering.
I'm not Gilles et al. but...
If you could go with recipients instead of virtual this is what I use:
table domains { 'foo.at', 'foobar.at' }
table addresses file:/etc/mail/addresses
accept from any for domain <domains> recipient <addresses> \
relay via smtp://127.25.0.1:10024
I'm using smtp here because I had strange problems with multiple rcpts
that I circumvented by using smtp instead of lmtp. Sorry, no notes taken
and memory already fading.
Bye, Marcus
