Mark Martinec wrote:
> Simon,
>
>>> Right. This is a duty of a front-end MTA,
>> Well the front-end MTA (MX host) is doing this, it's just the recipient
>> callout it makes stops at amavis and doesn't get through to the internal
>> mail host. It would have been really convenient to have been able to do
>> this :-)
>
> I misunderstood, thinking that amavisd was exposed to the world.
>
> So we have a normal dual-MTA setup, which is fine, as long as the front-end
> MTA keeps the number of parallel SMTP sessions to amavisd at $max_servers
> or below. If there are several MX hosts, the limit applies to the
> estimated sum of their SMTP sessions.
>
> So your choice is either to use advice from Noel, or make a list
> of valid users available to front-end MTAs through some other mechanism
> (SQL, LDAP, periodically copying a fresh list from internal to MX).
>
> Mark
>
Thanks to everyone for all their useful input. In the long run I'll go
with LDAP lookups or something similar but that's a job for another day.
In the mean time...
I'm using Exim 4.5 on all our MTAs, and there's no simple parameter to
redirect the recipient callout (from MX MTA directly to the internal
MTA). I'm not an Exim guru so there may a kludge that I could do.
Maybe I should switch to Postfix instead :-) I'll follow the Amavis
docs on how to combine Amavis and Exim.
Instead of just having Amavis in between the MTAs, as I do now, I'll try
to have both Amavis and Exim.
-->Firewall--->MX MTA---\ +---------------+
|--->| Exim + Amavis |--->Internal MTA
-->Firewall--->MX MTA---/ +---------------+
Hopefully I can then allow recipient callouts along the whole chain of
MTAs before Amavis does it's thing. I'll make sure that each MTA
accepts any address (local part) in the event of the next MTA in the
chain not being contactable, so nothing important bounces during
maintenance/down time.
Simon
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
