Rosca,
> > > > With
> > > > $forward_method = 'smtp:*:10025';
> > > > in amavisd.conf amavis will forward the scanned message back to
> > > > the originating postfix server and you can share several amavis
> > > > installations on more than one SMTP gateway making it possible to
> > > > use also round robin for your SMTP gateways.
>
> Sorry, Please, could you be more clear?
> I have n SMTP gateway server (Postfix+MySQL+Amavisd-new).
>
> The amavisd-new socket is bound on the localhost interface, so it will
> never accept connection from another SMTP gateway:
>
> tcp 0 0 127.0.0.1:10024 0.0.0.0:*
> LISTEN
> Should I make Amavisd-new listen on *?
Yes, if if is on a different host that MTA:
$inet_socket_bind = undef; # bind to all IP interfaces if undef
@inet_acl = qw( 127.0.0.1 [::1] 193.2.4.66 [2001:1470:ff80::25]
193.2.4.95 212.235.133.145
[2001:1470:ff80:2::8:1] [2001:1470:ff80:8008::1] );
> The same problem for reinjection socket..
Certainly, the Postfix smtpd service on port 10025 must listen
on all interfaces if the connection is comming from another host.
This is a default setting.
> What cause this in terms of security?
Restrict amavisd to only accept connections from your MTAs,
e.g.
@inet_acl = qw( 127.0.0.1 ::1 192.168.0.0/16 192.0.2.123 );
and restrict postfix to only accept mail on port 10025
from the host where amavisd is running, e.g. (master.cf):
10025 inet n - n - - smtpd
...
-o mynetworks=127.0.0.0/8,[::1],192.168.0.0/16,192.0.2.124
...
> Finally, where I have exactly to put:
>
> content_filter=amavisd-new:amavis.domain.tld:10024
>
> in master.cf?
Either globally in main.cf, or with each smtpd or pickup service
in master.cf, whichever is more appropriate to your setup.
> > > My only fear is that a such approach could icrease
> > > drastically the DMZ network traffic.. :-(
> >
> > You're simply doubling the number of mails transferred within
> > your network.
> > As long as your network load isn't already at 50% this
> > shouldn't be a problem.
>
> mmh.. I have to verify.. Any idea on how?
Network traffic within a LAN is hardly ever an issue.
Mark
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
