Hi Grant, For when you return:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15445 describes a similar setup to your requirements which seems to work pretty well. The recipe is similar to the one outlined by Keith: Each instance of sendmail listens on a different port, and delivery is up the chain of ports. Ensure that the intermediary sendmail processes only receive mail from localhost, otherwise your filters can be bypassed. Oh, and if you use a disto that clobbers init scripts (hi redhat) do be careful and make sure your customised start scripts (and makefile) don't get overwritten :) The approach works pretty well, and with a bit of adaptation I think it could fit your requirements. HTH, Seb http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15445 On Saturday 29 May 2004 18:09, Grant Parnell - EverythingLinux wrote: > On Sat, 29 May 2004, Keith Hopkins wrote: > > Grant Parnell - EverythingLinux wrote: > > >The principle is this.... > > >[inbound email to test@<domain>.com.au] > > > > > > | 192.168.1.4:25 > > > > > >[sendmail.cf.listen.milter-sender] > > > > > > | 127.0.0.1:25 > > > > > >[sendmail.cf.listen.kavscanner] > > > > > > | lmtp > > > > > >[sendmail.cf.cyrus] > > > > > > | cyrusv2 > > > > > >[/x/imap/t/user/test/*] > > > > > >Now... telnet to 127.0.0.1 port 25 and it works, does the virus scan and > > >delivers to cyrus mailbox so that half's just fine. > > >I've been frustrated for the last several hours trying to figure out > > > ways of getting the sendmail daemon listening on ip 192.168.1.4 to > > > forward succussful messages onto 'localhost'. > > > > > >Alternatives may be using another MTA that has the features of > > >milter-sender, such as postfix. I haven't looked into that, I'd imagine > > > it shouldn't be a problem to interface with cyrus but what I don't know > > > is if it's going to be a similar problem. Alternately... I could use > > > BOTH! > > > > Hi Grant, > > > > I've never tried doing this exact thing, but I'd like to help. What > > exactly are you seeing happen when it tries to forward to localhost? > > What config option are you using to tell it to do so? How are you > > restricting each instance of sendmail to a specific interface? > > > > Suggestion: move the "localhost" sendmail instance up to a different > > port. For instance, on my system, spamassassin sits up on port 10024, > > and I feed it there, and it returns msgs back to a sendmail (well, > > postfix actually) instance listening on port 10025. > > To restrict to the interface I wanted I set the IP in the > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') in the > sendmail.mc.listen.kavscanner file (this setting is the default for > Fedora/RedHat). > For the other instance I just changed the IP to the external interface. > > Hmm... maybe I'll just install spamassasin as well, can't hurt! > > FWIW I tried setting up the kavscanner/sendmail on port 250 but then I > couldn't figure out how to get the other one to send to port 250. > I even tried > 'iptables -A OUTPUT -d 127.0.0.1 -p tcp --dport 25 -j REDIRECT > --to-ports 250' > but that kept giving me 'invalid option' or something like that (ie I > think REDIRECT doesen't work in the OUTPUT chain to spite the > documentation). > > I tried setting smarthost even to localhost... that was a mistake. I found > FEATURE(`nullclient',`localhost') sounds like it should do the job but > doesen't. It just drops it into /var/spool/mail instead. I suspect the > documentation on that feature was a bit off or not what I was trying to > do. > > About the best I got so far was the sendmail on 192.168.1.4 trying to send > to localhost and getting 'error mail loops back to me (MX problem?)' > suggesting it was trying to send to an instance of itself rather than the > other instance - oh and in no way does a DNS or /etc/hosts lookup for > 'localhost' point to 192.168.1.4. Therefore I can't see how trying to get > it to send to 'localhost' stuffs up unless it's hardcoded or something. I > don't have control of their DNS.. but I might try installing my own and > setting up MX records for localhost2 or something. > > It's all a bit academic at the moment, went to work on it today and > they've changed the firewall on me. I'm on leave starting next week so > it'll be 2 weeks before I get back to it. The server's not in production > yet... their old one is still crawling along with a different mail setup > entirely. > > -- > ---<GRiP>--- > Grant Parnell - senior consultant > EverythingLinux services - the consultant's backup & tech support. > Web: http://www.everythinglinux.com.au/support.php > We're also busybits.com.au and linuxhelp.com.au and elx.com.au. > Phone 02 8752 6622 to book service or discuss your needs. > > ELX or its employees participate in the following:- > OSIA (Open Source Industry Australia) - http://www.osia.net.au > AUUG (Australian Unix Users Group) - http://www.auug.org.au > SLUG (Sydney Linux Users Group) - http://www.slug.org.au > LA (Linux Australia) - http://www.linux.org.au -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
