SfR Fresh: [amavisd-new-2.6.1.tar.gz] Member README.exim_v3

"SfR Fresh" - the SfR Freeware/Shareware Archive

Member "amavisd-new-2.6.1/README_FILES/README.exim_v3_app" of archive amavisd-new-2.6.1.tar.gz:

As a special service "SfR Fresh" has tried to format the requested source page into HTML format using source code syntax highlighting with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. That can be also achieved for any archive member file by clicking within an archive contents listing on the first character of the file(path) respectively on the according byte size field.

    1 Date: Wed, 03 Sep 2003 23:17:12 +0200
    2 From: Andreas Zeidler <az@kreativkombinat.de>
    3 Subject: [AMaViS-user] smtp only setup with exim 3.x (request for comments)
    4 To: AMaViS-user <amavis-user@lists.sourceforge.net>
    5 Message-id: <20030903211712.GA12537@kreativkombinat.de>
    6 
    7 hi,
    8 
    9 during the last two days i've finally found some time to setup
   10 amavisd-new with exim v3, clamav and spamassassin.  after looking
   11 around the web for a sample configuration, i found some remarks about
   12 shortcomings of the amavis.c approach [1].  that is, feeding the mail in
   13 question to amavisd by defining a transport like ...
   14 
   15   amavis:
   16     driver = pipe
   17     command = "/usr/sbin/amavis ${sender_address} ${pipe_addresses}"
   18 
   19 also, judging from the comments in amavisd.conf, it seemed to me that
   20 returning the now checked mail by...
   21 
   22   $forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr
   23       scanned-ok -i -f ${sender} -- ${recipient}';
   24 
   25 is not preferable to using regular smtp.  while i've read about those
   26 problems, i do not know under which exact circumstances the above
   27 methods would cause trouble.
   28 
   29 anyway, putting together several pieces and reading the exim
   30 documentation i've come up with a setup that uses smtp both ways and
   31 seems to work fine so far (it's been running for some 24 hours on our
   32 mail server now).  so, the reason i'm writing is that i'd like some
   33 comments about this setup, since i wouldn't know enough details to be
   34 sure there are no other problems with it.
   35 
   36 following are the relevant parts from the configuration of amavisd and
   37 exim.  clamd and spamd are installed with their respective default
   38 configuration.  the transport is defined as...
   39 
   40     amavis:
   41       driver = smtp
   42       hosts = localhost
   43       port = 10024
   44       allow_localhost
   45 #     transport_filter = "/usr/bin/spamc"
   46 
   47 which causes exim to relay the mail to amavisd listening on the local
   48 port 10024 (the default).  thanks to a (indeed) neat suggestion [2]
   49 the need for a second round-trip through spamassassin and several more
   50 (exim) drivers is gone by using spamc as a transport filter.  also, the
   51 generated spam-headers are conserved nicely.
   52 
   53 the transport method for the way back is defined (in amavisd.conf),
   54 so that the mail is re-injected into exim on the regular smtp port.
   55 afaik exim 3.3 doesn't support listening on several ports at once,
   56 so port 10025 is not possible...
   57 
   58     $forward_method = 'smtp:127.0.0.1:25';
   59     $notify_method = $forward_method;
   60     $localhost_name = "amavis";
   61     $relayhost_is_client = 0;
   62 
   63 the 'localhost_name' setting is necessary in order to distinguish
   64 amavis from other processes using smtp via localhost.  the director
   65 is defined accordingly...
   66 
   67     amavis_director:
   68       condition = "${if and {{eq {$sender_host_address}{127.0.0.1}} \
   69                              {eq {$sender_helo_name}{amavis}}} {0}{1}}"
   70       driver = smartuser
   71       transport = amavis
   72       verify = false
   73 
   74 the condition tests against the helo name provided by amavis and set
   75 up in amavisd.conf as described above.  at the same time this is the
   76 only flaw i can see with this setup so far.  a local user could use
   77 this helo name to prevent the mail from being scanned by amavis, but
   78 on the other hand that's also possible with the suggested setup for
   79 exim 4.x (re-injecting through port 10025).  also, at least on our
   80 mail server local users are pretty rare, so that's no problem...
   81 
   82 for exim to receive a proper sender address it is also necessary
   83 to make the user running amavisd trusted...
   84 
   85     trusted_users = mail:amavis
   86 
   87 finally, if outgoing mail should be scanned as well, a possible
   88 definition for a route could be...
   89 
   90     amavis_router:
   91       condition = "${if and {{eq {$sender_host_address}{127.0.0.1}} \
   92                              {eq {$sender_helo_name}{amavis}}} {0}{1}}"
   93       driver = domainlist
   94       transport = amavis
   95       route_list = "* localhost byname"
   96       verify = false
   97       self = send
   98 
   99 i think that's about everything relevant.  like i said, this setup
  100 is working fine here so far.  what do you think?  would this be
  101 an okay way to run things or are there problems to be expected?
  102 
  103 take care,
  104 
  105 
  106 andi
  107 
  108 [1] http://marc.theaimsgroup.com/?t=103014542500001&r=1&w=2
  109 [2] http://marc.theaimsgroup.com/?l=exim-users&m=102977722707468&w=2
  110 
  111 --
  112 Kreativkombinat GbR
  113 Konrad-Adenauer-Allee 25 * 86150 Augsburg
  114 Telefon +49 821 4441269 * Fax +49 821 4401310
  115 Web http://www.kreativkombinat.de/