I have a bunch of servers that send internal network only emails and
reports, e.g. logwatch data, etc. All servers are configured to use a
simple local postfix instance that delivers mail to my primary postfix
server, specified thus:
relayhost = [192.168.1.235]
That works fine, email hits that server on port 25 and is accepted
because the addresses are in mynetworks of postfix listening on
192.168.1.235:25. But at the moment it is then processed through ->
amavisd lmtp / spamassassin -> Postfix on port 10025 -> delivered. And
sometimes they get spam trapped (particularly the ones from logwatch
on postfix with spamassassin info in them).
I'd like the server to not run these internal only emails through
amavisd-new, but to just send them to the internal destination.
What's the best way?
I have a (currently empty) client_checks test that I could run
"192.168.1 FILTER [127.0.0.1]:10025" in, but if I try that at the
moment I get:
warning: connect to transport private/smtp[127.0.0.1]: No such file or
warning: connect to transport private/retry: Connection refused
which I think is because my postfix on port 10025 is only configured
to listen to localhost (127.0.0.1:10025 inet;
mynetworks=127.0.0.0/8)... which makes sense, that service is pretty
much straight in.
So that got me thinking, is that the best way anyway?
I thought about submitting them to port 587 and disabling scanning on
MYNETS in amavisd - but then if one of my users gets compromised
outgoing email is not being spam scanned, so that's not my preference.
What recommendations for running internal source / internal
destination only emails through with minimal overhead - straight
through postfix to delivery?
Ideally I want something along the lines of
IF((source IP = 192.168.1.0/24) AND (destination =
(root,[hidden email],whatever_other_internal)) THEN: send
through aliases and to delivery transport.
> Simon Wilson:
>> I have a (currently empty) client_checks test that I could run
>> "192.168.1 FILTER [127.0.0.1]:10025" in, but if I try that at the
> That is not valid syntax. You must specify a delivery method
> before the destination:
> FILTER transport:destination
> FILTER smtp:[127.0.0.1]:10025
Yep that fixed it. Thanks Wietse. I did actually have 'smtp' in there
but had missed the first colon - all works now.
I needed to make sure that check_client_access was before
permit_mynetworks for obvious reasons. This FILTER assignment is the
only thing in there.
> (destination is [127.0.0.1]:10025).
>> warning: connect to transport private/retry: Connection refused
> SeLinux mis-configuration?