Hello again. I got postscreen working with content filtering and passing good mail through. I'm able to receive and send mail, and headers all look like it seems they should. It's good to feel some progress even if just first steps.
I learned that we really should have both a primary and a backup MX assigned, and that they should be different IPs. I have the spare IP, I assigned it to the backup, and set up the DNS for it all. As far as I can tell, there's no technical problem with having my one server listen at both IP addresses. May not be the best idea for the long term, and we may need to set up a server on a second physical host somewhere else. I'll get to that later. So now I have two IP addresses, each with its own hostname, and I want to get the one server set up. From what I'm reading you have to be careful to get the right "response", banner and/or greeting, from the right server. It looks like I first get "teaser" banners set up for postscreen for each of the MXs in master.cf with XX.XX.XX.1:smtp inet n - n - 1 postscreen -o postscreen_greet_banner="mail1.DOMAIN.COM ESMTP Postfix" -o smtpd_proxy_filter=127.0.0.1:10025 -o smtpd_client_connection_count_limit=10 -o smtpd_proxy_options=speed_adjust XX.XX.XX.2:smtp inet n - n - 1 postscreen -o postscreen_greet_banner="mail2.DOMAIN.COM ESMTP Postfix" -o smtpd_proxy_filter=127.0.0.1:10025 -o smtpd_client_connection_count_limit=10 -o smtpd_proxy_options=speed_adjust smtpd pass - - n - - smtpd dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy ... What I don't get is how I then get the right banner responses through the next-step content filter (example for spampd based on http://www.postfix.org/SMTPD_PROXY_README.html#config) to the "after filter" SMTP server, 127.0.0.1:10026 inet n - n - - smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks I' don't think the postscreen_greet_banner gets "passed through", does it? I can sure put a smtpd banner option statement in there, but I believe I need 2 banners, one for each MX server IP, primary and backup. Is the right way here to launch TWO postscreen instances, TWO spampd proxy instances, and TWO "after filter" instances, so that I have TWO separate chains, each one with a greeting or banner of its own? Jeremy Alsten
