> >> Greetings master postfixers,
> >>
> >> I am trying to solve a forwarding problem. I have two separate amavis
> >> instanceson my edge MX that each do spam-checking: one incoming
> >> (obvious), one outgoing (our users aren't too good about keeping
their
> >> computers zombie-free).
> >>
> >> For the particular case where mail passes the gateway, arrives
locally,
> >> whereupon it's discovered that it should be forwarded to an external
> >> address, I do NOT want it to get re-scanned by the outgoing amavis
> >> instance, but rather sent straight through. So, I need to route it
> >> differently by choosing an alternate transport (which I will just
set up
> >> as a special, 'pre-screened' smtp listening port.) However, how do I
> >> identify / capture this stream of forwarded mail? Right now, to the
> >> outgoing MX/amavis gateway, it looks exactly like it originated
from the
> >> inside, rather than having been forwarded.
> >>
> >> mysql_virtual_alias_maps, which I'm using, did not have any helpful
> >> references (because aliases are general, not necessarily
external), nor
> >> did several Google's about forwarding magic.
The entry points for the inbound MTA are inbound.clean and inbound.dirty.
The entry points for the outbound MTA are outbound.clean and
outbound.dirty.
Mail received on the dirty entry points is filtered.
Receive all mail from remote senders on inbound-dirty.
Receive all mail from local senders on outbound-dirty.
Configure the inbound MTA with a "relayhost" setting of outbound-clean.
Configure the outbound MTA to send local mail to inbound-clean.
Wietse
>
> For line two: it's my local MX, not my edge MX, that welcomes local
> users via the auth'd SSL'd submission port. I guess this is
> 'outbound-dirty'. In order to ensure these messages are filtered, I have
> to run amavis on that same host, correct? So that now amavis is running
> on the local MX, rather than the edge MX? (Hoping to only run amavis
there.)
>
> I hope I'm not garbling the solution.
>
> -Daniel
>
OK I believe I've worked out your solution. However my setup is
different. I am not specializing my MTAs for outbound/inbound.
I have a public MX that receives mail on inbound-dirty, filters it on
inbound-filter, and sends it to inbound-clean on the private MX, (which
is also the IMAP server so it gets delivered locally).
The public MX also receives mail from the private MX on
outbound-dirty-internal, filters it on outbound-filter, determines where
it should go, and either sends it outbound to the world or back to the
private MX on inbound-clean.
The private MX receives mail from local users on outbound-dirty-local,
only performing authentication, and merely forwards it to the private MX
on outbound-dirty-internal.
This way, the spam filtering (both instances) only run on one host,
which does not have any IMAP, SSL, or authentication responsibilities.
When I edit my spam rules or train Bayes, etc., I only have to do it on
one host.
This is my attempt at specialization. Should I switch to the
outbound/inbound model and run a filter on each host? That would require
a lot of re-wiring. It implies the public MX, the inbound MTA, also be
the IMAP host because that's where inbound-clean mail goes. (Unless I
have a third host that only does IMAP and recieves in from the inbound
MTA via LMTP.)
-Daniel
