Re: unix:lmtp vs /usr/cyrus/bin/deliver ?
Henrique de Moraes Holschuh wrote: On Tue, 21 Jan 2003, Thomas Hannan wrote: Anyways, with the AMaViS virus filtering, could you clarify a bit? Does your Get amavisd-new, tell your MTA to deliver to amavisd-new through SMTP, then deliver it back to the MTA through SMTP, and let it deliver to Cyrus through LMTP. Trivial to do with postfix, if you read the docs... and *very* fast. You don't interface amavisd-new directly to cyrus (although you COULD do so) so that it can generate bounces, and do some intelligent per-user processing. Besides, it is safer to have it send the messages back to a MTA. Actually, the very latest release of amavisd-new fully supports using LMTP to send the messages on after scanning, so it can be used to send them to Cyrus in LMTP mode. It can then generate DSNs if necessary and send them out via whatever SMTP MTA you are using.
Re: unix:lmtp vs /usr/cyrus/bin/deliver ?
On Tue, 21 Jan 2003, Thomas Hannan wrote: > Thanks for the clarification. i have to admit that I'd never worked with LMTP > before I undertook this project... > > Anyways, with the AMaViS virus filtering, could you clarify a bit? Does your > MX point to an AMaViS server which then forwards to your Postfix/Cyrus box? > (MX) --> [AMaViS-smtp1] --> [Postfix-smtp2] ? > Or is it something different? For some reason I thought that most filtering > solutions worked between the SMTP process and the message store (as in a > /bin/deliver replacement). (Oh, and I'm assuming that hosting multiple > domains doesn't complicate this?) Well, they probably were originally, and my method is mostly the same, only instead of piping to a script, I simply open a socket to SMTP. The AMaViS smtp server is extremely simple, and doesn't take any consideration of spammers, relay, etc. All it does is take in, filter, and spit out, therefore you don't want to run something like that on an open network port. The docs recommend running it on the localhost (127.0.0.1) interface so that it's only accessible from the local machine. Essentially my setup receives all mail externally and internally with postfix. Postfix is then configured to router mail through AMaViS's smtp daemon and listen on the outport for AMaViS for filtered email. > If you wouldn't mind sharing a config file I'd appreciate it ... I'll take this off list. -peace -- Let he who is without clue kiss my ass
Re: unix:lmtp vs /usr/cyrus/bin/deliver ?
On Tue, 21 Jan 2003, Thomas Hannan wrote: > Anyways, with the AMaViS virus filtering, could you clarify a bit? Does your Get amavisd-new, tell your MTA to deliver to amavisd-new through SMTP, then deliver it back to the MTA through SMTP, and let it deliver to Cyrus through LMTP. Trivial to do with postfix, if you read the docs... and *very* fast. You don't interface amavisd-new directly to cyrus (although you COULD do so) so that it can generate bounces, and do some intelligent per-user processing. Besides, it is safer to have it send the messages back to a MTA. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
Re: unix:lmtp vs /usr/cyrus/bin/deliver ?
On Monday 20 January 2003 19:52, Kendrick Vargas wrote: Thanks for the clarification. i have to admit that I'd never worked with LMTP before I undertook this project... Anyways, with the AMaViS virus filtering, could you clarify a bit? Does your MX point to an AMaViS server which then forwards to your Postfix/Cyrus box? (MX) --> [AMaViS-smtp1] --> [Postfix-smtp2] ? Or is it something different? For some reason I thought that most filtering solutions worked between the SMTP process and the message store (as in a /bin/deliver replacement). (Oh, and I'm assuming that hosting multiple domains doesn't complicate this?) If you wouldn't mind sharing a config file I'd appreciate it ... Thanks, Thomas > The deliver method is gonna be more costly in terms of resources than > lmtp. Every time postfix is going to deliver the mail, it has to spawn a > shell which loads the binary every time, chews up memory, etc, just to > deliver mail. With lmtp, cyrus is allready spawning and listening on a > socket and all postfix has to do is open and write to the socket. Not to > mention that you'll have permissions and security issues with the deliver > method over the lmtp method. > > If you're worried about filter flexibility, don't. Postfix is very > flexible in this sense. I use AMaViS with my server (several domains) and > I have it running as a local only smtp daemon, and I essentially redirect > email through it to provide the filtering. It's alot safer this way. I > have spam filtering defined as a postfix content filter but I could do it > as a smtp redirect as well. > -peace
Re: unix:lmtp vs /usr/cyrus/bin/deliver ?
On Mon, 20 Jan 2003, Thomas Hannan wrote: > Are there any performance/security issues using one method versus the > other? Would one offer me greater flexibility in doing spam filtering (via > regex and/or blacklists), antivirus checking, etc? > > We handle mail for 3 domains, and don't have anything too fancy set up for > user authentication on the IMAP side... The deliver method is gonna be more costly in terms of resources than lmtp. Every time postfix is going to deliver the mail, it has to spawn a shell which loads the binary every time, chews up memory, etc, just to deliver mail. With lmtp, cyrus is allready spawning and listening on a socket and all postfix has to do is open and write to the socket. Not to mention that you'll have permissions and security issues with the deliver method over the lmtp method. If you're worried about filter flexibility, don't. Postfix is very flexible in this sense. I use AMaViS with my server (several domains) and I have it running as a local only smtp daemon, and I essentially redirect email through it to provide the filtering. It's alot safer this way. I have spam filtering defined as a postfix content filter but I could do it as a smtp redirect as well. -peace -- Let he who is without clue kiss my ass
unix:lmtp vs /usr/cyrus/bin/deliver ?
Hi all,
I'm working on a Postfix+Cyrus IMAPd system, and am looking at whether to
have Postfix deliver mail to Cyrus via a unix lmtp socket
(/var/imap/socket/lmtp)
in /etc/postfix/main.cf:
mailbox_transport (or local_transport) = lmtp:unix:/var/imap/socket/lmtp
in /etc/postfix/master.cf:
lmtp unix --n -- lmtp
and in /etc/cyrus.conf under SERVICES:
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
**OR** use /usr/cyrus/bin/deliver as follows:
in /etc/postfix/master.cf
cyrus unix - n n - - pipe
flags= user=cyrus argv=/usr/cyrus/bin/deliver -r ${sender} -m
${extension} ${user}
in /etc/postfix/main.cf:
mailbox_transport = cyrus
Are there any performance/security issues using one method versus the
other? Would one offer me greater flexibility in doing spam filtering (via
regex and/or blacklists), antivirus checking, etc?
We handle mail for 3 domains, and don't have anything too fancy set up for
user authentication on the IMAP side...
Thanks much!
Thomas Hannan
