Hello,
I am trying to set up MailScanner using Postfix on Suse 9.3. It will just scan mail and afterward pass it on to another mail server. I am looking at the documentation, but I can't tell how to chroot jail in /var/spool/postfix. Can someone shed some light on this for me? Many thanks in advance, ~James -- Check the headers for your unsubscription address For additional commands send e-mail to [hidden email] Also check the archives at http://lists.suse.com Please read the FAQs: [hidden email] |
[hidden email] wrote:
> Hello, > > I am trying to set up MailScanner using Postfix on Suse 9.3. It will > just scan mail and afterward pass it on to another mail server. I am > looking at the documentation, but I can't tell how to chroot jail in > /var/spool/postfix. Can someone shed some light on this for me? Postfix daemons can be chroot when the corresponding flag (fifth column) is set in master.cf. Which daemon do you want to chroot? Here are some how-to's about Postfix chroot: http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup http://www.postfix.org/INSTALL.html#hamlet PS: You might want to know that Mailscanner uses unsupported features of Postfix, so you can not expect a lot of support from the postfix mailing list. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- Check the headers for your unsubscription address For additional commands send e-mail to [hidden email] Also check the archives at http://lists.suse.com Please read the FAQs: [hidden email] |
In reply to this post by jdelaparra
>> >> I am trying to set up MailScanner using Postfix on Suse 9.3. It will >> just scan mail and afterward pass it on to another mail server. I am >> looking at the documentation, but I can't tell how to chroot jail in >> /var/spool/postfix. Can someone shed some light on this for me? > >Postfix daemons can be chroot when the corresponding flag (fifth column) >is set in master.cf. Which daemon do you want to chroot? > >Here are some how-to's about Postfix chroot: > >http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup >http://www.postfix.org/INSTALL.html#hamlet > >PS: You might want to know that Mailscanner uses unsupported features of >Postfix, so you can not expect a lot of support from the postfix mailing list. Thank you Sandy. I am in a total bind here. I was running MailScanner & Sendmail on Mandrake, but that server crashed completely. I was working on the Suse box as an eventual replacement, but now I need to get it up and running as quickly as possible. Oh boy! I am looking at the Postfix main.cf, but I don't see where to chroot the daemon; # LOCAL PATHNAME INFORMATION # # The queue_directory specifies the location of the Postfix queue. # This is also the root directory of Postfix daemons that run chrooted. # See the files in examples/chroot-setup for setting up Postfix chroot # environments on different UNIX systems. # queue_directory = /var/spool/postfix The chroot-setup dir has a script for Suse 5.3 What is the best way to do this? Again, thank you. ~James -- Check the headers for your unsubscription address For additional commands send e-mail to [hidden email] Also check the archives at http://lists.suse.com Please read the FAQs: [hidden email] |
JDP wrote:
> >>> I am trying to set up MailScanner using Postfix on Suse 9.3. It >>> will just scan mail and afterward pass it on to another mail >>> server. I am looking at the documentation, but I can't tell how to >>> chroot jail in /var/spool/postfix. Can someone shed some light on >>> this for me? >> Postfix daemons can be chroot when the corresponding flag (fifth >> column) is set in master.cf. Which daemon do you want to chroot? >> >> Here are some how-to's about Postfix chroot: >> >> http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup >> http://www.postfix.org/INSTALL.html#hamlet >> >> PS: You might want to know that Mailscanner uses unsupported features >> of Postfix, so you can not expect a lot of support from the postfix >> mailing list. > > Thank you Sandy. I am in a total bind here. I was running MailScanner & > Sendmail on Mandrake, but that server crashed completely. I was > working on the Suse box as an eventual replacement, but now I need to > get it up and running as quickly as possible. Oh boy! Okay, that is a priority. I can't help you with the Mailscanner integration, unfortunately. Was it the heat? > I am looking at the Postfix main.cf, but I don't see where to chroot > the daemon; # LOCAL PATHNAME INFORMATION # # The queue_directory > specifies the location of the Postfix queue. # This is also the root > directory of Postfix daemons that run chrooted. # See the files in > examples/chroot-setup for setting up Postfix chroot # environments on > different UNIX systems. # queue_directory = /var/spool/postfix > > The chroot-setup dir has a script for Suse 5.3 > > What is the best way to do this? Hm, perhaps you are working on the basis of uncorrect assumptions. Postfix is composed of different daemons for different tasks, it is not a monolithic beast like sendmail 8.x, more like Sendmail X. Postfix is also very concerned about security, the only incident I can recall in the last years was introduced by a third-party TLS-Patch for Postfix 2.1. So I wouldn't worry too much about chrooting the daemons if you're in a hurry to set up the system. In the master.cf you can see lines for most of the daemons. ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - 100 smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil ^ | Change here to "y" or "-" for chroot execution. Though you should be aware that chroot installations are not easy. I haven't bothered till now to set up a chroot environment. Depending on your setup you might run into problems, such as connections to mysql database breaking, no name server resolution for smtp delivery etc. You can try the chroot-setup script. In your case, it might even work since you are setting up a pure relay server without local delivery. I would suggest you start without chroot, then set up a test environment wher you can test your installation without dead line pressure. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- Check the headers for your unsubscription address For additional commands send e-mail to [hidden email] Also check the archives at http://lists.suse.com Please read the FAQs: [hidden email] |
In reply to this post by jdelaparra
Hello Sandy,
Just want to thank you for all of your help and suggestions on getting Postfix running. The ultimate problem was with the configuration of spamassassin and mailscanner. Best regards, James -- Check the headers for your unsubscription address For additional commands send e-mail to [hidden email] Also check the archives at http://lists.suse.com Please read the FAQs: [hidden email] |
James D. Parra wrote:
> Hello Sandy, > > Just want to thank you for all of your help and suggestions on getting > Postfix running. The ultimate problem was with the configuration of > spamassassin and mailscanner. Hello James, good to know that your server is up and running again. If you would like we can tune the configuration to reject most of the spam right away without the need to process them with mailscanner. (^-^) I usually reject about 90-95% of attempted spam deliveries with Postfix checks alone. It saves a lot of resources and even more important it saves the time to check them by hand, which is necessary even when spamassassin already marks them as spam (it's a bad idea to delete mails automatically). It's also advisable to set up a kind of report or log review, so you know what happened on your system during the day. pflogsumm and mailgraph for example are easy to set up and give you a fast overview what happens on your system. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- Check the headers for your unsubscription address For additional commands send e-mail to [hidden email] Also check the archives at http://lists.suse.com Please read the FAQs: [hidden email] |
* Sandy Drobic <[hidden email]> [08-07-06 13:25]:
> If you would like we can tune the configuration to reject most of the > spam right away without the need to process them with mailscanner. > (^-^) I've been following this with interest. Please go ahead and hit the high points to accomplish the above. tks, -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2 -- Check the headers for your unsubscription address For additional commands send e-mail to [hidden email] Also check the archives at http://lists.suse.com Please read the FAQs: [hidden email] |
In reply to this post by Sandy Drobic
Sandy Drobic wrote:
> I usually reject about 90-95% of attempted spam deliveries with > Postfix checks alone. greylisting I presume? /Per Jessen, Zürich -- Check the headers for your unsubscription address For additional commands send e-mail to [hidden email] Also check the archives at http://lists.suse.com Please read the FAQs: [hidden email] |
Per Jessen wrote:
> Sandy Drobic wrote: > >> I usually reject about 90-95% of attempted spam deliveries with >> Postfix checks alone. > > greylisting I presume? Not yet, I am still testing greylisting on my server at home. It's the cumulative result of HELO-, client- and sender-checks, RBLs and a bit of tuning, a smaller percentage of spam is rejected due to message id checks. What kind of checks are usable depends on your situation, of course. As a company I can afford to apply stricter checks than a hosting ISP, for example. Now, with Postfix 2.3 and Milter, I'll probably use domain key checks in addition to greylisting soon. Since there seems to be a bit of general interest, maybe we can put together some guide lines and experiences about fighting spam with Postfix, so people can find it through the archives. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- Check the headers for your unsubscription address For additional commands send e-mail to [hidden email] Also check the archives at http://lists.suse.com Please read the FAQs: [hidden email] |
Free forum by Nabble | Edit this page |