Basic configuration concepts
in Postfix
The main configurations files of Postfix are in
/etc/postfix. You can change main.cf to config 300+
parameters for Postfix. Either you can edit the file
directly, e.g. add a line
'content_filter=smtp:[127.0.0.1]:2526, or use the command
postconf: postconf -e
'content_filter=smtp:[127.0.0.1]:2526'.
There are alias, access, transport, virtual files in
/etc/postfix, these files are for different kinds of
mapping.
After changing these files, you must rebuild the db file by
postmap, e.g.
postmap hash:/etc/postfix/transport
remember to change alias_maps and alias_database
parameters in /etc/main.cf, pointing to the correct aliases
file. By default, the aliases file is located in /etc/. The
postfix style command for build alias database is
postalias hash:/etc/postfix/aliases
(your aliases file path)
Change the original mail server
In this gateway, Postfix will NOT handle any kinds of
local delivery. The original mail server is changed to
listen port 26. Here are few examples how to change the
listen port.
Sendmail:
Edit /etc/mail/sendmail.mc, find the line contains
Port=smtp,Name=MTA,Addr=...... , change to Port=26
Qmail:
Edit /var/qmail/supervise/qmail-smtpd (or equivalent
file):
exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb \
-u $QMAILDUID -g $NOFILESGID 0 smtp
/var/qmail/bin/qmail-smtpd 2>&1
change smtp to 26
Courier
Locate your courier configuration file esmtpd, look in
/etc/courier, or /usr/local/etc/courier
change PORT=26
The emails goes into Postfix through port 25, after
scanning, they will be forwarded to the original mail server
on port 26. In order to prevent open relaying, sasl
authentication must be setup. The alternative solution is
setting restrictions on senders.
Configure NOD32
The configuration files of NOD32 is located in
/etc/nod32. Key in your username and password in
/etc/nod32/nod32.auth for update. For security reason, you
are recommended to chmod 400 on the file.
Notification can be enabled by adding the line
exec_script = yes
in /etc/nod32/nod32.cfg, edit nod32d_script with your
favourite format.
Add the following line in main.cf:
content_filter=smtp:[127.0.0.1]:2526
And the following in master.cf
localhost:2525 inet n - n - 10 smtpd
-o local_recipient_maps=
-o content_filter=
-o myhostname=nod32.dummydomain.com
-o disable_dns_lookups=yes
After installing NOD32, you are recommended to put a
shortcut of /usr/sbin/nod32_update in /etc/cron.hourly, so
NOD32 check updates every hour.
Configure a gateway
First we have to give a hostname for Postfx, why? As
Postfix delivers emails to the original email server after
scanning, the 2 email servers cannot have the same hostname.
Edit main.cf:
myhostname=nod32gateway.domain.com
customize the smtp banner (for fun) as you like
smtpd_banner = $myhostname Virus Gateway
The next is relayhost parameter, Postfix uses this as the
default next hop
relayhost=127.0.0.1:26
Then we have to disable local delivery, and make emails
for local domain deliver to the original mail server. Here
we use the transport map. Setup the transport_maps parameter
in main.cf,
transport_maps = hash:/etc/postfix/transport
default_transport = smtp
Add the follow line in /etc/postfix/transport, rebuild
transport map afterwards
domain.com smtp:[127.0.0.1]:26
.domain.com smtp:[127.0.0.1]:26
(If you have other sub domains)
Everythng is OK now. Restart the original mail server,
and run the gateway.
postfix start
service nod32smtp start
service nod32d start
Other issues
Installing Postix over the original mail server will
overwrite the original sendmail program, if you want to keep
the old one, backup the sendmail program in /usr/bin (or in
somewhere). If you have a webmail, you may have to correct
your sendmail path in your webmail configuration file.
It is advisable for you to disable the incoming access of
port 26, 2525 and 2526, otherwise your mail server may
become an open relay host. |
