Re: [AMaViS-user] help with forward_method

On Apr 16, 2008, at 2:57 PM, Gary V wrote:

> On 4/16/08, jeff donovan <donovan@beth.k12.pa.us> wrote:
>> greetings
>>
>> i am using amavis to forward to an internal relay.
>> $forward_method = 'smtp:10.10.10.1'
>> I have recently setup 2 new smtp relays running SSL only port 465
>>
>> i have setup round robin DNS names
>>
>> can i use a this config ?
>>
>> $forward_method = 'smtp:smtp.example.com:465'
>>
>> or do I have to use an IP address ?
>>
>
> Well, since the test brelow shows a delivery attempt was made, it
> appears you can use a hostname. Now, whether round robin works or not
> I couldn't say. I have no idea whether an MX lookup will occur or not.
>
>> first test:
>>
>> amavis29122: (29122-09) mail_via_smtp: 530 5.5.0 Rejected by MTA: 530
>> Must issue a STARTTLS command first, id=29122-09
>>
>> okay,..this tells me I'm missing something. ssl Authentication from
>> amavis to the internal smtp relay.
>> is there a better way to do this ?
>> help>?
>>
>> tia
>>
>> -j
>
> Is Postfix running on the machine that amavisd-new is running on?
yes
>
> Hopefully amavisd-new is not facing the Internet "in the raw"
no i have 2 MX servers handling the brunt of the garbage. they then
forward to a machine dedicated to scanning, ClamAv/SA assortment of
cocktails.
> so to
> speak. More details of your traffic flow (before amavisd-new) might be
> of use. If Postfix is running on the same machine, one option might be
> to forward to localhost and then configure Postifx as a sasl client.
> Because amavisd-new is usually the bottleneck, it's a bit rare to have
> an amavisd-new process feeding more than one host. It's less rare the
> other way around.

the server will then pitch off to an internal set of relay boxes that
knows in detail about my clients.
>> $forward_method = 'smtp:10.10.10.1'
instead of a local delivery.
( this method is working now ) looking to load balance incoming traffic.

>
>
> If you trust all the mail that comes from the amavisd-new host, and if
> you can use a hostname in the $forward_method, simply open a special
> port (like 2525 or something - something that does not use sasl auth)

k--
yes i do trust the scanned data. so your saying " tell postfix on the
relay systems accept connections on another port ? or do I have to run
another instance of postfix?

>
> on the two downstream servers that only allows connections from the
> amavisd-new host. Send the mail there and observe what happens. Either
> they will both get mail, or only one will get mail.
>
> Sorry for the incomplete answer. Of course, Mark knows how this stuff
> actually works, whereas I just try stuff and draw conclusions from
> observation.
>
>
nah thanks for the reply,.. it helps me a great deal when i get
stuck. I wish i knew everything, .....but then what would i do all day?
-jeff


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/