how to secure smtp server (postfix + SA + vexira + anomy sanitizer)

Hi!

I want to setup my server this way:

internet --> 25:postfix ---> pipe:anomy sanitizer --> pipe:SpamAssassin --->
10024:vexira ---> 10025: postfix unfiltered

^
here is tricky
part ---------------------------------------------------------

In master.cf I set:

smtp inet n - n - - smtpd -o
content_filter=filter
filter unix - n n - - pipe
flags=Rq user=sanitizer
argv=/usr/share/anomy-sanitizer/sample_mailfiler.sh -f ${sender} --
${recipient}

And sample_mailfiler.sh (short version):

....
${CAT} \
| ${ANOMY_BIN} ${ANOMY_CONF} 2>>${ANOMY_LOG} \
| ${SPAMC} -f -u ${SPAMC_USER} 2>${SPAMC_LOG} \
| ${SENDMAIL} "$@" || \
{ echo ${MSG_CONTENT_REJECTED}; exit ${EX_UNAVAILABLE}; }
....

I have problem with SA -> vexira part. I dont know how to inject mail from
pipe to vexira port 10024 (which uses smtp protocol). I can't use sendmail
program because it doesn't allow send with different configuration than in
main.cf/master.cf. I can't use amavisd-new because I can't configure it with
vexira. I have no other ideas how to make these things work together :-(

"Milo Minderbinder" <milo@mail.ru> wrote in message news:<ck1p3j$9al$1@mamut1.aster.pl>...
> Hi!
>
> I want to setup my server this way:
>
> internet --> 25:postfix ---> pipe:anomy sanitizer --> pipe:SpamAssassin --->
> 10024:vexira ---> 10025: postfix unfiltered
>
> ^
> here is tricky
> part ---------------------------------------------------------
>
> In master.cf I set:
>
> smtp inet n - n - - smtpd -o
> content_filter=filter
> filter unix - n n - - pipe
> flags=Rq user=sanitizer
> argv=/usr/share/anomy-sanitizer/sample_mailfiler.sh -f ${sender} --
> ${recipient}
>
> And sample_mailfiler.sh (short version):
>
> ...
> ${CAT} \
> | ${ANOMY_BIN} ${ANOMY_CONF} 2>>${ANOMY_LOG} \
> | ${SPAMC} -f -u ${SPAMC_USER} 2>${SPAMC_LOG} \
> | ${SENDMAIL} "$@" || \
> { echo ${MSG_CONTENT_REJECTED}; exit ${EX_UNAVAILABLE}; }
> ...
>
> I have problem with SA -> vexira part. I dont know how to inject mail from
> pipe to vexira port 10024 (which uses smtp protocol). I can't use sendmail
> program because it doesn't allow send with different configuration than in
> main.cf/master.cf. I can't use amavisd-new because I can't configure it with
> vexira. I have no other ideas how to make these things work together :-(

Hi,

I did exactly the same setup last week. The way I did this is I wrote
a very ugly small Perl script that receives email from Postfix through
PIPE and sends it to Anomy and Spamassassin (PIPE). After it re-inject
the email to Vexira via SMTP on port 10025.

Here is the config for the MASTER.CF file. The line
content_filter=<empty> is very important.

localhost:10025 inet n - n - 10 smtpd
-o content_filter=
-o myhostname=injector.<your domain>.com
-o mynetworks=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o receive_override_options=no_header_body_checks
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o transport_maps=hash:/etc/postfix/emptytransport

# Anomy and SpamAssassin filter
filter unix - n n - 10 pipe
flags=Rq user=uucp argv=/var/spool/filter/filter.pl ${sender}
${recipient}

In MAIN.CF you have to have the line : content_filter = filter

This will send all messages to your filter wich will send messages to
Anomy, Spamassassin and Vexira.

The script is at http://www.mxwatch.com/filter.txt

There is A LOT of things that I should improve in this script. Most
important it has NO error verification at all :-(((. It's in my todo
list or if you do it send me the result back :-)

I tested this script on Linux (RedHat/Fedora) and FreeBSD with
success.

Best Regards,
Daniel