Aw: *** GMX Spamverdacht *** Re: Kolab without spam and virus protection

guldendraak at gmx.net guldendraak at gmx.net
Tue Jul 12 19:09:47 CEST 2016


After investigating the internal mail flow, I am currently testing the following settings:

- entirely comment out smtp-amavis and 127.0.0.1:10025 in postfix master.cf (optional, just disables these processes)
- set content_filter = smtp-wallace:[127.0.0.1]:10026 in postfix main.cf

To my understanding, this should simply bypass amavisd and directly use wallace (which in turn injects mail back into postfix over port 10027). Since amavisd apparently looks up some settings on a per user basis in LDAP such as message size restrictions, possibly some email policy settings will be skipped as a result of the above changes. Does anyone know if the LDAP settings for amavisd are actually used by the Kolab email policies? If yes, how would they be administered?

Cheers

>
> Hello Matthias and others,  this is incorrect, unfortunately I just copied it 
> from my notes, not the config files. 
> 
> amavisd forwards the emails back into port 10027 which is the postfix 
> listener.  smtp:[127.0.0.1]:10027
> 
> I've checked this with a new install of kolab.
> 
> sorry for any confusion,
> 
> Marko
>  
> 
> On Tue, 12 Jul 2016 07:47:59 PM Mark Berndt wrote:
> > Hello Matthias and others,
> > 
> >  I found in amavisd.conf section:
> > $policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our
> > users forward_method => 'smtp:[127.0.0.1]:10026'
> > 
> > 
> > which indicates amavis injects directly into wallace.  I was surprised to
> > see it like that.
> > 
> > I am using kolab 16 on centos7.
> > 
> > with kind regards,
> > 
> > Marko
> > 
> > On Tue, 12 Jul 2016 10:13:40 AM Matthias Hütter wrote:
> > > Hello,
> > > 
> > > i´m not sure if my way of disabling amavis is the correct one, but
> > > anyway it works for some time now.
> > > 
> > > i disabled amavis in master.cf
> > > 
> > > # Filter email through Amavisd
> > > #smtp-amavis unix - - n - 3 smtp
> > > # -o smtp_data_done_timeout=1800
> > > # -o disable_dns_lookups=yes
> > > # -o smtp_send_xforward_command=yes
> > > # -o max_use=20
> > > # -o smtp_bind_address=127.0.0.1
> > > 
> > > i don´t think amavis injects mail directly to wallace. Amavis re-injects
> > > mails into Postfix to port 10025 and Postfix injects them into Wallace
> > > to 10026.
> > > 
> > > I think if amavis does not re-inject any mails postifx sends them to
> > > wallace via unix socket.
> > > 
> > > # Filter email through Wallace
> > > smtp-wallace unix - - n - 3 smtp
> > > ...
> > > 
> > > ---
> > > Mit freundlichen Grüßen/ Best Regards
> > > 
> > >  MATTHIAS
> > > 
> > > Am 12.07.2016 09:14, schrieb Mark Berndt:
> > > > I don't think that is easy because after scanning, amavis injects the
> > > > mail
> > > > into wallace on port 10027.   Removing amavis would break the chain
> > > > unless
> > > > postfix master.cf was suitably adjusted which is outside my area of
> > > > expertise.
> > > > 
> > > > There would be almost no performance overhead by calling the amavis
> > 
> > daemon
> > 
> > > > configured not to spam or virus check.
> > > > 
> > > > Marko
> > > > 
> > > > On Tue, 12 Jul 2016 09:02:26 AM guldendraak at gmx.net wrote: Great, thanks
> > > > for the hint! Would it also be possible to entirely go without amavisd,
> > > > i.e. not even starting the amavisd system service? I am guessing that
> > > > would involve some tweaking of the postfix master.cf definitions. in the
> > > > top of the /etc/amavisd/amavisd.conf file you can gloablly disable what
> > > > amavis checks.  This should not effect the kolab installation, since
> > > > amavis is still called, but not doing anything.
> > > > 
> > > > cheers
> > > > Marko
> > > > 
> > > > On Mon, 11 Jul 2016 09:58:48 PM guldendraak at gmx.net wrote: Greetings
> > > > list
> > > > 
> > > > is it possible to disable the anti spam and anti virus capabilities
> > > > built
> > > > into Kolab without breaking other things? From what I gathered through
> > > > the
> > > > documentation, simply disabling the content filter in postfix (which
> > > > would
> > > > - to my understanding - amount to removing the content_filter and the
> > > > check_policy_service directives) would probably break some other things.
> > > > Reason for asking is that using DNS black lists and grey listing works
> > > > really well for me as spam protection.
> > > > 
> > > > Thanks!
> > > > _______________________________________________
> > > > users mailing list
> > > > users at lists.kolab.org
> > > > https://lists.kolab.org/mailman/listinfo/users
> > > > _______________________________________________
> > > > users mailing list
> > > > users at lists.kolab.org
> > > > https://lists.kolab.org/mailman/listinfo/users
> > > 
> > > _______________________________________________
> > > users mailing list
> > > users at lists.kolab.org
> > > https://lists.kolab.org/mailman/listinfo/users
> > > _______________________________________________
> > > users mailing list
> > > users at lists.kolab.org
> > > https://lists.kolab.org/mailman/listinfo/users
> 
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
>


More information about the users mailing list