Scalix and Postfix

[chris]

Hello Scalixers,

I am looking at integrating SpamAssassin into a Scalix environment, and have learned that the omsmtp will not be the direct relay in this case, rather sendmail should listen on external:25.

Well, since anything sendmail can do, postfix can do better, i am going to try to get postfix on external:25 relaying to omsmtpd on localhost.

Has anyone got experience doing this? I will post about it when it works / why it doesn't work, just hoping for some ideas / things to avoid.

Thanks for your input!

Chris Meidinger // chris@edg3.org

[chris]

This turns out to be super easy: just setup postfix as you normally would, and configure the relays for your domains to the omsmtpd running on the same interface and you're done.

I haven't finished experimenting with ALL-ROUTES.VIR for Mails that have already been virus-scanned externally but i think that should end up working .... we'll see.

Cheers,

Chris

[robertsiedl]

Hi Chris,

can you send me a short howto, as you have configure postfix with scalix? My email: robert.siedl@sin.co.at

Thank you.

Robert

[chris]

Hi Robert,

the Howto is basically this:

Step 1: Take any Postfix howto you like, and setup postfix as you normally would.
Step 2: Configure Postfix to relay $mydomain to Scalix which you should reconfigure to run on some other port. (Generally speaking, count the ports from 10025 up. Scalix will end up on 10027 or something like that.)
Step 3: Have a coffee.

I don't have a full postfix howto available, but just look for a postfix+tls+amavisd howto and setup the relay and you're done.

You can email support@scalix.com for a Howto about getting Scalix to work with Spam-Assassin and just substitute postfix for sendmail.

Feel free to post / email with specific questions. If i do this again (which i may with postfix-cvs) then i'll document the steps and post a full howto from source to production.

Cheers,

Chris

[florian]

i might need to add anyway that Scalix is currently not supported with postfix, just sendmail. It will probably work in many cases, you should be aware though that in some configurations, namely multi server, potential problems are to be expected.

now... do kick off this discussion - what advantage would postfix have over sendmail in a scalix context?

cheers,
Florian

[chris]

Hi Florian,

Postfix is *much* more modular than sendmail. By listening with postfix on the external interface, it becomes extremly easy to add content filtering. Basically, any content filter that can listen on a tcp socket postfix can use to filter mail.

That means that I can use daemons on both the postfix system as well as external systems to filter / archive / eat / sign etc. mail.

For example, my current setup:

Internet -> Port 25 -> Postfix -> Spam Assassin -> Postfix -> ClamAV -> Postfix -> Ciphire Gateway -> Postfix -> Scalix.

Postfix performs all the routing between the different filters and then delivers what's left to Scalix.

Using sendmail to do all that would be *very* difficult. I'm not a sendmail expert (milters scare me) but i *think* I would have to run multiple instances of sendmail to integrate a service like Ciphire (secure encrypted mail gateway) unless i was willing to write a special milter for it.

In postfix, on the other hand, i only need 2 lines of configuration. Nice, isn't it?

The next thing is archival. Some organizations need to archive *every* mail that traverses the gateway. In order to do that, i just tell postfix to route the mails to an archival engine before they get to spam assassin. Easy, huh?

Cheers,

Chris Meidinger

[florian]

Chris,

you might be laughing when you here that I'm just now sitting in to the keynote at Magdeburg Mailserver conference; keynote is given by Wietse Venema, whose name you should probably recognize!

Sure, I do see your point and I just wanted someone to have it spoken out here!

I must add, though, that all of the stuff can also be done using sendmail; for archiving, there is even an interface available on the service router which is more useful because it also archives internal messages! see our admin guide for details on this interface. (it uses SMTP, so you should be fine!).

Scalix is constantly evaluating platform support; postfix has been mentioned a number of times and we are certainly watching.

I still want to repeat that there is no official support for such configurations and you should not proceed with them without good reason! :-)

-- Florian

[chris]

Hi Florian,

I was thinking about going to Heinlein's Conference, but had a couple of conflicts. Is it as good as it looked?

I recognize his name, he just doesn't recognize mine.

The problem with archiving on the internal MTA is that you miss the spam/viruses and crap. I am not familiar with the US specific regulations, but I'm under the impression that some organizations may have to archive everything that traverses the gateway. It depends who reads the laws ....

Well stop evaluating postfix and just switch! I can't imagine any reason to go to sendmail.

It doesn't matter if there's support, this daemon acts like an external relay. It doesn't matter if it's on the same machine or one U higher in the rack. Whatever postfix thinks need to go to scalix will get there......

Cheers, and enjoy the conference!!

Chris

[florian]

it actually is - i was mainly here on a mission, scalix took part in the groupware podium discussion this afternoon as the only commercial product next to exchange4linux, opengroupware and kolab.

I'll put in an enhancement request and we shall continue to discuss....

As for spam/virus, the legal topics are up for tomorrow; virus scanning could be integrated in the service router, this leaves us with anti-spam where you probably can't drop the messages anyway for legal reasons, but just mark them...

thing is... postfix is just a change, requires full and thorough testing. not as easy as it sounds as sclalix also uses sendmail in a slightly different way (as a transport as opposed to a gateway) in a multi-server configuration....

anyway, I'll raise it again. :-) vietse is nice to listen to....