Date: Wed, 03 Sep 2003 23:17:12 +0200 From: Andreas Zeidler Subject: [AMaViS-user] smtp only setup with exim 3.x (request for comments) To: AMaViS-user Message-id: <20030903211712.GA12537@kreativkombinat.de> hi, during the last two days i've finally found some time to setup amavisd-new with exim v3, clamav and spamassassin. after looking around the web for a sample configuration, i found some remarks about shortcomings of the amavis.c approach [1]. that is, feeding the mail in question to amavisd by defining a transport like ... amavis: driver = pipe command = "/usr/sbin/amavis ${sender_address} ${pipe_addresses}" also, judging from the comments in amavisd.conf, it seemed to me that returning the now checked mail by... $forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}'; is not preferable to using regular smtp. while i've read about those problems, i do not know under which exact circumstances the above methods would cause trouble. anyway, putting together several pieces and reading the exim documentation i've come up with a setup that uses smtp both ways and seems to work fine so far (it's been running for some 24 hours on our mail server now). so, the reason i'm writing is that i'd like some comments about this setup, since i wouldn't know enough details to be sure there are no other problems with it. following are the relevant parts from the configuration of amavisd and exim. clamd and spamd are installed with their respective default configuration. the transport is defined as... amavis: driver = smtp hosts = localhost port = 10024 allow_localhost # transport_filter = "/usr/bin/spamc" which causes exim to relay the mail to amavisd listening on the local port 10024 (the default). thanks to a (indeed) neat suggestion [2] the need for a second round-trip through spamassassin and several more (exim) drivers is gone by using spamc as a transport filter. also, the generated spam-headers are conserved nicely. the transport method for the way back is defined (in amavisd.conf), so that the mail is re-injected into exim on the regular smtp port. afaik exim 3.3 doesn't support listening on several ports at once, so port 10025 is not possible... $forward_method = 'smtp:127.0.0.1:25'; $notify_method = $forward_method; $localhost_name = "amavis"; $relayhost_is_client = 0; the 'localhost_name' setting is necessary in order to distinguish amavis from other processes using smtp via localhost. the director is defined accordingly... amavis_director: condition = "${if and {{eq {$sender_host_address}{127.0.0.1}} \ {eq {$sender_helo_name}{amavis}}} {0}{1}}" driver = smartuser transport = amavis verify = false the condition tests against the helo name provided by amavis and set up in amavisd.conf as described above. at the same time this is the only flaw i can see with this setup so far. a local user could use this helo name to prevent the mail from being scanned by amavis, but on the other hand that's also possible with the suggested setup for exim 4.x (re-injecting through port 10025). also, at least on our mail server local users are pretty rare, so that's no problem... for exim to receive a proper sender address it is also necessary to make the user running amavisd trusted... trusted_users = mail:amavis finally, if outgoing mail should be scanned as well, a possible definition for a route could be... amavis_router: condition = "${if and {{eq {$sender_host_address}{127.0.0.1}} \ {eq {$sender_helo_name}{amavis}}} {0}{1}}" driver = domainlist transport = amavis route_list = "* localhost byname" verify = false self = send i think that's about everything relevant. like i said, this setup is working fine here so far. what do you think? would this be an okay way to run things or are there problems to be expected? take care, andi [1] http://marc.theaimsgroup.com/?t=103014542500001&r=1&w=2 [2] http://marc.theaimsgroup.com/?l=exim-users&m=102977722707468&w=2 -- Kreativkombinat GbR Konrad-Adenauer-Allee 25 * 86150 Augsburg Telefon +49 821 4441269 * Fax +49 821 4401310 Web http://www.kreativkombinat.de/