FRISK Software International

Scanning e-mails in-transit in Postfix
5.5 Scanning e-mails in-transit in Postfix
 

This section applies to F-PROT Antivirus for UNIX Mail Server version only

The installation script install-f-prot.pl can automatically configure [sendmail|postfix|qmail] for in-transit scanning. This section describes how to do this manually.

In-transit mail scanning in Postfix can be achieved using the postfix mode of the Mail Scanner. To achieve this functionality, Postfix must be configured to use an external filter at a given address, and run another SMTP daemon that doesn't use the external filter. Postfix's default SMTP daemon will then send the messages to the external filter. The external filter then contacts the SMTP daemon that is not filter enabled and the message will resume its course.

An example of this type of configuration would be to run the Mail Scanner on port 10025 and the non-filter enabled SMTP on port 10026, as is described in the FILTER_README file in the Postfix distribution

First add this line to main.cf:

content_filter = smtp:[127.0.0.1]:10025

This will cause Postfix' default SMTP daemon to pipe all mail to the address 127.0.0.1:10025.

Then add these 3 entries to master.cf:

scan               unix    -        -        n        -        10        smtp
localhost:10026    inet    n        -        n        -        10        smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o myhostname=localhost.domain.tld
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_use_tls=no
        -o mynetworks=127.0.0.0/8
localhost:10025    inet    n        n        n        -        10        spawn
        user=nobody argv=/opt/f-prot/mailtools/scan-mail.pl -postfix 127.0.0.1:10026

The first entry specifies that Postfix's master service shall run at most 10 processes simultaneously to pipe the mail from the SMTP daemon to external filter. The second entry makes the master service run at most 10 smtpd processes simultaneously on address localhost:10026 to receive the mail from the filter, and configures it so it does not loop the mail back to the external filter. And the third entry makes the master service run at most 10 instances simultaneously of the Mail Scanner to filter the mail on address localhost:10025 and advises the Mail Scanner that the SMTP daemon it's supposed to relay SMTP connections to is running on address 127.0.0.1:10026.

Scan-mail.pl uses fpscand to do the actual virus scans. Make sure fpscand is running before starting the Mail Scanner.

Back to Index

 
 
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Stay up to date with important developments via e-mail.
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Definitions of common antivirus terminology.