store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sat Aug 17, 2019 12:56 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: smtp.rules for non-Gamera?
Unread postPosted: Sun Sep 28, 2014 8:50 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
I want to disable Clamd/Spamassassin completely for email coming in from a Project Gamera box. After all, the whole point is to have the Gamera box do the work.

On this page https://github.com/Atomicorp/project-gamera is gives instructions on how to do so, by editing
/etc/tcpserver/smtp.rules (which is actually /etc/tcpcontrol/smtp.rules for Gamera on RH6/Centos 6 btw)

Unfortunately on my non-Gamera Centos 6 boxes, which run Plesk's qmail, I don't have this directory, let alone the file.

Does anyone have any suggestions? Using qmail-scanner's per-domain option won't help because I don't want to turn off scanning for the domain for mail from all IPs- I only want to turn it off for email that comes in via the Project Gamera box itself.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: smtp.rules for non-Gamera?
Unread postPosted: Sun Sep 28, 2014 9:59 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 8329
Location: earth
I think maybe you can duplicate that via an xinetd env variable.


Top
 Profile  
Reply with quote  
 Post subject: Re: smtp.rules for non-Gamera?
Unread postPosted: Sun Sep 28, 2014 2:23 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
You mean just add space delineated strings in the env = line?

But if that works, wouldn't it be a better way to hook qmail-scanner into qmail in general? (as opposed to replacing the binary).

I'm going to give it a try now to see what happens.....

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: smtp.rules for non-Gamera?
Unread postPosted: Sun Sep 28, 2014 2:34 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
gah! Didn't work

env = SMTPAUTH=1 IP-I-don't-want-to-scan:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig"

Note the .orig because otherwise we're sending it to the replaced binary, aren't we?

Those quotes don't look like they are doing any good in a line like that though? Nor the commas.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: smtp.rules for non-Gamera?
Unread postPosted: Mon Sep 29, 2014 9:24 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 8329
Location: earth
Now that I think about it more, no it wont work. Theres no way to bypass it short of a code change inside qmail-scanner-queue.pl


Top
 Profile  
Reply with quote  
 Post subject: Re: smtp.rules for non-Gamera?
Unread postPosted: Mon Sep 29, 2014 10:37 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
Darn :-(

Well...I've sort of found a way around it by using spamdyke on the PLesk box to whitelist the gamera IP(s) in the master config, then *in a domain-specific config file for spamsyke*, blacklist all IPs (using the allowed 1-254 syntax). This allows mail from the gamera boxes but no other IP.

Then I configured qmail-scanner's per-domain system to disable all scanners for the domain whose email was being processed by the gamera box.

In this way, email is only accepted for the domain in question if it comes via a Gamera box, and since it has been scanned there already, the Plesk box doesn't scan it again. And that's really what's required at the end of the day.

The downside is that if all the gamera boxes go down, email stops flowing, which means you need more than one Gamera box - you can't have a single gamera box set up as a secondary or backup MX to the Plesk box.

I also found that clamd won't even start in a 512Mb DigialOcean VPS due to lack of memory, and needed a 1Gb one :-( I was quite surprised.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Google [Bot] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group