smtp.rules for non-Gamera?

Forum for getting help with Project Gamera, Spamassassin, Clamav, qmail-scanner and other anti-spam tools.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

smtp.rules for non-Gamera?

Unread post by faris »

I want to disable Clamd/Spamassassin completely for email coming in from a Project Gamera box. After all, the whole point is to have the Gamera box do the work.

On this page https://github.com/Atomicorp/project-gamera is gives instructions on how to do so, by editing
/etc/tcpserver/smtp.rules (which is actually /etc/tcpcontrol/smtp.rules for Gamera on RH6/Centos 6 btw)

Unfortunately on my non-Gamera Centos 6 boxes, which run Plesk's qmail, I don't have this directory, let alone the file.

Does anyone have any suggestions? Using qmail-scanner's per-domain option won't help because I don't want to turn off scanning for the domain for mail from all IPs- I only want to turn it off for email that comes in via the Project Gamera box itself.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: smtp.rules for non-Gamera?

Unread post by scott »

I think maybe you can duplicate that via an xinetd env variable.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: smtp.rules for non-Gamera?

Unread post by faris »

You mean just add space delineated strings in the env = line?

But if that works, wouldn't it be a better way to hook qmail-scanner into qmail in general? (as opposed to replacing the binary).

I'm going to give it a try now to see what happens.....
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: smtp.rules for non-Gamera?

Unread post by faris »

gah! Didn't work

env = SMTPAUTH=1 IP-I-don't-want-to-scan:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig"

Note the .orig because otherwise we're sending it to the replaced binary, aren't we?

Those quotes don't look like they are doing any good in a line like that though? Nor the commas.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: smtp.rules for non-Gamera?

Unread post by scott »

Now that I think about it more, no it wont work. Theres no way to bypass it short of a code change inside qmail-scanner-queue.pl
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: smtp.rules for non-Gamera?

Unread post by faris »

Darn :-(

Well...I've sort of found a way around it by using spamdyke on the PLesk box to whitelist the gamera IP(s) in the master config, then *in a domain-specific config file for spamsyke*, blacklist all IPs (using the allowed 1-254 syntax). This allows mail from the gamera boxes but no other IP.

Then I configured qmail-scanner's per-domain system to disable all scanners for the domain whose email was being processed by the gamera box.

In this way, email is only accepted for the domain in question if it comes via a Gamera box, and since it has been scanned there already, the Plesk box doesn't scan it again. And that's really what's required at the end of the day.

The downside is that if all the gamera boxes go down, email stops flowing, which means you need more than one Gamera box - you can't have a single gamera box set up as a secondary or backup MX to the Plesk box.

I also found that clamd won't even start in a 512Mb DigialOcean VPS due to lack of memory, and needed a 1Gb one :-( I was quite surprised.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Post Reply