anomy-list

Re: anomy with postfix as mailrelay

From: Tim Bergen (44745@xyz.molar.is)
Date: Wed 08 May 2002 - 11:37:00 UTC

  • Next message: Kevin Ring: "RE: Insecure dependency redux"

    Well this is what I did and it seems to be working well. This is based
    on the postfix filter.readme and
    http://advosys.ca/papers/postfix-filtering.html

    1) Creted a user and group called anomy with a shell of NULL and
    installed as outlined in the documentation.

    2) Decompressed Anomy in /usr/local/anomy and made root owner, and group
    anomy where user and group had both read, and write access.

    3) made a directory /var/spool/anomy and made user root the owner and
    group anomy where root could read and write, and anomy could just read.

    4) the directory /usr/local/anomy/quarantine was set to owner root,
    group anomy where both owner and group got read and write access

    5) created directory in /var/log/anomy with anomy the owner and group.

    6) Updated master.cf to look like this: (note commented out the first
    smtp line, and added the second one. Note the smtp line has to be ONE
    line and the anomy line has to be on one line.

    master.cf

    #smtp
       inet n - n
    -
    -
    smtpd

    smtp
       inet n - n
    -
    -
    smtpd -o content_filter=anomy

    anomy
       unix - n n
    -
    -
    pipe user=anomy argv=/usr/local/anomy/anomy.sh -f $sender -- $recipient

    7) my anomy.sh
    #!/bin/sh
    # Localize these
    INSPECT_DIR=/var/spool/filter
    SENDMAIL="/usr/sbin/sendmail -i"
    ANOMY=/usr/local/anomy
    ANOMY_CONF=/usr/local/anomy/sanitizer.cfg

    export ANOMY

    # Exit codes from <sysexits.h>
    EX_TEMPFAIL=75
    EX_UNAVAILABLE=69

    # Clean up when done or when aborting.
    trap "rm -f in.$$; rm -f /var/spool/filter/out.$$" 0 1 2 3 15

    # Start processing. This is all one Line
    cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }

    cat >in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }

    #This is all one Line
    $ANOMY/bin/sanitizer.pl $ANOMY_CONF 2>>/var/log/anomy/anomy.log <in.$$ >
    $INSPECT_DIR/out.$$

    $SENDMAIL "$@" <$INSPECT_DIR/out.$$

    exit $?

    8) In my sanitizer.cfg I have: feat_log_stderr = 1 and redirect stderr
    out to /var/log/anomy/anomy.log so I keep a nice log of everything anomy
    does and defined it as a system log and setup log rotate to keep it inline.



    hosted by molar.is