Results 1 to 2 of 2

Thread: Help needed to setup up third party Antivirus scanning

Hybrid View

  1. #1
    Join Date
    May 2006
    Posts
    3
    Rep Power
    9

    Default Help needed to setup up third party Antivirus scanning

    Hi there,

    First of all, Thank you for the great product which has got a bright future ahead. I'm one of the new deployments using open source edition of zimbra for production environment. Wish i could support zimbra community by purchasing the network edition, but my company's budget doestn't enable me to do so.,

    Thank you for the great product once again, Now coming to the point.....

    I'm using zimbra's latest version installed on CENT OS 4.2, Its good that this product comes with Clam AV and Spamassasin. But recently i've got a few email with virus escaped from Clam AV without being caught. So i Planned to have third party antivirus scanner in the place of AMAVIS, the product is Symantec AV for SMTP gateways. I managed to setup the product. and i've configured main.cf first line set to the symantec smtp port for the AV scanning and spam filtering. After scanning, teh symantec AV scanner will then hand over the mail back to the postfix proxy at 10025.

    The above seems logically ok, however all my out going emails are being bounced back by this following error,

    " This is the Postfix program at host mail.mydomain.com.

    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.

    For further assistance, please send mail to

    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.

    The Postfix program

    email_id@destination.com: host 127.0.0.1[127.0.0.1] said: 554

    email_id@destination.com: Relay access denied (in reply to RCPT TO
    command)



    Final-Recipient: rfc822; email_id@destination.com
    Action: failed
    Status: 5.0.0
    Diagnostic-Code: X-Postfix; host 127.0.0.1[127.0.0.1] said: 554
    email_id@destination.com: Relay access denied (in reply to RCPT TO
    command) "
    Here is my main.cf

    content_filter = smtp-amavis:[127.0.0.1]:11125
    myhostname = mail.royaladelphi.com
    recipient_delimiter =
    smtpd_sasl_auth_enable = yes
    smtpd_tls_auth_only = yes
    smtpd_use_tls = yes
    disable_dns_lookups = no
    message_size_limit = 10240000
    relayhost =
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit
    alias_maps = hash:/etc/aliases
    broken_sasl_auth_clients = yes
    command_directory = /opt/zimbra/postfix-2.2.9/sbin
    daemon_directory = /opt/zimbra/postfix-2.2.9/libexec
    header_checks = pcre:/opt/zimbra/conf/postfix_header_checks
    mailq_path = /opt/zimbra/postfix-2.2.9/sbin/mailq
    manpage_directory = /opt/zimbra/postfix-2.2.9/man
    newaliases_path = /opt/zimbra/postfix-2.2.9/sbin/newaliases
    queue_directory = /opt/zimbra/postfix-2.2.9/spool
    sender_canonical_maps = ldap:/opt/zimbra/conf/ldap-scm.cf
    sendmail_path = /opt/zimbra/postfix-2.2.9/sbin/sendmail
    smtpd_client_restrictions = reject_unauth_pipelining
    smtpd_data_restrictions = reject_unauth_pipelining
    smtpd_helo_required = yes
    smtpd_reject_unlisted_recipient = no
    smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
    smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
    smtpd_tls_loglevel = 1
    transport_maps = ldap:/opt/zimbra/conf/ldap-transport.cf
    version = 2.2.9
    virtual_alias_domains = ldap://opt/zimbra/conf/ldap-vad.cf
    virtual_alias_maps = ldap:/opt/zimbra/conf/ldap-vam.cf
    virtual_mailbox_domains = ldap:/opt/zimbra/conf/ldap-vmd.cf
    virtual_mailbox_maps = ldap:/opt/zimbra/conf/ldap-vmm.cf
    virtual_transport = error

    need assinstance in that matter, i've no problems recieving the incoming mails.

    i've checked /var/log/maillog file. I found the clues. here is the log for an outgoing message

    Sep 30 13:07:35 mail postfix/smtpd[6950]: 294BD708519: client=myhost.mydomain.com[my.ip.address]
    Sep 30 13:07:35 mail postfix/smtpd[6950]: E2358708519: client=myhost.mydomain.com[my.ip.address]
    Sep 30 13:07:35 mail postfix/cleanup[10611]: E2358708519: message-id=FGECJGJKPJPFPAGPAGINAEIHDBAA.my_email_id@mydoma in.com
    Sep 30 13:07:36 mail postfix/qmgr[6866]: E2358708519: from=my_email_id@mydomain.com, size=14001, nrcpt=1 (queue active)
    Sep 30 13:07:36 mail inbound-mta/smtpd[10613]: connect from localhost.localdomain[127.0.0.1]
    Sep 30 13:07:36 mail inbound-mta/smtpd[10613]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 554 some_id@gmail.com: Relay access denied; from=my_email_id@mydomain.com to=some_id@gmail.com proto=ESMTP helo=mail.mydomain.com
    Sep 30 13:07:36 mail postfix/smtp[10612]: E2358708519: to=some_id@gmail.com, relay=127.0.0.1[127.0.0.1], delay=1, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 some_id@gmail.com: Relay access denied (in reply to RCPT TO command))
    Sep 30 13:07:36 mail inbound-mta/smtpd[10613]: disconnect from localhost.localdomain[127.0.0.1]
    Sep 30 13:07:36 mail postfix/cleanup[10611]: 24CCC70851C: message-id=20060930050736.24CCC70851C@mail.mydomain.com
    Sep 30 13:07:36 mail postfix/qmgr[6866]: 24CCC70851C: from=, size=15912, nrcpt=1 (queue active)
    Sep 30 13:07:36 mail postfix/qmgr[6866]: E2358708519: removed
    Sep 30 13:07:36 mail postfix/smtpd[6950]: disconnect from myhost.mydomain.com[my.ip.address]
    Sep 30 13:07:36 mail postfix/lmtp[10625]: 24CCC70851C: to=my_email_id@mydomain.com, relay=mail.mydomain.com[my.mail.domain.address], delay=0, status=sent (250 2.1.5 OK)
    Sep 30 13:07:36 mail postfix/qmgr[6866]: 24CCC70851C: removed

    AND HERE is the log for incoming email.

    Sep 30 13:56:59 mail postfix/smtpd[26199]: connect from py-out-1112.google.com[64.233.166.177]
    Sep 30 13:57:00 mail postfix/smtpd[26199]: 2DA19708519: client=py-out-1112.google.com[64.233.166.177]
    Sep 30 13:57:00 mail postfix/cleanup[26848]: 2DA19708519: message-id=a4c8ac520609292256i4bebb670l7ae2582be225043e@ma il.gmail.com
    Sep 30 13:57:00 mail postfix/qmgr[26179]: 2DA19708519: from=from_email_id@gmail.com, size=1306, nrcpt=1 (queue active)
    Sep 30 13:57:00 mail inbound-mta/smtpd[26850]: connect from localhost.localdomain[127.0.0.1]
    Sep 30 13:57:00 mail inbound-mta/smtpd[26850]: E309D73025D: client=localhost.localdomain[127.0.0.1]
    Sep 30 13:57:00 mail inbound-mta/cleanup[26854]: E309D73025D: message-id=a4c8ac520609292256i4bebb670l7ae2582be225043e@ma il.gmail.com
    Sep 30 13:57:01 mail postfix/smtp[26849]: 2DA19708519: to=my_email_id@mydomain.com, relay=127.0.0.1[127.0.0.1], delay=2, status=sent (250 Ok: queued as E309D73025D)
    Sep 30 13:57:01 mail inbound-mta/smtpd[26850]: disconnect from localhost.localdomain[127.0.0.1]
    Sep 30 13:57:01 mail postfix/qmgr[26179]: 2DA19708519: removed
    Sep 30 13:57:01 mail inbound-mta/qmgr[21144]: E309D73025D: from=from_email_id@gmail.com, size=1581, nrcpt=1 (queue active)
    Sep 30 13:57:01 mail delivery-mta/smtpd[26856]: connect from unknown[127.0.0.1]
    Sep 30 13:57:01 mail delivery-mta/smtpd[26856]: 1C52173026E: client=unknown[127.0.0.1]
    Sep 30 13:57:01 mail delivery-mta/cleanup[26859]: 1C52173026E: message-id=a4c8ac520609292256i4bebb670l7ae2582be225043e@ma il.gmail.com
    Sep 30 13:57:01 mail inbound-mta/smtp[26855]: E309D73025D: to=my_email_id@mydomain.com, relay=127.0.0.1[127.0.0.1], delay=1, status=sent (250 OK)
    Sep 30 13:57:01 mail inbound-mta/qmgr[21144]: E309D73025D: removed
    Sep 30 13:57:01 mail delivery-mta/smtpd[26856]: disconnect from unknown[127.0.0.1]
    Sep 30 13:57:01 mail delivery-mta/qmgr[21150]: 1C52173026E: from=from_email_id@gmail.com, size=1821, nrcpt=1 (queue active)
    Sep 30 13:57:01 mail postfix/smtpd[26861]: connect from localhost.localdomain[127.0.0.1]
    Sep 30 13:57:01 mail postfix/smtpd[26861]: 543FF708519: client=localhost.localdomain[127.0.0.1]
    Sep 30 13:57:01 mail postfix/cleanup[26848]: 543FF708519: message-id=a4c8ac520609292256i4bebb670l7ae2582be225043e@ma il.gmail.com
    Sep 30 13:57:01 mail postfix/qmgr[26179]: 543FF708519: from=from_email_id@gmail.com, size=2027, nrcpt=1 (queue active)
    Sep 30 13:57:01 mail postfix/smtpd[26861]: disconnect from localhost.localdomain[127.0.0.1]
    Sep 30 13:57:01 mail delivery-mta/smtp[26860]: 1C52173026E: to=my_email_id@mydomain.com, relay=127.0.0.1[127.0.0.1], delay=0, status=sent (250 Ok: queued as 543FF708519)
    Sep 30 13:57:01 mail delivery-mta/smtp[26860]: 1C52173026E: audit_id=c0a80001-ac7fbbb000004c1c-08-451e072cb3f9
    Sep 30 13:57:01 mail delivery-mta/qmgr[21150]: 1C52173026E: removed
    Sep 30 13:57:01 mail postfix/lmtp[26862]: 543FF708519: to=my_email_id@mydomain.com, relay=mail.mydomain.com[192.168.X.X], delay=0, status=sent (250 2.1.5 OK)
    Sep 30 13:57:01 mail postfix/qmgr[26179]: 543FF708519: removed

    From the bove i found two words which i belive it to be from Symantec AV scanner. inbound-mta and delivery-mta . if thats true then i've isolated the problem.

    Thank you
    Last edited by curious_guy; 09-30-2006 at 12:29 AM.

  2. #2
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    12

    Default

    Hi

    The normal way for virus scanning is to use amavis - it is configured by default to pick up most virus scanners, and I think it takes commercial ones by default before clamav. Have you tried leaving the standard zimbra postfix as is? Look at /opt/zimbra/conf/amavisd.conf for further info about handoffs to your av scanner.

Similar Threads

  1. 3rd party antivirus program
    By achow in forum Users
    Replies: 7
    Last Post: 09-30-2010, 03:24 PM
  2. Antivirus not running after setup
    By koi-bito in forum Installation
    Replies: 11
    Last Post: 08-13-2007, 05:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •