Results 1 to 7 of 7

Thread: additional AV scanner - port mappings

  1. #1
    Join Date
    Jun 2007
    Posts
    2
    Rep Power
    8

    Default additional AV scanner - port mappings

    Hi,

    I have to add additional AV scanner (SMS SMTP Symantec) to work with zimbra.
    I know that ClamAV is a good solution but this is rather political decision.

    I would like to add this 3rd party scanner before zimbra MTA version 4.5.5_GA_838.RHEL4.

    I think that 3rd party scanner will listen on port 25 for incoming emails, than forward it directly to 7075 (smtp zimbra port).
    Zimbra port mapping between ports 25 -> 7075 should be disabled.

    My question is where (file .conf or from command line) I can disable this zimbra port mapping(25->7075)?

    Thanks for help.

  2. #2
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Old material:
    Quote Originally Posted by KevinH View Post
    The MTA runs on 7075 and is mapped to port 25 via iptables. So you can try working with 7075 and see if that avoids your ISP's filtering.
    -kevin
    You'll see the mappings if you run (as root)
    iptables -t nat -L
    (syntax varies)

    The iptables rules are installed with the script /opt/zimbra/bin/zmiptables - the option to remove the rules is -u.

    To turn them all off you would run (as root):
    /opt/zimbra/bin/zmiptables -u
    /opt/zimbra/bin/zmiptables -i

    http://www.zimbra.com/forums/adminis...e-i-start.html
    So I think you would be able to:
    -so turn them all off
    -modify the script to your liking
    -turn back on
    Last edited by mmorse; 06-06-2007 at 09:02 AM. Reason: old material-left in because I did post it-stupidly-but marked as such

  3. #3
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    12

    Default

    when you say add additional scanner, you mean disable the existing one and replace it? to add additional scan engine like symantec, amavisd should pick it up automatically - have a look through /opt/zimbra/conf/amavisd.conf.

    didn't iptables mappings disappear back in the 3.x days?

  4. #4
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    I think he means a separate box-physically infront of the zimbra mta.
    ie: Not turn off ClamAV, but it doesn't make his boss/whoever happy to just use ClamAV alone (at least that's how I interprit 'political' reasons)

    Can this symantec product act as an MTA? (pass the traffic through it)

    old crap:
    iptables-that was compiled from a bunch of (old) threads by kevinH & marc -didn't actually test anything myself
    -yup, I don't have any iptables script/iptables running on any of my builds, I did kinda wonder-but posted anyway


    Newer/2006 threads:
    http://www.zimbra.com/forums/adminis...rent-port.html
    http://www.zimbra.com/forums/adminis...sion-port.html
    Last edited by mmorse; 06-06-2007 at 09:15 AM.

  5. #5
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

  6. #6
    Join Date
    Jun 2007
    Posts
    2
    Rep Power
    8

    Thumbs up

    Finally I found solution. And it is very easy to change the port for SMTP in zimbra.

    Example-> change smtp to port 26
    1. zmprov mcf SERVERNAME zimbraSmtpPort 26
    2. zmprov mc SERVERNAME zimbraSmtpPort 26
    3. modify /opt/zimbra/postfix/config/master.cf
    from: smtp inet n - n - - smtpd
    to: 26 inet n - n - - smtpd
    4. zmcontrol stop;zmcontrol start

    In this example I modify config (step 1) and server (step 2).Maybe it can by modyfied only one of this variable but in this case everything works.

    If zimbra smtp works on other than 25 port, I can configure SMS SMTP Symantec or any 3rd party AV to listen on port 25 and forward mail from it to zimbra on 26 port on the same host.

    Thank You very much for help. Your responses gave me a clue, how to resolve my problem. Keep up good work!

  7. #7
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    12

    Default

    Hi, just take note that step 3 will be overwritten at next upgrade, you will have to alter it by hand again!

Similar Threads

  1. initializing ldap...FAILED(256)ERROR
    By manjunath in forum Installation
    Replies: 39
    Last Post: 06-07-2013, 10:27 AM
  2. Replies: 7
    Last Post: 02-03-2011, 06:01 AM
  3. Configuring and using DSPAM
    By JoshuaPrismon in forum Administrators
    Replies: 55
    Last Post: 03-02-2007, 08:08 AM
  4. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 03:55 PM
  5. antispam not working?
    By moebis in forum Installation
    Replies: 16
    Last Post: 12-03-2005, 07:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •