Discussion:
How to specify different policies for different unix sockets?
(too old to reply)
Hamy
2016-04-16 05:12:42 UTC
Permalink
Hi, i would like to use unix socket instead of inet in amavisd for postfix to communicate with it and then secure it by setting appropriate permissions. However, i dot not want to disable the default AM.PDP-SOCK policy which is required for amavisd-release and maybe other scripts(and amavisd-milter) to work. also i might need to have multiple smtp unix sockets in future with different set of policy banks applied to them.How can one do so? it's easily possibly to do that with inet ports, but what about unix sockets?
PS: just to show I've done my research before asking, i have found 2 related topics:
1- http://serverfault.com/questions/656367/postfix-amavis-use-unix-soket-for-communicationThis approach basically replaces the built-in defined socket and can only be done for one instance of unix socket.

2- https://lists.amavis.org/pipermail/amavis-users/2015-April/003549.htmlThis is exactly my question. unfortunately, it's left an answered.
Any help would be greatly appropriated.
Best Regards,
Patrick Ben Koetter
2016-04-16 06:45:11 UTC
Permalink
Why not use the MILER sockets?
Post by Hamy
Hi, i would like to use unix socket instead of inet in amavisd for postfix to communicate with it and then secure it by setting appropriate permissions. However, i dot not want to disable the default AM.PDP-SOCK policy which is required for amavisd-release and maybe other scripts(and amavisd-milter) to work. also i might need to have multiple smtp unix sockets in future with different set of policy banks applied to them.How can one do so? it's easily possibly to do that with inet ports, but what about unix sockets?
1- http://serverfault.com/questions/656367/postfix-amavis-use-unix-soket-for-communicationThis approach basically replaces the built-in defined socket and can only be done for one instance of unix socket.
2- https://lists.amavis.org/pipermail/amavis-users/2015-April/003549.htmlThis is exactly my question. unfortunately, it's left an answered.
Any help would be greatly appropriated.
Best Regards,
--
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Hamy
2016-04-16 07:12:20 UTC
Permalink
Hi, Patrick
Using amavisd-milter is certainly an option that i did consider. and frankly, it would have been a cleaner solution and possibly faster as well. However, after looking at the projects home page and the overall activity (including mailing lists), it felt like to me that it's not as active as one would have hoped, And furthermore, it felt like a completely different project and not really related much to the well known and maintained amavisd-new. smtp proxying approach however, is well supported by amavisd-new and seems to be the preferable method. so instead of running yet another (possibly risky) process in between to talk to the amavisd, i decided to directly talk to it by using smtp instead. but i still would like to secure it more by using unix sockets instead of inet.

Best Regards,


On Saturday, 16 April 2016, 11:16, Patrick Ben Koetter <***@sys4.de> wrote:


Why not use the MILER sockets?
Post by Hamy
Hi, i would like to use unix socket instead of inet in amavisd for postfix to communicate with it and then secure it by setting appropriate permissions. However, i dot not want to disable the default AM.PDP-SOCK policy which is required for amavisd-release and maybe other scripts(and amavisd-milter) to work. also i might need to have multiple smtp unix sockets in future with different set of policy banks applied to them.How can one do so? it's easily possibly to do that with inet ports, but what about unix sockets?
1- http://serverfault.com/questions/656367/postfix-amavis-use-unix-soket-for-communicationThis approach basically replaces the built-in defined socket and can only be done for one instance of unix socket.
2- https://lists.amavis.org/pipermail/amavis-users/2015-April/003549.htmlThis is exactly my question. unfortunately, it's left an answered.
Any help would be greatly appropriated.
Best Regards,
--
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 MÃŒnchen

Sitz der Gesellschaft: MÃŒnchen, Amtsgericht MÃŒnchen: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Loading...