1 (edited by Frankstar 2016-04-24 00:54:07)

Topic: Iredmail/Postfix and ESET Mail Security

Hi Guys,

I tryed (and did) implement ESET Mail Security into iredmail / Postfix.
BUT - after i a while i realized that i also replaced/killed my DKIM signing.
(switched back to amavisd - cause that part worked absolute fine - with another solution i could just turn of virus and spam scanning by amavisd)

So i search for an alternative (first try was replacing amavis with eset_smtp - worked fine but ...).
I found the solution via eset_mda (between Postfix and Dovecot).

http://download.eset.com/manuals/eset_e … de_enu.pdf
Page 31,

The objective of this installation is to insert esets_mda before the original Postfix MDA.
The MDA to be used (with arguments) isset in the Postfix parameter ‘mailbox_command’

So i searched for ‘mailbox_command’ and its set to

 mailbox_command = /usr/libexec/dovecot/deliver

Replaced it with

mailbox_command = /opt/eset/esets/bin/esets_mda -d "$USER" -- --recipient="$RECIPIENT" --sender="$SENDER"

as described in the documention.
Sadly that didnt worked - mails are still deliverd without scanning.

So i commented "mailbox_command" out and it had no effect ! (mail deliver works fine - still no eset scanning but ...)
Doesnt we need that parameter?

anyway - any idea how i could set this up ? (with the eset_mda and virtual mailboxes ?)

regards,
Frank

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Iredmail/Postfix and ESET Mail Security

I don't know eset_mda at all, cannot help here.
it might be better to ask for support from eset_mda.

3 (edited by Frankstar 2016-04-24 21:49:48)

Re: Iredmail/Postfix and ESET Mail Security

ZhangHuangbin wrote:

I don't know eset_mda at all, cannot help here.
it might be better to ask for support from eset_mda.

well, i expected that.
But - first the Eset Support is horrible - they will (and did not) help me.

Second - i dont asked for direct support from you - but i would pay you for help smile
Thought this is an Forum and mayb someone has an glue about this topic.

Third - i think eset_mda would work fine and i dont need support here.
Its more about the postfix "mailbox_command =" which has absolute no effect in my install.

I can delete this command and everything is still working.

I need to know where its defined that postfix delivers to dovecot.
And than i need to adjust this.

Eset says "mailbox_command =" does that - but for an iredmail install - thats sadly not true.

4

Re: Iredmail/Postfix and ESET Mail Security

Frankstar wrote:

Eset says "mailbox_command =" does that - but for an iredmail install - thats sadly not true.

Looks like you need to define a custom transport in /etc/postfix/master.cf, just like the entry "transport" defined in master.cf, then update per-domain OR per-user transport to this new transport.

See, if you just mention a program name, no one can help. but if you show us more technical details (official document is preferred), we may be able to give you some hint.

5 (edited by Frankstar 2016-04-24 22:36:15)

Re: Iredmail/Postfix and ESET Mail Security

But Zhang - i did that in my first Post.

http://download.eset.com/manuals/eset_e … de_enu.pdf
Page 31
"Inbound email message scanning"

not "Bi-directional email message scanning" - that works fine but disables amavis since it use the "content_filter = " parameter.

6 (edited by Frankstar 2016-04-25 06:36:42)

Re: Iredmail/Postfix and ESET Mail Security

I tryed something.

I changed in the master.cfg

dovecot unix    -       n       n       -       -      pipe
    flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}

to (as described in the documentation)

#    flags=DRhu user=vmail:vmail argv=/opt/eset/esets/bin/esets_mda -d "${user}" -- --recipient="${recipient}" --sender="${sender}"

and in the eset_mda config i change the MDA path to "/usr/libexec/dovecot/deliver"
But now i get

Apr 24 20:46:07 mailsrv01 postfix/pipe[8945]: D4D6447242: to=<office@xxxxxx.com>, relay=dovecot, delay=0.63, delays=0.03/0.02/0/0.58, dsn=5.1.1, status=bounced (user unknown)

so i think i need some arguments in the (eset) mda path.
But i seems the path doesnt allow arrguments.
I tryed the orginal ones (as in org master.cfg - real dovecote transport) and got

Apr 24 20:07:17 mailsrv01 postfix/pipe[7869]: 1F23C4723F: to=<office@xxxxxx.com>, relay=dovecot, delay=0.47, delays=0.01/0.02/0/0.43, dsn=4.3.0, status=deferred (temporary failure. Command output: error[1ebe0000]: Cannot execute /usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${domain}: No such file or directory )

well - if someone has an idea - i will be happy.
If not - i think this method will sadly also not work

7

Re: Iredmail/Postfix and ESET Mail Security

I think it's possible to get it working. The document mentions the chain to relay scanned email to another MDA (for example, Dovecot LDA in iRedMail).

8 (edited by Frankstar 2016-04-27 17:50:36)

Re: Iredmail/Postfix and ESET Mail Security

well i dont like the eset_imap feature - which you are talkin about - the only way for me is via the smtp (cut off amavis) or via mda (before the real dovecot and then pass it to the real dovecot) - but via the downnat its just weird and has some drawbacks (+ i dont have a iptables or ipchain running - since i dont need it at my customers / hardware firewall before)

i opend a Support ticket in the eset forum.

Mayb someday - someone will reply smile

but for now im using the good old amavis + spamassasin + clamav.

9

Re: Iredmail/Postfix and ESET Mail Security

thread closed. wish you luck in eset forum. smile