Feature request

Hello

i would like to know if it is possible to get a feature, that Djigzo
is using two different outputs (e.g. different port) for local and
remote destinations. The reason is that this would much simplify the
use of a additional virus-scan. Incoming decrypted e-mail should go to
virus scan but outgoing encrypted for sure not.
I'm aware that i can achieve it with a lot of Postfix tweaking and
routing but as dijgzo already *knows* what incoming and outgoing is it
would be much easier.

Many Thanks

Andreas

Hi Andreas,

Perhaps I misunderstand your requirements but this is already possible
(so I guess you mean something different).

A typical setup would be

Exchange <--> Virus scanner <--> Djigzo <--> Internet

Djigzo descrypts all incoming email and sends it to the virus scanner
which sends it to Exchange. Outgoing email is send from Exchange to the
virus scanner then to Djigzo which encrypts the message and it gets send
to the Internet. One requirement, and this is what most setups need, is
that the relay domains you specify in Postfix are also internal domains
in Djigzo.

The MTA setup allows you to specify the next hop server for incoming and
for outgoing email.

Kind regards,

Martijn Brinkers

lst_hoe02(a)kwsoft.de wrote:

···

Hello

i would like to know if it is possible to get a feature, that Djigzo
is using two different outputs (e.g. different port) for local and
remote destinations. The reason is that this would much simplify the
use of a additional virus-scan. Incoming decrypted e-mail should go to
virus scan but outgoing encrypted for sure not.
I'm aware that i can achieve it with a lot of Postfix tweaking and
routing but as dijgzo already *knows* what incoming and outgoing is it
would be much easier.

Many Thanks

Andreas

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

--
Djigzo open source email encryption

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

Hi Andreas,

Perhaps I misunderstand your requirements but this is already
possible (so I guess you mean something different).

A typical setup would be

Exchange <--> Virus scanner <--> Djigzo <--> Internet

Err, no. I want it (virus-scan and Djigzo) on the *same* machine with
*one* Postfix around them.
For sure it easy possible with a multi machine setup but even with VMs
we try to not split every service to its own machine.
I have already tested a setup like above but for daily use we want to
keep the number of machines low.

Regards

Andreas

Hi Andreas,

This is possibe by adding an additional RemoteDelivery mailet. Currently
one RemoteDelivery mailet is used for sending email back to postfix. The
   catch is that the additional queue cannot be monitored using the Web
interface (the MPA outgoing queue).

If you are interested in the solution I can send you a modified and
commented config.xml (this is where you must add the additional
RemoteDelivery mailet).

Kind regards,

Martijn Brinkers

lst_hoe02(a)kwsoft.de wrote:

···

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

Hi Andreas,

Perhaps I misunderstand your requirements but this is already
possible (so I guess you mean something different).

A typical setup would be

Exchange <--> Virus scanner <--> Djigzo <--> Internet

Err, no. I want it (virus-scan and Djigzo) on the *same* machine with
*one* Postfix around them.
For sure it easy possible with a multi machine setup but even with VMs
we try to not split every service to its own machine.
I have already tested a setup like above but for daily use we want to
keep the number of machines low.

Regards

Andreas

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

--
Djigzo open source email encryption

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

Hi Andreas,

This is possibe by adding an additional RemoteDelivery mailet.
Currently one RemoteDelivery mailet is used for sending email back
to postfix. The catch is that the additional queue cannot be
monitored using the Web interface (the MPA outgoing queue).

If you are interested in the solution I can send you a modified and
commented config.xml (this is where you must add the additional
RemoteDelivery mailet).

Kind regards,

Martijn Brinkers

Hello Martijn

Not monitoring the second MPA queue would be okay for starting.
Would be glad to get it working with the two output channels. Is the
only thing to do the changed config.xml or are there additional
changes to do?

Many Thanks

Andreas

Hi Andreas,

I have attached an updated config.xml and james-smtphandlerchain.xml file.

The config.xml file contains an additional RemoteDelivery mailet
(transport-internal processor). The 'transport-internal' processor is
now used instead of 'transport' for internal email. Both transports (for
internal and external) send the email back to Postfix to the same port
(port 10026). You must change the port of the 'transport-internal' to
the port you want internal email to be sent (thus the port your virus
scanner locally listens on). Or if you want Postfix to do the queuing
for you you must add an additional re-injection port to
/etc/postfix/master.cf and tell Postfix to send the email to the virus
scanner.

I have also added a line to james-smtphandlerchain.xml to make sure that
the new spool directory is monitored. James-smtphandlerchain contains a
ThrottlingMailHandler that monitors the queues and if the queues grow
beyond a certain limit it throttles incoming connections. This was added
to make sure that if incoming email cannot be handled fast enough
Postfix queues the mail instead of the internal MPA.

The updated config.xml should be copied to
/usr/share/djigzo/conf/james/SAR-INF and james-smtphandlerchain.xml
should be copied to /usr/share/djigzo/conf/james/conf (overwrite the
existing files).

I hope my explanation is clear enough

Kind regards,

Martijn Brinkers

lst_hoe02(a)kwsoft.de wrote:

···

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

Hi Andreas,

This is possibe by adding an additional RemoteDelivery mailet.
Currently one RemoteDelivery mailet is used for sending email back
to postfix. The catch is that the additional queue cannot be
monitored using the Web interface (the MPA outgoing queue).

If you are interested in the solution I can send you a modified and
commented config.xml (this is where you must add the additional
RemoteDelivery mailet).

Kind regards,

Martijn Brinkers

Hello Martijn

Not monitoring the second MPA queue would be okay for starting.
Would be glad to get it working with the two output channels. Is the
only thing to do the changed config.xml or are there additional
changes to do?

Many Thanks

Andreas

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

--
Djigzo open source email encryption