[clamav-users] clamav-milter LocalNet option / outgoing mail (Debian Wheezy)

Ian Eiloart iane at sussex.ac.uk
Mon Feb 23 08:27:03 EST 2015

> On 22 Feb 2015, at 02:13, Daniel Spies <ds20150222clam at pskx.net> wrote:
> On 02/22/2015 02:47 AM, Noel Jones wrote:
>> Anyway, if your goal is to disable scanning on submission, it's
>> probably best to edit the master.cf submission service to not call
>> clamav-milter at all.  (I would strongly recommend scanning all
>> mail, but that's a local policy decision)
> As already suspected below, I still have a few clients who are sending e-mail to port 25. I would like to disable authentication for port 25 but it's no option at the moment.

If your goal is to separate authenticated from unauthenticated mail, the place to do it is not at the port, but at the IP address. Use a different server, and publish new MX records. Here, we don’t use a different physical server, we have two IP addresses on one physical interface, and separate Exim processes listening on the different IP addresses:

The process configured to use mx.example.com would listen only on port 25

The process configured to use msa.example.com (or more likely smtp.example.com to satisfy some autoconfiguration algorithms) would listen on ports 587, 25, and 465 (unfortunately, there are still clients that like to use this port for ssl-on-connect) 

Of course, our documentation and autoconfiguration servers all recommend port 587, but there’s no harm in (for example) local clients using port 25.

I don’t use Postfix, so I don’t know whether you can configure it to listen only on one virtual interface. If not, you may need two physical hosts, or you might be able to do this on one host by virtualising your servers.
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148

More information about the clamav-users mailing list