Discussion:
[Maia-users] MAIA checks all inbound and outbound - how to whitelist our internal servers
Jason Street
2016-05-13 09:59:29 UTC
Permalink
Hello Maia group.

I am having problem that when we try to send thousands of outbound mails
to a list we own MAIA 1.0.4 chokes as it is scanning all outbound mail.

Is there a way to whitelist some internal IP so that MAIA does not check
the mails?

Our set up.

email received by public mail host -> to MAIA (on same server) ->
internal mail host which runs dovecot.

internal email server set up to use our public mail hosts as relay
server in postfix. The problem with this is that it means every email
is checked by MAIA whether it's from trusted hosts or from Internet.

How can I whitelist to not scan outbound?

Thanks

JS
Floris Termorshuizen
2016-05-13 10:32:29 UTC
Permalink
Hi Jason,

It should be possible to submit the mails to the second postfix instance (Usually running on port TCP/10025) on your public mail host. You can whitelist in maia, but to me it seems better to just circumvent maia at whole to minimize the load on your machine. Also: if you send thousands of e-mails you will still overload postfix, if that is also a problem it might be better to use a dedicated outbound relay for your mass mailings

I guess you have postfix running on port 25, which relays mail to maia listening on localhost:10024, which scans the mail and submits it again to postfix running on localhost:10025. By directly submitting to the postfix smtpd instance on 10025 you bypass maia.

You need to change your postfix's master.cf so the 10025 instance listens on all IP's instead of only localhost, and maybe change the firewall running on that machine. Also the 'thing' sending the mails needs to submit to port 10025.

Best regards
Floris

-----Original Message-----
From: Maia-users [mailto:maia-users-***@renaissoft.com] On Behalf Of Jason Street
Sent: vrijdag 13 mei 2016 11:59
To: Maia Users <maia-***@renaissoft.com>
Subject: [Maia-users] MAIA checks all inbound and outbound - how to whitelist our internal servers

Hello Maia group.

I am having problem that when we try to send thousands of outbound mails to a list we own MAIA 1.0.4 chokes as it is scanning all outbound mail.

Is there a way to whitelist some internal IP so that MAIA does not check the mails?

Our set up.

email received by public mail host -> to MAIA (on same server) -> internal mail host which runs dovecot.

internal email server set up to use our public mail hosts as relay
server in postfix. The problem with this is that it means every email
is checked by MAIA whether it's from trusted hosts or from Internet.

How can I whitelist to not scan outbound?

Thanks

JS
_______________________________________________
Maia-users mailing list
Maia-***@renaissoft.com
http://www.renaissoft.com/cgi-bin/mailman/listinfo/maia-users
Jason Street
2016-05-13 10:46:24 UTC
Permalink
Post by Floris Termorshuizen
It should be possible to submit the mails to the second postfix
instance (Usually running on port TCP/10025) on your public mail host.
Yes it's on localhost:10025
Post by Floris Termorshuizen
You can whitelist in maia, but to me it seems better to just
circumvent maia at whole to minimize the load on your machine.
Where/how is it possible to whitelist in MAIA? I have looked through
configs but do not see a suitable place
Post by Floris Termorshuizen
if you send thousands of e-mails you will still overload postfix, if
that is also a problem it might be better to use a dedicated outbound
relay for your mass mailings
Possibly but it looks like MAIA is the bottle neck in these instances,
spending too long processing each email.
Post by Floris Termorshuizen
I guess you have postfix running on port 25, which relays mail to maia
listening on localhost:10024, which scans the mail and submits it
again to postfix running on localhost:10025. By directly submitting to
the postfix smtpd instance on 10025 you bypass maia.
You need to change your postfix's master.cf so the 10025 instance
listens on all IP's instead of only localhost, and maybe change the
firewall running on that machine. Also the 'thing' sending the mails
needs to submit to port 10025.
Looks interesting idea, though good to try MAIA whitelist too. As the
public mailhost is multihomed I could have 10025 listen on RFC1918 IP
Address and then MAIA connect to that.

JS
Floris Termorshuizen
2016-05-13 11:06:43 UTC
Permalink
Yeah I had to look in my config, but you can only whitelist IP ranges in spamassassin's local.cf, so mails will always be scanned by Maia, but will never be tagged with a spam score.

That only leaves the 'bypass maia' trick by submitting mail in de second postfix instance.

Best Regards
Floris Termorshuizen

-----Original Message-----
From: Jason Street [mailto:***@openmailbox.org]
Sent: vrijdag 13 mei 2016 12:46
To: Floris Termorshuizen <***@co-co.nl>
Cc: Maia Users <maia-***@renaissoft.com>
Subject: Re: [Maia-users] MAIA checks all inbound and outbound - how to whitelist our internal servers
Post by Floris Termorshuizen
It should be possible to submit the mails to the second postfix
instance (Usually running on port TCP/10025) on your public mail host.
Yes it's on localhost:10025
Post by Floris Termorshuizen
You can whitelist in maia, but to me it seems better to just
circumvent maia at whole to minimize the load on your machine.
Where/how is it possible to whitelist in MAIA? I have looked through
configs but do not see a suitable place
Post by Floris Termorshuizen
if you send thousands of e-mails you will still overload postfix, if
that is also a problem it might be better to use a dedicated outbound
relay for your mass mailings
Possibly but it looks like MAIA is the bottle neck in these instances, spending too long processing each email.
Post by Floris Termorshuizen
I guess you have postfix running on port 25, which relays mail to maia
listening on localhost:10024, which scans the mail and submits it
again to postfix running on localhost:10025. By directly submitting to
the postfix smtpd instance on 10025 you bypass maia.
You need to change your postfix's master.cf so the 10025 instance
listens on all IP's instead of only localhost, and maybe change the
firewall running on that machine. Also the 'thing' sending the mails
needs to submit to port 10025.
Looks interesting idea, though good to try MAIA whitelist too. As the
public mailhost is multihomed I could have 10025 listen on RFC1918 IP
Address and then MAIA connect to that.

JS
Jason Street
2016-05-13 11:10:29 UTC
Permalink
Post by Floris Termorshuizen
Yeah I had to look in my config, but you can only whitelist IP ranges
in spamassassin's local.cf, so mails will always be scanned by Maia,
but will never be tagged with a spam score.
That only leaves the 'bypass maia' trick by submitting mail in de
Thanks Floris, going to 10025 will be it then.
Marco Hahnen - ITSM
2016-05-13 11:22:35 UTC
Permalink
For other solutions you may have a look at http://verchick.com/mecham/public_html/spam/bypassing.html

Regards, Marco

-----Ursprüngliche Nachricht-----
Von: Maia-users [mailto:maia-users-***@renaissoft.com] Im Auftrag von Jason Street
Gesendet: Freitag, 13. Mai 2016 13:10
An: Floris Termorshuizen <***@co-co.nl>
Cc: Maia Users <maia-***@renaissoft.com>
Betreff: Re: [Maia-users] MAIA checks all inbound and outbound - how to whitelist our internal servers
Post by Floris Termorshuizen
Yeah I had to look in my config, but you can only whitelist IP ranges
in spamassassin's local.cf, so mails will always be scanned by Maia,
but will never be tagged with a spam score.
That only leaves the 'bypass maia' trick by submitting mail in de
Thanks Floris, going to 10025 will be it then.
_______________________________________________
Maia-users mailing list
Maia-***@renaissoft.com
http://www.renaissoft.com/cgi-bin/mailman/listinfo/maia-users

Loading...