From: Mark Martinec (Mark.Martinec+)
Date: Tue Jan 24 2006 - 11:52:19 EST
> > I believe the Amavis-new (daemon) receives the e-mail via lmtp and does
> > it's magic before it hands it off to a Spamassassin content filter.
>
> amavisd-new can only receive via smtp.
It can receive either by LMTP or SMTP (but can forward over SMTP only).
Both LMTP and SMTP implementations are fully standards compliant.
> if your virus/spam/whatever filter appends headers, it will break DK. In
> particular, amavisd-new will. In this case, check DK before handing the
> mail to amavisd-new. Or patch amavisd-new to "prepend" its headers (as
> SA now does) and post your patch to the amavis list.
With DK the sending site specifies which header fields it wants
included in the check. Typically only certain fields are included,
and the rest not (like Received, X-Spam, ...). So even if
X-Amavis* and X-Spam-* headers are inserted, it is not very
likely it will break DK. As far as I can tell, only the following
operations in amavisd-new (if enabled) will break DK:
- 'defanging' (wrapping the message in extra MIME layer);
- (potentially) releasing from quarantine (Resent-* headers inserted);
- removing improper header fields made up entirely of whitespace.
Nevertheless, it is probably better to do DK checks before a
content filter.
From Tyler Nally:
> I completely understand how to change the ports around to whatever
> I want. What I don't know is how to tell postfix how to send the
> message to be received next by Amavis-new so that it can continue
> it's merry way onto Spamassassin and then delivery.
> Is it enough to just change the ports of dkfilter to listen at another
> port (like 10030) and output to yet another port (like 10031)? I
> don't quite understand what orders the flow of messages through
> postfix. I've read the different content filter faq's, and smtp
> proxy faq's, smtp faq's, cleanup, pickup, etc. and many of the others
> at postfix.org.
You can chain content filters directly, or let the message come
back to Postfix after each step. The later is less efficient,
but possibly more rebust in case one of the filters misbehaves
or does not implement SMTP by the book.
Pf -> F1 -> F2 -> F3 -> Pf
or
Pf -> F1 -> Pf -> F2 -> Pf -> F3 -> Pf
Just assign each box input its dedicated port number.
As far as Postfix is concerned, the content_filter option
is all there is to know, it fully controls the IP and port number
to which a message needs to be forwarded next. Each Postfix service
'smtpd' has its own port number to listen on, and can have its own
setting of content_filter option, thus controlling the next hop.
Mark
|
|
|