Re: Avoid deferring message when content filter is unavailable?

From: Adam Jacob Muller (no email)
Date: Sat Apr 21 2007 - 00:48:48 EDT

  • Next message: Ralf Hildebrandt: "Re: unauthorized user able to get past mynetworks??"

    On Apr 20, 2007, at 3:32 PM, Wietse Venema wrote:

    > Noel Jones:
    >> At 12:33 PM 4/20/2007, Wietse Venema wrote:
    >>> katsumi liquer:
    >>>> Hello list,
    >>>>
    >>>> First, I apologize if this question has been asked already or is in
    >>>> the faq -- I have looked for an answer but not found one --
    >>>> basically,
    >>>> I have spent some time configuring postfix so that it has a
    >>>> chain of
    >>>> two content filters in order to accommodate DSPAM, but also some
    >>>> procmail filtering. Everything works fine, but in the even that
    >>>> one of
    >>>> the filters is un-available for whatever reason (crashed, etc) then
    >>>> postfix defers the message from processing. Is their a setting
    >>>> somewhere in postfix that, in the event of a content filter being
    >>>> unavailable , it can skip it or divert to a fall-back filter?
    >>>
    >>> Skipping content filters requires an explicit action.
    >>>
    >>> - "postconf -e content_filter=",
    >>>
    >>> - "postfix reload",
    >>>
    >>> - "postsuper -r incoming,active,deferred", and
    >>>
    >>> - "postkick public qmgr IA".
    >>>
    >>> They can be exercised by a baby sitter program that YOU provide.
    >>> A problem is detected by watching the log, the size of the queue,
    >>> or the delays for "heart beat" test messages to go through Postfix.
    >>>
    >>> Wietse
    >>
    >> It seems that at one time I was able to add
    >> -o fallback_relay=[127.0.0.1]:10025
    >> to the content filter smtp injector to reroute mail when the content
    >> filter stopped.
    >> Does this no longer work?
    >
    > Yikes. That should work. But it will be slow, because every
    > delivery first has to time out on the non-responding filter.
    >
    > Wietse

    While I feel I may get flamed for this idea....

    bind your content filter to <YOUR_IP>:<YOUR_PORT>

    Setup main.cf in postfix to bind to *:<THAT_SAME_PORT>

    This, of course, assumes your content filter releases the bind on
    YOUR_IP:YOUR_PORT, and you probably want to throw up some firewall
    rules now since your not binding everything internal to the loopback.

    This is diabolical.

    - Adam


  • Next message: Ralf Hildebrandt: "Re: unauthorized user able to get past mynetworks??"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD