Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20030310082339813322.O1137@alongtheway.com>
Date: Mon, 10 Mar 2003 08:23:39 +0000
From: Jim Breton <jamesb-lists@...ngtheway.com>
To: owl-users@...ts.openwall.com
Subject: Re: Re[2]: postfix content filter

On Mon, Mar 10, 2003 at 01:25:23PM +0600, Dmitriy Litovchin wrote:
> My trouble is - I want to filter all mail that goes through smtp -
> incoming (even that not stores localy) and outgoing.

Ah, OK.

Fwiw, my setup works the way you want yours to work, but this is what it
looks like:

1. Postfix SMTPD accepts incoming mail, does a bunch of RBL and other
	checks
2. mail is piped to procmail (defined in a Postfix transport)
	- after this point, Postfix never sees the mail again
3. procmail filters message through SpamAssassin, then gives the mail
	to /usr/sbin/sendmail for further delivery
4. /usr/sbin/sendmail is owned by qmail, which handles local and outbound
	final delivery

Basically it's just an SMTP proxy.


Now if you didn't want to do that, then perhaps the following would work:
1. same as above
2. same as above
3. procmail | /usr/sbin/sendmail (owned by Postfix)
	- this might be all you need to do, but I am not sure whether
	Postfix will do another transport lookup.  If it does, you're
	screwed.  If not, then you should be all set, letting Postfix
	decide what to do with the message (remote or local final
	delivery).
		- or maybe you could have another transport with a bogus
		domain and do some address rewriting to use it but that is
		ugly and I wouldn't feel comfortable with that


Another option:
Do the same thing I do with qmail, except run a 2nd instance of Postfix
with its own configs, and without the procmail transport.  So a message
comes in, is filtered, then passed to /usr/sbin/sendmail which is your 2nd
Postfix; from here, you make your normal delivery decisions.
	- or perhaps you could do this within one instance of Postfix, but
	with 2 queues, one of them having transport lookups disabled.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.