On 5/17/2010 9:50 AM, Jon Tullett wrote:
Hi all
I'm hoping to configure postfix to only apply content filtering to
mail that comes from unauthenticated sources, or outside sources if
that's not possible. Basically, I want unauthenticated email checked
for spam+viruses, but not authenticated email, because we've had the
occasional problem with false positives (using spamassassin). I'm not
especially worried about outbound viruses - we do use desktop AV, and
a virus or worm which makes an unauthenticated SMTP connection on its
own should then get filtered normally.
I've found two options, please tell me if I'm barking up completely
the wrong tree :)
The first is described in a forum post here:
http://mail-archives.apache.org/mod_mbox/spamassassin-users/200410.mbox/%3c00a201c4bef4$766b2ed0$0a00a...@splatter%3e#archives
That page suggests a way to use amavis for non-SASL connections only:
main.cf:
content-filter =
smtpd_sender_restrictions = permit_sasl_authenticated,
check_sender_access regexp:/etc/postfix/amavisd.regexp
amavisd.regexp:
/^/ FILTER smtp-amavis:[127.0.0.1]:10024
I didn't see another reference to doing it this way, so my question
is, is this a workable solution or a terribly bad idea? Will it
achieve what I want, or surprise me by breaking postfix in some new
and interesting way?
This is a valid config and will send only unauthenticated mail
to amavisd. Authenticated mail gets a free pass. Similar
setups are posted here frequently and can be found in the
amavisd-new docs.
Also: is there a more efficient way of matching
everything without using a regular expression?
No. The method shown is correct.
Anyway. If that's not a workable option, I also found what appears to
be an Official Postfix Way:
http://www.postfix.org/FILTER_README.html#remote_only, which describes
how to set up content filters for outside communications only. That
looks promising as an alternative, but it's definitely above my
current competency level (ie: "newbie": that section really didn't
make much sense to me). If this IS the right way to go, I'll give it a
shot and ask for help if I can't figure it out.
This is more flexible, but -- as frequently happens -- when
you add flexibility, complexity comes along for the ride.
-- Noel Jones
