On 8/25/2010 7:05 PM, Stan Hoeppner wrote:
Noel Jones put forth on 8/25/2010 4:24 PM:
FILTER is a poor choice for per-recipient filtering. FILTER is a
per-message action, with only one FILTER action per message (if there
are multiple FILTER actions triggered, only the last will be used). If
there are multiple recipients for a message, they all get the same
FILTER action; the last one triggered.
I used a bad example then. I used check_recipient_access simply because
I knew the proper format of the table. What I actually want is a
wildcard, for all users, but I didn't want to type an example with
incorrect syntax. I don't know how to specify all users in the table.
I thought it was just * but I wasn't sure. Anyway, you keyed on the
wrong thing.
The proper solution for per-recipient content filtering is to use
multiple postfix instances.
This isn't what I'm wanting. What I want is something like:
check_client_access hash:/etc/postfix/sa
/etc/postfix/sa
* filter smtp:localhost:783
In that case, don't use an access table with FILTER; use
content_filter or smtpd_proxy_filter to filter all mail.
(For wildcard access tables, use a regexp table. But for this
application, use content_filter.)
if that is the correct syntax and correct TCP port of spamd. I know I
need another smtpd listener on a port other than 25 to accept the mail
back from spamd. Basically all I really need to know is the proper
syntax and table type I need to use in main.cf, and the proper -o
strings for the 2nd smtpd listener. I can assign the TCP port manually
in both spamd and master.cf to match them up. That's the one thing I do
know how to do.
Easy choices for single-recipient filtering:
- use whatever filtering dovecot can provide
- use amavisd-new for everyone; define (not Stan) as
@bypass_spam_checks_maps and @spam_lovers_maps. This would probably be
low enough resource usage to be run as a smtpd_proxy_filter.
Is it not possible to setup this loop with strictly postfix and spamd?
Adding in amavisd-new, as I already mentioned, seems to be simply adding
unneeded complexity.
Postfix can't talk directly to spamc/spamd, you need some glue
to put it together. Some choices:
- a simple content_filter (pipe to a script that reinjects
mail using the postfix sendmail(1) command) as described here:
http://www.postfix.org/FILTER_README.html#simple_filter
The sample script will work with spamc with minor
modifications. I think this is the method described on the SA
wiki, but I haven't looked at it lately.
- advanced content_filter (SMTP-SMTP filtering) as described here:
http://www.postfix.org/FILTER_README.html#advanced_filter
This is where you would use amavsid-new. You might see
comments about amavisd-new being a resource hog, but don't be
scared of it; <90% of the resource usage is SpamAssassin.
You'll get better performance using amavisd-new than using SA
in a simple content_filter, plus the *lovers and *bypass
settings can skip SA completely for specified users.
It's very well documented and well supported by the author and
others on the amavis-users list.
The install instructions are first-rate. Use the official
docs, don't waste your time on random how-to's.
- some other content_filter or proxy. spampd gets good reviews.
- a milter that can use SA.
You have to pick your glue before you can move forward. If
you want to send all (or most) mail through the filter, I
would recommend amavisd-new for it's reliability and
flexibility.
When I first added SA to my filtering several years ago, I
started with a simple content_filter script because it looked
easy to set up. Probably used it about a week before
switching to amavisd-new.
-- Noel Jones
