On 11/9/2010 8:39 AM, Lima Union wrote:
On Tue, Nov 9, 2010 at 10:19 AM, Noel Jones<njo...@megan.vbhcs.org> wrote:
On 11/9/2010 6:18 AM, Lima Union wrote:
hi all! as the subject says I have two noob questions:
(1) if I configure something like 'smtpd_milters =
inet:localhost:10025 inet:localhost:10034' does Postfix respect the
order? I mean, will it processs the mail in order, first milter then
second milter or what? for example, in this case 10025 is the
sid-milter and 10034 is the clamav-milter.
Yes, milters are processed in the order specified.
(2) currently I'm running postgrey (under the
'smtpd_recipient_restrictions' section) but in a new setup I'd like to
have this basic order for an Internet relay server: mail from Internet
-> sid-milter -> postgrey -> clamav-milter, how can I achieve that? I
don't know how Postfix will route internally the message in this case.
The order of internal vs. milter processing is not configurable.
You could switch to a greylist milter, there are several to choose from.
-- Noel Jones
Noel, thanks for your answers.
Last doubt, as far as I understand from the documentation, the milter
processing happends in smtpd(8) before the
'smtpd_recipient_restrictions' (cleanup(8)) check. Thus if I keep my
current configuration for my new setup, using smtpd_milters and
postgrey (under 'smtpd_recipient_restrictions') I'll have the
following routing: mail from Internet -> sid-milter -> clamav-milter
-> all the smtpd_recipient _restrictions included postgrey, is this
correct? I think that this isn't the optimal solution because the
milter checks occur before smtpd_recipient_restrictions where a lot of
client/envelope/rbl/etc cleanup is done.
clamav-milter operates on the message data, so all postfix
smtpd_*_restrictions -- which operate on the envelope -- will
get a chance to reject mail before the data is transmitted.
sid-milter operates on the envelope. It will probably run
before smtpd_recipient_restrictions, but that's not such a big
deal since it's a fairly lightweight process (minimal CPU, but
it does trigger a DNS lookup).
Now that I've had more coffee and can think better, this
modifies the answer I gave earlier -- even though you can't
specify sid-miler > greylist > clamav-milter, that's how it
will effectively run.
-- Noel Jones
I'll be checking for viruses
from clients that don't even send a proper ehlo, etc, thus consuming
cpu resources.
Thanks for any comment about this.
Regards, LU
