On 5/17/2012 11:44 PM, /dev/rob0 wrote: > On Thu, May 17, 2012 at 11:22:04PM -0500, Stan Hoeppner wrote: >> From: http://www.postfix.org/FILTER_README.html >> >> /etc/postfix/master.cf: >> # ============================================================= >> # service type private unpriv chroot wakeup maxproc command >> # (yes) (yes) (yes) (never) (100) >> # ============================================================= >> smtp inet ...other stuff here, do not change... smtpd >> -o content_filter=filter:dummy >> >> The "-o content_filter" line causes Postfix to add one content >> filter request record to each incoming mail message, with content >> "filter:dummy". This record overrides the normal mail routing and >> causes mail to be given to the content filter instead. >> >> >> >> Until reading the above many times, based on previous discussions >> here, I was under the impression that even with content_filter >> enabled here as an after queue filter, messages rejected by >> smtpd_foo_restrictions or header_checks would indeed be rejected >> instead of being piped to the content_filter. > > Right. > >> The above documentation seems to suggest that every message >> entering via the smtpd service will be routed to the content_filter >> no matter what, making all smtpd_foo_restrictions useless. Please >> tell me I'm misreading the above, that smtpd_foo_restrictions take >> precedence over content_filter implemented as above in master.cf. > > Mail routing is only applicable after the mail is accepted. > smtpd_foo_restrictions can and often do decide not to accept mail.
Thanks for the clarification Rob. > Note that you must disable restrictions on the reinjection from > content_filter. You do NOT want to reject at that point, because it > is risking backscatter. Of course. But this is mostly a concern only when using SMTP for reinjection. I'm currently looking at using the sendmail command for reinjection. So I should only possibly need to disable header_checks in the master.cf service definition, though after a quick look they won't pose a problem if left enabled (but for tiny CPU burn). I've historically been opposed to using content filters for various reasons, as some here may recall me stating, probably mostly on other lists. That said, I've recently been toying with the idea of taking SA for a test drive, using spamc/spamd and sendmail reinjection-the "easy method" so some state. A little OT, but I'd like to ask, as I've not been able to find real information via Google. What's the memory consumption of a single spamd process using the default SA configuration? Maybe a better question is how much real RAM is SA eating on systems folks here have in production? Thanks. -- Stan
