Any best practices for stacking filters?

Wed, 17 Oct 2012 15:57:27 -0700

Right now, we can have up to 4 different processing filters in our configuration, based on what features are enabled. 

In general, we always have:

1) OpenDKIM for signing

Then we almost always have

2) Amavis

Then we sometimes have

3) A Zimbra written Milter service

And rarely

4) A journaling milter
For OpenDKIM, I currently have it set up as a content_filter, which works well as long as Amavis is not also enabled. 

smtp      inet  n       -       n       -       -       smtpd
   -o content_filter=scan:[127.0.0.1]:10029

If Amavis is enabled, it is called as originating vs foreign via:
postconf smtpd_sender_restrictions
smtpd_sender_restrictions = check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_foreign.re 

zimbra@zre-ldap002:~/postfix/conf$ cat tag_as_originating.re
/^/  FILTER smtp-amavis:[127.0.0.1]:10026

zimbra@zre-ldap002:~/postfix/conf$ cat tag_as_foreign.re
/^/  FILTER smtp-amavis:[127.0.0.1]:10024
This of course overrides the content_filter line, so OpenDKIM never fires there. I fixed that by adding -o smtpd_milters=inet:localhost:8465 to the port 10025 re-injection smtpd for Amavis. However, this causes OpenDKIM to run after Amavis executes, when I want it to run prior to Amavis.
The milter server is handled by setting smtpd_milters via postconf, which I haven't tested yet, but I'm pretty certain will override the setting to Amavis. 

The journaling server is handled via smtpd_proxy_filter to the smtp process:
       -o smtpd_proxy_filter=127.0.0.1:10027
So is there an easy/best way to get things to all work & play together at once? I believe if I move OpenDKIM to be a smtpd_proxy_filter, that will allow me to force it to execute before Amavis, but then what do I do for the journaling server? Basically, trying to figure out the best way to force things to flow in the sequence I require which is: 

Journaling (if enabled)
OpenDKIM
Amavis (if enabled)
Milter server (if enabled)

Any insights appreciated!

Thanks,
Quanah

--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Reply via email to