* Jimmy Thrasibule <thrasibule.ji...@gmail.com>:
> Hi,
>
> I'm wondering what is the correct architecture and configuration to
> setup a multilayer mail handling? What I have in mind is something
> more like what we can found in Web platform architectures.
>
> 1. First layer does first checks: user authentication (if mail to be
> sent), greylisting, RBL checks and SSL offloading. If all checks are
> OK request is proxied to layer 2.
Connection Filter: Read into postscreen, anvil, rate limiting
> 2. Second layer, will actually handle the SMTP connection proxied by
> layer 1, no major checks should be done as already made by layer 1.
Session Filter: Read into smtpd_*_restrictions, header_ and body_checks,
Postfix POLICY protocol
> 3. Finally, layer 3 to do some virus checks on received emails and
> maybe some other things I can't think about.
Content Filter: Read into content_filter, smtpd_proxy_filter, MILTER
> Do you have some pointers on how to set up such a mail stack where
> each layer can be on multiple other hosts?
Connection and most of the Session filters take place within the same Postfix
instance. You may offload external policy services and content filtering to
multiple other hosts. You may offlload even more if you queue first, reject
later, but I don't recommend that. I'd reject as early as possible.
p@rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
