You should take into consideration parallel deliveries with attachments. Due to those cases I'm not in favor of pre-queue filtering. I see it as a risk.
Instead of notifying the sender in case of non-delivery, the recipient (and the admin) can receive notifications. Amavis can generate them for banned, infected and spam content. If you use a quarantine, you can retrieve the message in case of false positives. From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of listserv.traf...@sloop.net Sent: Friday, May 8, 2015 10:03 PM To: Postfix users Subject: Re: spampd + amavis? [pre-accept filtering and amvis] > Wietse: >> There is no difference for the remote SMTP client whether you use >> spampd in "pre-accept" mode, or amavisd-new in "pre-accept" mode. >> Both appraches have the same problem: when it takes too much time >> to inspect a message, the remote SMTP client will time out. <mailto:listserv.traf...@sloop.net> > listserv.traf...@sloop.net: >> But, if I understand correctly, that time-out would be before a >> 250 accept occurs and thus no lost mail, right? [i.e. the sending >> MTA will retry the message up to its limits and then return a >> non-delivery to the sender.] > This is a basic requirement for the SMTP client. Similarly, when > the SMTP server takes responsibility for the message (replies 2xx > to end-of-data) it must not "drop" mail. Last pass [I think] So the FAQ for Amavis: --- The Postfix Before-Queue Content Filter setup, also known as smtpd_proxy setup, is not a supported or recommended setup with amavisd-new, which is not a transparent SMTP proxy by design. See caveats in README_FILES/SMTPD_PROXY_README. This setup might work amavisd-new for low-traffic sites which do not use authentication, but is not recommended. --- This warning is essentially saying that since amavis [as well as spampd] are not fail-open proxies - that if either fails, you might not get mail and will either not accept it at all [connection refused] or fail to ack the data [2XX] and this will cause the sending MTA to defer. So, as you said - *if* spampd was an acceptable "solution" for someone, there's no additional risk to using Amavis as described above. Do, I have that right? --- Finally, is this going to impact SASL/SMTP-Auth? (I don't think so, because postfix is actually taking the connection and passing only the data portion of the message through Amavis [same as spampd.]) Thanks again Weitse! -Greg
