I am configuring 1 PC with one physical Ethernet adapter and 2 IP addresses as an email proxy server. The server accepts mail on the interface 1, runs it through SA, then forwards it to interface 2. Interface 2 accepts the mail, runs it through SA, then forwards the message to our mail server. The reason for running the message through SA twice is the first instance deletes the message with extremely high scores and the second instance just flags the message. Using the debugging commands I can the message get filtered through each instance of spamd. The message headers show the email going through each instance of postfix. The problem is, only the first instance of SA will alter the message. In the second instance of SA I can not rewrite_header Subject ***SPAM*** , I can not add_header all Score _SCORE_, I can not add_header spam, I can not do anything. Using the same local.cf file and having the second instance of Postfix and SA on different physical machine works fine. Any ideas or suggestions? Perhaps this is a bug/feature of SA to discourage this type of set up?
All I have to say is, why are you going through so much trouble?
Use a decent MTA integration tool and you can delete high-scoring messages, and tag all the rest in one pass through SA. Mimedefang, MailScanner and lots of other tools can do this straight off with no hassle.
Besides.. Even if you stay with your existing configuration, why not just have your first pass of SA do the markups, then delete the high scoring messages?? . The first pass should be perfectly capable of doing whatever markups you want. Use the spam-level header to pick off the difference between high and low scoring messages and delete the high-scoring ones after the first SA run. No need for a second run.
I really don't see the point of scanning twice.
