How to configure multiple postfix content filters?

Discussion:

(too old to reply)

Mike Schleif

2016-03-03 19:08:23 UTC

Centos: 7.2.1511 (Core)
postfix: 2.10.1
amavisd-new: 2.10.1

This postfix server was designed to run as follows, which it has done for
several months without incident:

Original filter-only:
master.cf:
smtp inet n - n - - smtpd
-o content_filter=filter:dummy

filter unix - n n - 10 pipe
flags=Rq user=filter null_sender=
argv=/var/spool/filter/bin/filter.sh -f ${sender} -- ${recipient}

Now, I'm tasked with retrofitting spamassassin on same host, which works
using
following configuration:

Spamassassin-only:
master.cf:
smtp inet n - n - - smtpd
-o content_filter=spamassassin

spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}

Our problem is using _both_ spamassassin and filter, preferably in that
order.

postfix-users pointed me to: amavisd-new, which I have installed. This
works properly, regarding spam & virus.

How need I configure postfix to first call amavisd-new, then use "filter?"

Patrick Ben Koetter

2016-03-03 21:39:45 UTC

Permalink

Mike,

what is it, that filter.sh does? Is it something amavis can do as well?
I'm asking because maybe we can simplify your setup.

Post by Mike Schleif
Now, I'm tasked with retrofitting spamassassin on same host, which works
using
smtp inet n - n - - smtpd
-o content_filter=spamassassin
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
Our problem is using _both_ spamassassin and filter, preferably in that
order.
postfix-users pointed me to: amavisd-new, which I have installed. This
works properly, regarding spam & virus.
How need I configure postfix to first call amavisd-new, then use "filter?"
<http://twitter.com/mikeschleif>

--
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Patrick Ben Koetter

2016-03-03 21:50:57 UTC

Permalink

Post by Mike Schleif
Centos: 7.2.1511 (Core)
postfix: 2.10.1
amavisd-new: 2.10.1
This postfix server was designed to run as follows, which it has done for
smtp inet n - n - - smtpd
-o content_filter=filter:dummy
filter unix - n n - 10 pipe
flags=Rq user=filter null_sender=
argv=/var/spool/filter/bin/filter.sh -f ${sender} -- ${recipient}
Now, I'm tasked with retrofitting spamassassin on same host, which works
using
smtp inet n - n - - smtpd
-o content_filter=spamassassin
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
Our problem is using _both_ spamassassin and filter, preferably in that
order.

amavis seems a little over if all you need is spamassassin. You might get away
with less, if you hook spamassassin into Postfix via the spamassassin MILTER
program "spamass-milter".

Using spamass-milter you will be able to pre-queue scan messages. Spamassassin
can classify the messages and add a score. Then the message will be accepted,
written to the queue and sent of to your filter.sh script.

In pseudo-code:

smtp inet n - n - - smtpd
-o smtpd_milters=inet:127.0.0.1:20025
-o content_filter=spamassassin

spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}

inet:127.0.0.1:20025 would be where the spamass-milter listens for incoming
connections. It would pass on the message via spamc to spamd. The scan result
would be handed back in reverse order.

***@rick

Mike Schleif

2016-03-04 14:02:52 UTC

Permalink

Post by Patrick Ben Koetter
Mike,

Post by Mike Schleif
smtp inet n - n - - smtpd
-o content_filter=filter:dummy
filter unix - n n - 10 pipe
flags=Rq user=filter null_sender=
argv=/var/spool/filter/bin/filter.sh -f ${sender} -- ${recipient}

what is it, that filter.sh does? Is it something amavis can do as well?
I'm asking because maybe we can simplify your setup.

No.

This server was built to consolidate several legacy servers, primarily to
do special header rewrites for a subset of all email received by this
company. It is unique code developed to do such rewrites and it does it
well.

After several months of doing this task without incident, others decided to
retrofit spam & av to this box, which had been done problematically
elsewhere.

I think that I have this working; but, I'm totally new to amavis, and I'm
no expert on postfix. I want to find the simplest way to chain these
processes, set it and forget it ...

Thank you.

Mike Schleif

2016-03-04 14:58:00 UTC

Permalink

Post by Mike Schleif

Post by Patrick Ben Koetter
Mike,

what is it, that filter.sh does? Is it something amavis can do as well?
I'm asking because maybe we can simplify your setup.

No.
This server was built to consolidate several legacy servers, primarily to
do special header rewrites for a subset of all email received by this
company. It is unique code developed to do such rewrites and it does it
well.
After several months of doing this task without incident, others decided
to retrofit spam & av to this box, which had been done problematically
elsewhere.
I think that I have this working; but, I'm totally new to amavis, and I'm
no expert on postfix. I want to find the simplest way to chain these
processes, set it and forget it ...
Thank you.

I have (4) questions at this point:

1) Can "filter" be run from amavisd?

2) If "filter" can be run from amavisd, should it?

3) Is it best to run "filter" from postfix? If so, how?