Hi, all,
running Postfix 2.8.6 in combination with MIMEdefang (MD) 2.72.
What I want to achieve is the following: the combination Postfix + MD
should provide per-user anti-spam functionality. In itself this is not a
big problem, but the real problem here is: how to do this for messages
which has multiple recipients? (with that I mean: a single SMTP session
with multiple RCPT TO addresses). For example: one recipient would like
to quarantine a particular message, while another recipient of the same
message would like to get it delivered.
To achieve this I'm experimenting with the MD stream_by_recipient()
function. This means: the MD milter during the first run splits up a
multi-recipient message into separate single-recipient messages and
reinjects them via the sendmail command as a local SMTP submission,
which triggers the MD milter again, but the second time it's applied per
single-recipient message. This doesn't solve all problems, but it is
know to work well, with a regular Sendmail installation.
Question: if there's a more elegant/better way to achieve the same,
please let me know.
As I want to do the same with Postfix, I tried to emulate this behaviour
using:
smtpd_milters = inet:localhost:25000
non_smtpd_milters = inet:localhost:25000
where the smtpd_milters is 'invoked' during initial SMTP enqueue, and
the non_smtpd_milters take care of the 2nd MD 'run'. This seem to work
OK, but there might be a caveat: the author of MD wrote to me:
It looks like it's working. However, there's one caveat: With real Sendmail,
MIMEDefang redelivers the streamed messages using deferred mode. That means
they just get queued up. A short time later, the queue is run and the
remailed messages appear.
This means that if a message has 100 recipients, they get queued up and
then redelivered in a nicely serialized way with limited parallelism. If
Postfix actually redelivers the messages immediately, an N-recipient message
might try to tie up N scanning processes all at about the same time.
I'm not sure if this will be a problem in practice, but it's something to
watch for. You don't want to allow an attacker to DoS your machine by sending
messages to large numbers of recipients and relying on amplification.
It seems MD invokes sendmail using a -odd option (in mimedefang.pl):
Sendmail is invoked with the "-odd" option. If you look for -odd in
mimedefang.pl, you'll find the places where Sendmail is invoked.
What I would like to know is:
1. what is the effect of this option, when used with the
Postfix-provided sendmail image?
2. if the behavior of the Postfix-provided sendmail image is different
from the original Sendmail, is there a way I can still achieve the
same effect (i.e. prevent DoS-like problems for messages with a big
number of recipients)?
For all types of transports this seems to be taken care of with the
parameter destination_recipient_limit, but this does not apply to
milters, as milters are typically invoked during the (SMTP) session. Any
other suggestion to split up a multi-recipient message and apply a
milter like MD to the resulting single-recipient message copies?
Regards,
/rolf
--
output of postconf -n:
$ /usr/local/postfix-2.8.6/sbin/postconf -n
command_directory = /usr/local/postfix-2.8.6/sbin
config_directory = /usr/local/postfix-2.8.6
daemon_directory = /usr/local/postfix-2.8.6/libexec
data_directory = /usr/local/postfix-2.8.6/lib
debug_peer_level = 2
html_directory = /usr/local/postfix-2.8.6/html
inet_interfaces = all
local_recipient_maps = hash:/usr/local/postfix-2.8.6/etc/aliases
mail_owner = postfix
mailq_path = /usr/local/postfix-2.8.6/bin/mailq
manpage_directory = /usr/local/postfix-2.8.6/man
mydestination = $myhostname
mydomain = mydomain.org
myhostname = lynx.mydomain.org
mynetworks = my.ip.add.ress/24, 127.0.0.0/8
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /usr/local/postfix-2.8.6/bin/newaliases
non_smtpd_milters = inet:localhost:25000
queue_directory = /usr/local/postfix-2.8.6/spool
readme_directory = /usr/local/postfix-2.8.6/readme
sample_directory = /usr/local/postfix-2.8.6
sendmail_path = /usr/local/postfix-2.8.6/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname Pleased to meet you
smtpd_milters = inet:localhost:25000
unknown_local_recipient_reject_code = 550
