I'm a little unsure about best practice here, hence the question.
Running /usr/sbin/spamd from the SpamAssassin package to scan mail, I've
integrated it into /etc/postfix/master.cf with the following
lines
---
smtp inet n - n - - smtpd -o
content_filter=spamassassin
...
spamassassin unix - n n - - pipe
flags=Rq user=spamd argv=/usr/bin/spamc -u ${user}@${domain}
-e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
---
And then in /etc/postfix/main.cf there's added the line
---
spamassassin_destination_recipient_limit = 1
---
However, this scans both incoming and outgoing mail, but for outgoing I
plan on using rate-limiting to avoid spamming the net (to much), in
case an account gets hacked.
So I searched the web, and constructed this alternative to use in
master.cf
---
26 inet n - n - - smtpd -o content_filter=spamassassin
smtp inet n - n - - smtpd
---
Using iptables, all incoming connections to port 25 could then be
directed to port 26. The server only have one ip-address.
The question then is, is this a practical solution, or can it be done
smarter, for example with less work and without using iptables, or
maybe some other way entirely?
