On 10/19/07, David B Funk <[EMAIL PROTECTED]> wrote: > On Fri, 19 Oct 2007, Noel Jones wrote: > > > On 10/19/07, Yoda Woda <[EMAIL PROTECTED]> wrote: > > > Here my scenario: I have postfix and spamassassin installed in a gateway > > > machine. Postfix accepts incoming messages, pipes them to spamassassin > > > for > > > scoring, which then pipes them back to postfix to be relayed to another > > > machine. This work fine for us > > > > > > What I am trying to do now is to have spamassassin reject a message (say > > > if > > > the score is above 5) before it is re-injected back to postfix for relay. > > > How can I accomplish this. Here is my master.cf: > > > > Don't reject messages once postfix has accepted them. This makes you > > a backscatter source and will eventually get you blacklisted. > > > > You can discard messages that are over some score threshold by either > > using a postfix header_checks rule in the reinjection postfix > > instance, or better, run spamassassin under amavisd-new and use it to > > quarantine/discard messages over some score. > > Using sendmail and a milter it is easily possible to do a proper > reject (571) at incoming SMTP time. How can this be properly done > using postfix? Currently I use sendmail+milter in my MXs, I've thought > about switching to postifx but dont want to lose that functionality. > > Dave
Postfix supports milters, use version 2.4.5 or newer for best results. You should be able to continue using your existing milter if you like its feature set. Postfix also supports pre queue filtering with the smtpd_proxy_filter setting. Amavisd-new is one example of a program that can be used in this manner (but it's recommended to use amavisd-new as a post-queue content_filter). See postfix docs or postfix-users list for details. Note that when using any kind of pre-queue filtering, whether via a milter or a proxy, peak throughput is limited to the throughput of the filter. Running a resource intensive filter such as SpamAssassin pre-queue is best limited to small sites or larger sites that can allocate enough hardware to handle the expected peak load. -- Noel Jones
