Postfix How to deploy multiple content filter

The Postfix mail server can use Content_filter to scan messages (viruses, ads, etc.) when receiving mail. By consolidating a centralized e-mail content filter, such as Amavis or Mailscanner, Postfix can use a single call for multiple scans. This is great, but some filters are difficult or almost impossible to integrate into a centralized filter. This is a problem, especially if your postfix system has installed some centralized Content_ Filter. Can we solve this problem, of course. This document will give you one of many possible solutions. Your steps may be different depending on your configuration.

In the case, we assume that we need a mail system that runs Postfix,amavis (including various plug-ins) and Avira mailgate. Postfix has been configured to use the Amavis system as a content_filter. MailGate cannot be consolidated through Amavis, so it uses a single content_filter.

Amavis configuration: Amavis listens on 10026 ports and forwards via 10027 ports.

The code is as follows
$inet _socket_port = 10026; Forward_method => ' smtp:[127.0.0.1]:10027 ';

MailGate configuration: MailGate listens on 20024 ports and forwards via 20025 ports.

The code is as follows
listenaddress localhost Port 20024 Forwardto Smtp:localhost Port 20025

Postfix need to configure two filters.

This can be done via a threaded filter: Incoming messages are first submitted to Postfix Content_filter, (Www.3lian.net then content_filter the scanned message to Postfix. After the scan, the message is transmitted to the second Content_. Filter. Finally sent to the user's hands. Our chain is like this: Postfix > MailGate > Postfix > Amavisd-new >

code is as follows

Postfix > User main.cf: Content_filter = smtp:127.0. 0.1:20024 master.cf localhost:20025 inet n-n--smtpd -o content_filter=smtp:127.0.0.1:10026 127.0.0 .1:10027 inet N-n--smtpd -o content_filter=-o smtpd_delay_reject=no-o Ks,reject -o smtpd_helo_restrictions=-o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_ Mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o Smtpd_soft_ error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client _connection_rate_limit=0 -O receive_oveRride_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -O local_header_rewrite_clients=

In this way, Postfix submits all incoming mail to port 20024 mailgate,mailgate and then passes the scan results back to 20025 Postfix.postfix running an additional SMTP service on port 20025. This service also contains a content_filter, so all messages reaching port 20025 will be passed to Port 10026. Amavis listens on port 10026, so the mail will be scanned by Aamavis. Amavis delivers mail to port 10027 after the scan is complete. Instead of running the SMTP service provided on port 10027, this message reaches the end of the chain, The mail will be mailed to the user.

Another example of a configuration may be as follows:

The code is as follows

In MAIN.CF: # Send email to AMAVISD Content_filter = amavisd:[127.0.0.1]:10024 In MASTER.CF: # AMAVISD AMAVISD Unix--N-2 lmtp -O lmtp_data_done_timeout=1200s -O Disable_dns_lookups=yes # Receive email from AMAVISD # and then send email to Altermine 127.0.0.1:10025 inet n-n--SMTPD -O Content_filter=altermine # Receive email from 127.0.0.1:10025 Altermine Unix--N-2 pipe ... # Receive email from altermine 127.0.0.1:20025 inet n-n--SMTPD -O content_filter= -O ...

The entire process is: postfix-> amavisd:[127.0.0.1]:10024-> postfix-> altermine-> postfix-> User