amavis facing internet directly - good idea or not?
Mark.Martinec+amavis at ijs.si
Wed Mar 16 02:05:40 CET 2011
> Traditionally, I've been setting amavis to work with postfix in a
> following scenario:
> internet -> postfix -> amavis -> postfix -> ...
> I have an application which works as a SMTP server on its own, and I've
> been contemplating the following setup (no real SMTP server like postfix):
> internet -> amavis -> application
> I did a quick setup, and it seems to work correctly.
amavisd does implement the SMTP protocol correctly by the book,
so this does work, however...
> Is this a proper approach?
...it is not a good idea to do so. In a hostile and diverse world of
the internet today it takes more than a correct implementation of the
protocol to offer a reliable, robust service with good functionality.
A mailer serving as an MX needs to handle many concurrent and potentially
slow sessions, needs to have access to a list of valid recipient addresses,
needs a lot of configurable flexibility in its filtering (consider the
vast number of options in the Postfix smtpd_*_restrictions), needs to
handle TLS and SASL, ...
> Maybe I should rather choose this approach:
> internet -> postfix -> amavis -> postfix -> application
> Could anyone give some pros and cons of both setups?
Yes, this is a sensible approach. If your application can handle the
full SMTP or LMTP protocol correctly and in a timely manner you may
consider feeding mail from amavisd to the application directly, not
via another hop through postfix. If this can not be assured, it is
more reliable (but a bit less effective) to go through Postfix, as
your diagram shows.
More information about the amavis-users