content-filter with Postfix

Robert Moskowitz rgm at htt-consult.com
Fri Mar 10 05:31:13 CET 2017 

Here is, I think, the best information from the Postfix list:


On 03/09/2017 06:55 PM, Peter wrote:
>> One comment I got over on the amavis list was that not to filter from
>> localhost.  Like mail sent from logwatch.  How does this handle
>> localhost sent mail?
> Those submit through the pickup service, simply donk the content_filter
> on the pickup service similar to how you do it on port 10025.

So, yes to the content_filter in main.cf

And should only need 2 content_filter= in master.cf, for pickup and for 
127.0.0.1:10025

On 03/09/2017 04:33 PM, Mike Ray wrote:
> You will want to avoid re-scanning mail that amavis is injecting back into postfix:
>
> main.cf:
> # send all mail to amavis for analysis
> content_filter = smtp-amavis:[127.0.0.1]:10024
>
> master.cf:
> # amavis re-queues via this, so don't bother re-checking things
> 127.0.0.1:10025 inet    n       -       y       -       -       smtpd
>          -o content_filter=
>
> I believe amavis is hard coded to use port 10025, but I am not completely certain.
>
>
> In the above configuration, everything that is queued into postfix will be sent to amavis. You could add the "-o content_filter=" to other services that you wanted to avoid scanning. I would rather scan it all and be safe, but perhaps you wanna save resources and skip checking local things, so you'd add it to the "pickup" definition. You should read over some of the postfix documentation if you want to remove it from other services: http://www.postfix.org/OVERVIEW.html#receiving
>
>
>
> ----- On Mar 8, 2017, at 2:25 PM, Robert Moskowitz rgm at htt-consult.com wrote:
>
>> On 03/08/2017 02:45 PM, DaLiV wrote:
>>> All is simple:
>>> when you pass to filter ALL mail - then can use main.cf directive ...
>>> but when You want to make diffirent access to diffirent services /IP
>>> or Port based/ then surelly more advisable to use master.cf, where
>>> behavior is defined for each subservice ...
>> And which services would one NOT pass to amavis?  So what you might do
>> is have the global rule and for a couple services that break going to
>> amavis, have them use content_filter=
>>
>> Like maybe amavis itself?  :)
>>
>>> Robert Moskowitz wrote:
>>>> I am on Centos 7.
>>>>
>>>> I am reading a lot of different places, including:
>>>>
>>>> /usr/share/doc/amavisd-new-2.10.1/README_FILES/README.postfix
>>>>
>>>> that seem to imply that main.cf should have
>>>>
>>>> content_filter=amavisfeed:[127.0.0.1]:10024
>>>>
>>>> instead of sprinkling it all over master.cf as a -o line.
>>>>
>>>> Does anyone have any knowledge on this?  if in master.cf, which
>>>> services do NOT use amavis?
>>>>
>>>> thank you
>>>>
>>>>

More information about the amavis-users mailing list