[SGVLUG] Adding A/V scanning to e-mail processing

Fri Nov 4 01:56:57 PST 2005

Emerson, Tom wrote:
> This (may) be one benefit of running postfix instead of sendmail --
> postfix DOES allow you per-user calls to spamassassin, and by
> extension, per-user preferences.  It takes a bit of getting it
> pounded-into-my-head, but essentially incoming e-mail is rerouted to
> a "filter" [milter] process; this in turn will re-submit the e-mail,
> but since it comes from a different "source", it doesn't get passed
> to spamassassin.  when re-routing a message to a filter, postfix
> allows the use of variables such as "$(user)", "$(sender)",
> "$(recipient)", and so on.  Upon cleaning/tagging, the "local
> delivery" path is taken instead of the "route through spamassassin".

That's interesting.  First, bear in mind that I, like quite a few other 
people, use Cyrus for delivery and storage, and Cyrus is designed as a 
closed system, where mail accounts don't necessarily indicate system 
users, and their passwords are definitely not meant to be the same. 
Often, SpamAssassin just runs with the settings of the user owning that 
process, so it relies on the delivery agent to have been started under 
that user identity.  Of course, there's the -u flag for spamc, which 
avoids this.

If a message is addressed to multiple ${recipient}s, what happens when 
one user has a low threshold and sets the SpamAssassin based filter to 
bounce or discard the message if it is spam?  Does the sender get bounce 
messages back from some of the recipients, but not all, or does nobody 
in that list get the message because one person's settings were restrictive?

These are just the issues I had to deal with.  If these aren't issues on 
postfix then it means the MTA is running the subprocess repetitively, 
which from an SMTP standpoint, seems wrong.  I mean, the DATA portion of 
the conversation is effectively over at that point.  The sending MTA is 
now free to disconnect.  But what if postfix gets a result it wants to 
return a 400 or 500 from?  And on a per-user basis?  Very confusing 
unless DISCARD or OK (but tagging internally) are the only options.