Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

What order do multiple milters & proxies get processed in?

436 views
Skip to first unread message

Rob Arista

unread,
Apr 15, 2011, 11:22:21 PM4/15/11
to
Heya.

I've had a really simple Postfix server running for a couple of
months. I managed to get a decent hang of smtpd_*_restrictions and
been rejecting a bunch of spam. Not enough though so I'm looking to
do some more protection.

I've been reading about AddOns, and the lots of available ProxyFilters
and Milters.

I printed out and read the SMTPD_PROXY_README and MILTER_README
how-tos. Lots of info, but I got different ones working ones working
one at a time on a test box.

In the MILTER docsument there's a Limitation setcion that says "When
you use the before-queue content filter for incoming SMTP mail (see
SMTPD_PROXY_README), Milter applications have access only to the SMTP
command information; they have no access to the message header or
body, and cannot make modifications to the message or to the envelope.
"

Does that mean I can't use both? I was going to try something like

smtpd inet - - n - - smtpd
-o smtpd_proxy_filter=inet:127.0.0.1:12345
-o smtpd_milters=inet:127.0.0.1:54321
..........

Can I do both in the same place like that? And what order to the
hand-offs to the proxy and milter happen in? Is it asynchronous, or
does is depend on the order they're written in the config file?

Sorry if I'm not seeing it right it front of me.

-- Bob

Wietse Venema

unread,
Apr 16, 2011, 8:21:13 AM4/16/11
to
Rob Arista:

> Heya.
>
> I've had a really simple Postfix server running for a couple of
> months. I managed to get a decent hang of smtpd_*_restrictions and
> been rejecting a bunch of spam. Not enough though so I'm looking to
> do some more protection.
>
> I've been reading about AddOns, and the lots of available ProxyFilters
> and Milters.
>
> I printed out and read the SMTPD_PROXY_README and MILTER_README
> how-tos. Lots of info, but I got different ones working ones working
> one at a time on a test box.

Allow me to repeat the HTML/ASCII art in Postfix documentation.

The before-queue filter model is:

smtpd -> before queue filter -> smtpd -> cleanup -> queue

The Milter filter model for SMTP submission is:

smtpd+smtpd_milters -> cleanup -> queue

Where smtpd gives the SMTP commands to the Milter, and where cleanup
gives the header and body to the Milter.

To combine the two models:

smtpd -> before queue filter -> smtpd+smtpd_milters -> cleanup -> queue

Wietse

Rob Arista

unread,
Apr 16, 2011, 12:15:57 PM4/16/11
to
On Sat, Apr 16, 2011 at 5:21 AM, Wietse Venema <wie...@porcupine.org> wrote:
> smtpd -> before queue filter -> smtpd -> cleanup -> queue
>
> The Milter filter model for SMTP submission is:
>
> smtpd+smtpd_milters -> cleanup -> queue
>
> Where smtpd gives the SMTP commands to the Milter, and where cleanup
> gives the header and body to the Milter.
>
> To combine the two models:
>
> smtpd -> before queue filter -> smtpd+smtpd_milters -> cleanup -> queue

Wan't clear for me right away from those diagrams if it was going to be

smtpd -> before queue filter -> smtpd+smtpd_milters -> cleanup -> queue

or

smtpd+smtpd_milters -> before queue filter -> smtpd -> cleanup -> queue

Thanks for the answer.

--Bob

Wietse Venema

unread,
Apr 16, 2011, 2:44:35 PM4/16/11
to
Rob Arista:

The "before queue filter" comes before smtpd/cleanup.

The Milter comes after smtpd/cleanup.

Wietse

0 new messages