You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Roger Walters <wa...@gmail.com> on 2015/03/10 23:39:04 UTC
Chain content filters in Postfix
Hello,
I have my Postfix configured so smtp is filtered by SpamAssassin:
smtp inet n - - - - smtpd -o
content_filter=spamassassin
spamassassin unix - n n - - pipe
user=debian-spamd argv=/usr/bin/spamc -f -e /usr/bin/python
/opt/another_filter.py
So my aim is to make that the result of SpamAssassin is not directly
injected back to Postfix again but it should be processed by another pipe
filter instead.
If the second script (another_filter.py) determines that the e-mail is OK,
there's no problem with injecting it via the sendmail command.
However, if the second filter determines that the message should be
rejected, it should propagate that state back to SpamAssassin and be the
latter who tells Postfix the final status.
I don't know how to make SpamAssassin collect the status of the
another_filter.py filter and act accordingly. Could someone shed some light
on this?
Thank you,
Roger
Re: Chain content filters in Postfix
Posted by Oli Schacher <ol...@fuglu.org>.
On Wed, 11 Mar 2015 08:23:41 +0000
Roger Walters <wa...@gmail.com> wrote:
> Thank you both Axb and Reindl Harald for your answers. I finally tried
> Fuglu because I wanted to keep the rest of the scripts independent
> instead of integrating them into a milter, and seems that it works
> nicely, I didn't know that one! Thanks for this great hint!
>
glad to hear that ;)
To integrate your existing *.py filters into fuglu you could create a simple wrapper plugin
( http://gryphius.github.io/fuglu/plugins-index.html#writing-your-own-plugins )
If you need any help feel free to join fuglu's mailing list at
http://fuglu.org/mailman/listinfo/fuglu-users_fuglu.org
Cheers
Oli (fuglu developer)
Re: Chain content filters in Postfix
Posted by Roger Walters <wa...@gmail.com>.
Thank you both Axb and Reindl Harald for your answers. I finally tried
Fuglu because I wanted to keep the rest of the scripts independent instead
of integrating them into a milter, and seems that it works nicely, I didn't
know that one! Thanks for this great hint!
Regards,
Roger
2015-03-10 22:57 GMT+00:00 Axb <ax...@gmail.com>:
> On 03/10/2015 11:39 PM, Roger Walters wrote:
>
>> Hello,
>>
>> I have my Postfix configured so smtp is filtered by SpamAssassin:
>>
>> smtp inet n - - - - smtpd -o
>> content_filter=spamassassin
>>
>> spamassassin unix - n n - - pipe
>> user=debian-spamd argv=/usr/bin/spamc -f -e /usr/bin/python
>> /opt/another_filter.py
>>
>> So my aim is to make that the result of SpamAssassin is not directly
>> injected back to Postfix again but it should be processed by another pipe
>> filter instead.
>>
>> If the second script (another_filter.py) determines that the e-mail is OK,
>> there's no problem with injecting it via the sendmail command.
>>
>> However, if the second filter determines that the message should be
>> rejected, it should propagate that state back to SpamAssassin and be the
>> latter who tells Postfix the final status.
>>
>> I don't know how to make SpamAssassin collect the status of the
>> another_filter.py filter and act accordingly. Could someone shed some
>> light
>> on this?
>>
>>
> I'd use some real glue instead direct Postfix pipes to spamc.
>
> amavisd-new or even better Fuglu (in Python) which has a plugin framework
> so you can insert your "another_filter.py" into the flow, wherever you want
> it and feed the results back into SA via pseudo headers, etc.
>
> http://fuglu.org/
>
> Docs on
> http://gryphius.github.io/fuglu/
> http://gryphius.github.io/fuglu/plugins-index.html
>
> h2h
>
> Axb
>
Re: Chain content filters in Postfix
Posted by Axb <ax...@gmail.com>.
On 03/10/2015 11:39 PM, Roger Walters wrote:
> Hello,
>
> I have my Postfix configured so smtp is filtered by SpamAssassin:
>
> smtp inet n - - - - smtpd -o
> content_filter=spamassassin
>
> spamassassin unix - n n - - pipe
> user=debian-spamd argv=/usr/bin/spamc -f -e /usr/bin/python
> /opt/another_filter.py
>
> So my aim is to make that the result of SpamAssassin is not directly
> injected back to Postfix again but it should be processed by another pipe
> filter instead.
>
> If the second script (another_filter.py) determines that the e-mail is OK,
> there's no problem with injecting it via the sendmail command.
>
> However, if the second filter determines that the message should be
> rejected, it should propagate that state back to SpamAssassin and be the
> latter who tells Postfix the final status.
>
> I don't know how to make SpamAssassin collect the status of the
> another_filter.py filter and act accordingly. Could someone shed some light
> on this?
>
I'd use some real glue instead direct Postfix pipes to spamc.
amavisd-new or even better Fuglu (in Python) which has a plugin
framework so you can insert your "another_filter.py" into the flow,
wherever you want it and feed the results back into SA via pseudo
headers, etc.
http://fuglu.org/
Docs on
http://gryphius.github.io/fuglu/
http://gryphius.github.io/fuglu/plugins-index.html
h2h
Axb
Re: Chain content filters in Postfix
Posted by Reindl Harald <h....@thelounge.net>.
Am 10.03.2015 um 23:39 schrieb Roger Walters:
> Hello,
>
> I have my Postfix configured so smtp is filtered by SpamAssassin:
>
> smtp inet n - - - - smtpd -o
> content_filter=spamassassin
>
> spamassassin unix - n n - - pipe
> user=debian-spamd argv=/usr/bin/spamc -f -e /usr/bin/python
> /opt/another_filter.py
>
> So my aim is to make that the result of SpamAssassin is not directly
> injected back to Postfix again but it should be processed by another
> pipe filter instead
you maybe better served by running as milter
* that way there is no re-inject at all
* the first milter with a reject stops the processing
* you can use withelist and OK restricitions without bypass contentfilters
smtpd_milters = unix:/run/spamass-milter/spamass-milter.sock,
unix:/run/clamav-milter/clamav-milter.socket
the reason why clamav is running here after SA is because SA rejects
most malware mails and finally a lot more than clamav so for the
majority of spam/malware mails only one filter is running (even the fact
that clamav is faster in prcoessing it safes ressources)