Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Wietse Venema (wietseporcupine.org)
Date: Thu May 14 2009 - 07:57:54 CDT
[ Charset ISO-8859-2 unsupported, converting... ]
> Hallo all. (first sorry for my english)
> I have a small (big) problem with configure Postfix to drop messages with
> In main.cf I have:
> smtpd_milters = local:/...../clamav-milter.sock
> milter_default_action = accept
> if I receive a message from internet, in headers are rows from milters:
> X-Virus-Scanned: clamav-milter 0.95.1 at ...
> X-Virus-Status: Clean
> X-Spam-Flag: YES
> X-Spam-Status: Yes, score=11.6 required=7.0...
> X-Spam-Level: ***********
> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ...
> I think that milters works correctly. I save message as message.txt for
> next row in main.cf is:
> header_checks = regexp:/usr/local/etc/postfix/header_checks
> in header_checks file is:
> /^X-Spam-Status: Yes/ DISCARD
> I test it:
> postmap -q - regexp:/usr/local/etc/postfix/header_checks < message.txt
> I think that header_checks works, because show row:
> X-Spam-Status: Yes, score=11.6 required=7.0... DISCARD
> In master.cf I configure cleanup with -v and I read a log, but rows
> X-Virus... and X-Spam are not in log, that is (I mean) why cleanup do not
> drop messages.
> Can anyone idea? Milters are after cleanup?
Postfix header_checks happen while mail is received.
Milters can add headers only after the end of the email message is
received. That is a feature of the Milter protocol.
The Milter protocol has a DISCARD feature. If you can configure
your application to send SMFIR_DISCARD into Postfix then you are
On the other hand, if header_checks are the only way, it will take
new code (not happening soon) or extra configuration (see example
No code has been written to apply header_checks and body_checks
when Milters add or modify the message content. The question has
never come up, so that could be called an oversight. I don't have
much time to write new code soon, so the next option is better.
You can work around this with a null content filter (Postfix
SMTP client talking directly to Postfix SMTP server on port
10025). Below is a basic example; the text in FILTER_README
provides configurations with more bells and whistles.
1 # ====================================================================
2 # service type private unpriv chroot wakeup maxproc command + args
3 # (yes) (yes) (yes) (never) (100)
4 # ====================================================================
5 smtp inet n - n - - smtpd
6 -o content_filter=smtp:127.0.0.1:10025
7 127.0.0.1:10025 inet n - n - - smtpd
8 -o content_filter=
Line 5-6: this is the Internet-facing SMTP server. We add a content
filter setting that sends mail into localhost port 10025.
Line 7-8: this is an internal SMTP server that receives mail with
the Milter-added headers. This is then subject to header_checks
in the way that you expect it to work. For safety it kills off
any content_filter settings from main.cf.