Easy SMTP Filter and Policy Server Intregration with Postfix

As I mentioned yesterday, the Intrepid postfix package has a couple of new scripts to make it easier to integrate SMTP filters and policy servers. They are easy to use, but not very flexible. My goal was to provide something that would pretty well just work for common use cases and at least give you a basis for other uses. Patches welcome.
The bad news is that due to a packaging bug, the man pages for the scripts are not in the Intrepid package. Each filter will give a help output if run with no arguments, however.
postfix-filter-add is meant to assist in integrating content filters such as amavisd-new with Postfix. It is specifically tuned for amavisd-new, so if using it for something else, be sure to check your /etc/postfix/master.cf afterwards and make sure it gave you a suitable result. After installing amavisd-new, you just run the script and then reload postfix. For example, if you want to call your smtpd service for amavisd-new ‘amavislistener’ and you want Postfix to listen at 127.0.0.1:10025 for return traffic from amavisd-new, you run:
sudo postfix-add-filter amavislistener 10025
All the needed master.cf entries will be added.
For policy server integration you have to provide the name of the policy server service you want to use, what user the policy server should run under, and the argument to use to spawn the policy server. Using my postfix-policyd-spf-python as an example package, it would look something like:
sudo postfix-policy-add policyd-spf policyd-spf /usr/bin/policyd-spf
Once again, the needed master.cf entries are added.
The changes needed for main.cf can either be done manually via your favorite editor or via postconf. For the SMTP filter example above, that could be:
sudo postconf -e “content_filter=amavislistener:[127.0.0.1]:10026”
Policy server main.cf entries need to be integrated into your smtpd_*_restrictions. In the case of an SPF policy server as above, doing it in smtpd_recipient_restrictions so it’s done after recipient validation is recommend. You would add a check_policy_service unix:private/policyd-spf in the appropriate place, for example:
smtpd_recipient_restrictions =
reject_authenticated_sender_login_mismatch
check_policy_service unix:private/policyd-spf
permit_sasl_authenticated
permit_mynetworks

reject
It’s not all just clickety-click just yet, but I hope this makes it easier. One capability these scripts do provide is the ability to fully script (in conjunction with postconf) filter and poilcy-server integration. I can imagine that might be of some assistance in large scale deployments (I could envision using these in a FAI installation script).

Advertisements

0 Responses to “Easy SMTP Filter and Policy Server Intregration with Postfix”



  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s





%d bloggers like this: