We are running SpamAssassin as a content filter from Postfix.
Here's what we have in master.cf
smtp inet n - n - - smtpd
-o content_filter=spamchk:dummy
spamchk unix - n n - 10 pipe
flags=Rq user=spammonster argv=/usr/local/bin/spamchk -f ${sender} -- ${recipient}
This is working. However, apparently the spamchk content filter is
running _before_ Postfix rejects mail to non-existent addresses.
Given that 95% of our inbound mail is to non-existent addresses, this
is terribly inefficient.
Unfortunately I have no clue how to order the PostFix processing to
ensure that the address check comes before the content filter. (I
naively thought this would be the "normal" ordering.)
Here's what we've got in our Postfix config files
master.cf
# Services
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=spamchk:dummy
pickup fifo n - n - 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n - 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n - 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
spamchk unix - n n - 10 pipe
flags=Rq user=spammonster argv=/usr/local/bin/spamchk -f ${sender} -- ${recipient}
========================================================================
main.cf
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
default_destination_concurrency_limit = 5
default_process_limit = 500
disable_vrfy_command = yes
inet_interfaces = all
initial_destination_concurrency = 2
local_destination_concurrency_limit = 2
local_recipient_maps = $virtual_alias_maps $alias_maps
mailbox_size_limit = 0
masquerade_domains = cfcl.com
message_size_limit = 10240000
mydestination = $myhostname,$mydomain
mydomain = cfcl.com
myhostname = g3po.cfcl.com
mynetworks = /etc/postfix/mynetworks
smtp_helo_name = $mydomain
smtpd_banner = $mydomain ESMTP $mail_name
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
strict_rfc821_envelopes = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit
