kchr/content_filter.sh

## content_filter.sh

#!/bin/sh
#
# This file is defined as a transport pipe in postfix master.cf
# See postfix-scanner/{main,master}.cf example files for sample configuration
#
INSPECT_DIR=/var/spool/postfix/scanner
SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here.

# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69

# Clean up when done or when aborting.
trap "rm -f in.$$ out.$$" 0 1 2 3 15

# Start processing.
cd $INSPECT_DIR || {
    echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }

cat >in.$$ || {
    echo Cannot save mail to file; exit $EX_TEMPFAIL; }

# Specify your content filter here.
cat in.$$ | spamassassin | clamassassin >out.$$

$SENDMAIL "$@" <out.$$

exit $?

## main.cf
## postfix/main.cf
##
## Your normal postfix configuration goes in here.

[...]

# Use procmail as final mailbox delivery agent (run by uid who gets the mail)
# $EXTENSION is the mailbox expanded (for example: user+newsletter)
mailbox_command = procmail -a "$EXTENSION"

## master.cf
## postfix/master.cf
##
## This file contains a table of default transport methods.

[...]

## Content filter local smtp transport (pre-delivery)
##
## Define listening smtp transport that forces content_filter=mailscan
## (which is the pipe transport we set up later below)
## The options set here becomes local for that specific smtp service only.
## This makes postfix also listen on port 10025 but relay those messages to our pipe.
##
## This has the side effect of "normal"/local mail being routed directly through
## postfix to procmail, and external mail (delivered to port 10025 by imap/pop3
## client) is queued and scanned separately before delivery route takes place.
##
## Use this transport for incoming mail from fetchmail or offlineimap.
##
## Messages that comes to postfix in another way/service/transport is not affected
## at all. To use content filter for all mail, set content_filter=mailscan in your
## main.cf.
##
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
127.0.0.1:10025 inet n  -       n       -       -       smtpd
              -o content_filter=mailscan
              -o local_recipient_maps=
              -o relay_recipient_maps=
              -o smtpd_restriction_classes=
              -o smtpd_client_restrictions=
              -o smtpd_helo_restrictions=
              -o smtpd_sender_restrictions=
              -o smtpd_recipient_restrictions=permit_mynetworks,reject
              -o mynetworks=127.0.0.0/8
              -o strict_rfc821_envelopes=yes
              -o smtpd_error_sleep_time=0
              -o smtpd_soft_error_limit=1001
              -o smtpd_hard_error_limit=1000

## The local transport we set up above will use this pipe as delivery method.
## It will be queued and processed in order - <maxproc> message(s) at a time.
## This makes it possible to batch download a large number of messages in
## parallel, and queue them up in postfix for scanning and end-user delivery.
##
## The example pipe (content_filter.sh) ends by calling the postfix sendmail
## binary, which puts the message back into the postfix queue again - but this
## time using the normal delivery transport (which has been left untouched).
## From here on you will have to configure postfix to actually deliver the mail.
## Personally i use procmail as mailbox_command in main.cf.
##
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
[...]
mailscan unix   -       n       n       -       1       pipe
              flags=Rq user=debian-spamd
              argv=/var/spool/postfix/scanner/content_filter.sh -f ${sender} -- ${recipient}

	#!/bin/sh
	#
	# This file is defined as a transport pipe in postfix master.cf
	# See postfix-scanner/{main,master}.cf example files for sample configuration
	#
	INSPECT_DIR=/var/spool/postfix/scanner
	SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here.

	# Exit codes from <sysexits.h>
	EX_TEMPFAIL=75
	EX_UNAVAILABLE=69

	# Clean up when done or when aborting.
	trap "rm -f in.$$ out.$$" 0 1 2 3 15

	# Start processing.
	cd $INSPECT_DIR \|\| {
	echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }

	cat >in.$$ \|\| {
	echo Cannot save mail to file; exit $EX_TEMPFAIL; }

	# Specify your content filter here.
	cat in.$$ \| spamassassin \| clamassassin >out.$$

	$SENDMAIL "$@" <out.$$

	exit $?
	## postfix/main.cf
	##
	## Your normal postfix configuration goes in here.

	[...]

	# Use procmail as final mailbox delivery agent (run by uid who gets the mail)
	# $EXTENSION is the mailbox expanded (for example: user+newsletter)
	mailbox_command = procmail -a "$EXTENSION"
	## postfix/master.cf
	##
	## This file contains a table of default transport methods.

	[...]

	## Content filter local smtp transport (pre-delivery)
	##
	## Define listening smtp transport that forces content_filter=mailscan
	## (which is the pipe transport we set up later below)
	## The options set here becomes local for that specific smtp service only.
	## This makes postfix also listen on port 10025 but relay those messages to our pipe.
	##
	## This has the side effect of "normal"/local mail being routed directly through
	## postfix to procmail, and external mail (delivered to port 10025 by imap/pop3
	## client) is queued and scanned separately before delivery route takes place.
	##
	## Use this transport for incoming mail from fetchmail or offlineimap.
	##
	## Messages that comes to postfix in another way/service/transport is not affected
	## at all. To use content filter for all mail, set content_filter=mailscan in your
	## main.cf.
	##
	# ==========================================================================
	# service type private unpriv chroot wakeup maxproc command + args
	# (yes) (yes) (yes) (never) (100)
	# ==========================================================================
	127.0.0.1:10025 inet n - n - - smtpd
	-o content_filter=mailscan
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_client_restrictions=
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o mynetworks=127.0.0.0/8
	-o strict_rfc821_envelopes=yes
	-o smtpd_error_sleep_time=0
	-o smtpd_soft_error_limit=1001
	-o smtpd_hard_error_limit=1000

	## The local transport we set up above will use this pipe as delivery method.
	## It will be queued and processed in order - <maxproc> message(s) at a time.
	## This makes it possible to batch download a large number of messages in
	## parallel, and queue them up in postfix for scanning and end-user delivery.
	##
	## The example pipe (content_filter.sh) ends by calling the postfix sendmail
	## binary, which puts the message back into the postfix queue again - but this
	## time using the normal delivery transport (which has been left untouched).
	## From here on you will have to configure postfix to actually deliver the mail.
	## Personally i use procmail as mailbox_command in main.cf.
	##
	# ==========================================================================
	# service type private unpriv chroot wakeup maxproc command + args
	# (yes) (yes) (yes) (never) (100)
	# ==========================================================================
	[...]
	mailscan unix - n n - 1 pipe
	flags=Rq user=debian-spamd
	argv=/var/spool/postfix/scanner/content_filter.sh -f ${sender} -- ${recipient}