Linux – Configure postfix to filter email into hold queue

emaillinuxpostfixspam-filter

I would like postfix to send all emails received on SMTP off to an
external process, which will decide whether to allow them through as
normal, or whether to put them into the hold queue (or another
quarantine area), where they have to wait for admin approval.

I was thinking of doing this with an after-queue content filter, which
uses pipe(8) to run a script on each message, and the script itself
will spawn "postsuper -h " if it decides to put the message
on hold.

Then the admin can do postsuper -d or -r to delete or pass the message
on as appropriate.

So, my questions are – a) will this work, and b) is this the best way
to do it? Would a milter or another type of content filter be a better
approach?

Best Answer

This is actually the way MailScanner works, so it might be an idea to have a look at the setup documentation for MailScanner/Postfix here. Basically, all email is sent to a hold queue, MailScanner scans it, and anything that's passes is put into the outbound queue.

Hopefully, ignoring the MailScanner specific parts of the doc, you'll be able to extract the Postfix setup you need.

Related Solutions

Linux – Postfix – how to retry delivery of mail in queue

According to postqueue(1) you can simply run postqueue -f to flush your mail queue. If the mails aren't delivered after flushing the queue but are being requeued instead, you might want to check your mail logs for errors.

Taking a peek at postsuper(1) might also be helpful. Maybe the messages are on hold and need to be released first.

Mailscanner & Postfix: HOLD everything except messages with a custom header

Yes there is even a solution. It is called header_checks and is part of the *_restrictions. The format (dependent on what you want) is described at it's own documentation.

But I can't recommend using after-queue-filters like Mailscanner and Spamassassin. The better way to reduce Spam and inform the sender are before-queue-filters like the built-in postscreen, client_restrictions, sender_restrictions, recipient_restrictions, before-queue milters and external tools like policyd-weight.

Only before-queue-filters reduce the load and resources on the server and can block 80% of all Spam before they even reach the server. Mailscanner in particular is on my personal "hate-list" as it only has a crippled integration into Postfix and is not able to use Postfix' built-in interfaces for anti-spam filters and filters in general.

Edit: Due to the edited question, I will answer that now.

FILTER is not an action that stops Postfix from working on the header_checks-file. It only tells "when I'm finished with the checks I'll filter". And so the next line matches and sets the mail on hold.

The solution (even if it looks crippled) is this header_checks-file:

/^X-Custom-Header:/ FILTER smtp:[ip.addr.next.hop]:10025
/^X-Custom-Header:/ OK
/^Received:/ HOLD

Best Answer

Related Solutions

Linux – Postfix – how to retry delivery of mail in queue

Mailscanner & Postfix: HOLD everything except messages with a custom header

Related Topic