Postfix check outgoing mail for spam
Solution 1:
Below is a config "stub" for also checking outgoing messages.
In main.cf:
smtpd_sender_restrictions =
check_client_access cidr:/etc/postfix/internal_clients_filter
And: /etc/postfix/internal_clients_filter
192.168.0.0/24 FILTER smtp:[127.0.0.1]:12501
10.0.0.0/24 FILTER smtp:[127.0.0.1]:12501
(you could also do this in other ways for logged in users, ip, from etc..)
Use a policybank in Amavisd-new:
$interface_policy{'12501'} = 'INTERNAL';
$policy_bank{'INTERNAL'} = { # mail originating from clients in cidr:/etc/postfix/internal_clients_filter
bypass_spam_checks_maps => [0], # spam-check outgoing mail
bypass_banned_checks_maps => [0], # banned-check outgoing mail
bypass_header_checks_maps => [0], # header-check outgoing mail
forward_method => 'smtp:[127.0.0.1]:12502', # relay to Postfix listener on port 12502
};
And the reinject path in postfix:
127.0.0.1:12502 inet n - n - - smtpd
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_data_restrictions
-o smtpd_end_of_data_restrictions=
-o local_header_rewrite_clients=
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
Solution 2:
This is an old question but I thought I would share some configuration that allows use of an outbound Procmail filter. Firstly, in master.cf
:
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=may
-o smtpd_sasl_auth_enable=yes
-o broken_sasl_auth_clients=yes
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
-o content_filter=procmail-outbound
procmail-outbound unix - n n - - pipe
flags=Rq user=mail argv=/usr/bin/procmail -t -m SENDER=${sender} RECIPIENT=${recipient} /etc/procmail/outbound.rc
and then you can run whatever procmail recipes you need in outbound.rc
before reinjecting the processed message with sendmail
like the below example recipe does:
# Send mail
:0 w
| /usr/bin/sendmail -G -i -f $SENDER $RECIPIENT
(Note the example accepts mail on the submission service (port 587) rather than the smtp
service which is for relaying and delivery.)