Re: amavisd-new: prevent calling SA/clamd on sec. MX?
- At 04:52 PM 1/29/2007, Jan Houtsma wrote:
>On 29-1-2007 Jan Houtsma wrote:Nope.
>>Yes i saw that. But what about doing the same on the secondary but
>>with smtpd_recipient_restrictions i.s.o. smtpd_client_restrictions.
>>And in the cidr file specifying the subnet of the primary? So that
>>messages for the primary bypass scanning on the secondary?
>To be more precise:
> check_recipient_access cidr:/etc/postfix/mx2
># cat mx2
><mx1_ip_address>/32 FILTER relay:[127.0.0.1]:10025
>I think that would do the same but then on bypassing on the secondary.
1. the recipient address is always a domain name, never an IP address.
2. filtering by recipient is not reliable - the FILTER action applies
to all recipients of the message, not just the one that triggers the
rule. Multi-recipient mail is likely to be randomly misdirected.
You can fix issue 2 above by using multiple instances of postfix
(each with its own config and queue directory) with the content
filter in between. Then use transport_maps to route mail to either
the content filter or the second postfix instance as each recipient
or domain requires. The content_filter setting is no longer used in
this type setup. This works well, but is somewhat more complicated
to configure. This does have the advantage of giving much clearer
logging of what happens pre-filter and post-filter.