1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Postfix Content Inspection </title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 11<link rel='stylesheet' type='text/css' href='postfix-doc.css'> 12 13</head> 14 15<body> 16 17<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 18Content Inspection </h1> 19 20<hr> 21 22<p> Postfix supports three content inspection methods, ranging from 23light-weight one-line-at-a-time scanning before mail is queued, to 24heavy duty machinery that does sophisticated content analysis after 25mail is queued. Each approach serves a different purpose. </p> 26 27<dl> 28 29<dt> <b> before queue, built-in, light-weight</b> </dt> 30 31<dd> <p> This method inspects mail BEFORE it is stored in the queue, 32and uses Postfix's built-in message header and message body 33inspection. Although the main purpose is to stop a specific flood 34of mail from worms or viruses, it is also useful to block a flood 35of bounced junk email and email notifications from virus detection 36systems. The built-in regular expressions are not meant to implement 37general SPAM and virus detection. For that, you should use one of 38the content inspection methods described below. Details are described 39in the BUILTIN_FILTER_README and BACKSCATTER_README documents. 40</p> 41 42<dt> <b> after queue, external, heavy-weight</b> </dt> 43 44<dd> <p> This method inspects mail AFTER it is stored in the queue, 45and uses standard protocols such as SMTP or "pipe to command and 46wait for exit status". After-queue inspection allows you to use 47content filters of arbitrary complexity without causing timeouts 48while receiving mail, and without running out of memory resources 49under a peak load. Details of this approach are in the FILTER_README 50document. </p> 51 52<dt> <b> before queue, external, medium-weight</b> </dt> 53 54<dd> <p> The following two methods inspect mail BEFORE it is stored in the 55queue. </p> 56 57<ul> 58 59<li> <p> The first method uses the SMTP protocol, and is described 60in the SMTPD_PROXY_README document. This approach is available 61with Postfix version 2.1 and later. </p> 62 63<li> <p> The second method uses the Sendmail 8 Milter protocol, and 64is described in the MILTER_README document. This approach is 65available with Postfix version 2.3 and later. </p> 66 67</ul> 68 69<p> Although these approaches appear to be attractive, they have 70some serious limitations that you need to be aware of. First, 71content inspection software must finish in a limited amount of time; 72if content inspection needs too much time then incoming mail 73deliveries will time out. Second, content inspection software must 74run in a limited amount of memory; if content inspection needs too 75much memory then software will crash under a peak load. Before-queue 76inspection limits the peak load that your system can handle, and 77limits the sophistication of the content filter that you can use. 78</p> 79 80</dl> 81 82<p> The more sophisticated content filtering software is not built 83into Postfix for good reasons: writing an MTA requires different 84skills than writing a SPAM or virus killer. Postfix encourages the 85use of external filters and standard protocols because this allows 86you to choose the best MTA and the best content inspection software 87for your purpose. Information about external content inspection 88software can be found on the Postfix website at http://www.postfix.org/, 89and on the postfix-users@postfix.org mailing list. </p> 90 91</body> 92 93</html> 94
