Postfix change add-on priority

Question

I have just started to fight with Spam mails because of my new project. I will explain structure of that system.

We have Postfix as MTA on relay server and fresh Spamassasian and Policyd(v2 Cluebringer) add-ons for it. These are working well and they generate good outputs in log files.

My Question in this schema,how I can learn which add-on is working first?

Why I want to learn this:

If Policyd is reject mails because being not real mail address Spamassasian will not work and system will not work to scan all mails
If I install Clamav, it will not use so much resources

Best Regards.

postconf -M

smtp       inet  n       -       -       -       -       smtpd -o content_filter=spamassassin
pickup     unix  n       -       -       60      1       pickup
cleanup    unix  n       -       -       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       -       1000?   1       tlsmgr
rewrite    unix  -       -       -       -       -       trivial-rewrite
bounce     unix  -       -       -       -       0       bounce
defer      unix  -       -       -       -       0       bounce
trace      unix  -       -       -       -       0       bounce
verify     unix  -       -       -       -       1       verify
flush      unix  n       -       -       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       -       -       -       smtp
relay      unix  -       -       -       -       -       smtp
showq      unix  n       -       -       -       -       showq
error      unix  -       -       -       -       -       error
retry      unix  -       -       -       -       -       error
discard    unix  -       -       -       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       -       -       -       lmtp
anvil      unix  -       -       -       -       1       anvil
scache     unix  -       -       -       -       1       scache
spamassassin unix -      n       n       -       -       pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
policy-spf unix  -       n       n       -       -       spawn user=nobody argv=/usr/sbin/postfix-policyd-spf-perl
maildrop   unix  -       n       n       -       -       pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman    unix  -       n       n       -       -       pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = localdomain, localhost, localhost.localdomain, localhost
myhostname = UNKNOWN
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, ~~~RELAY SERVER IP~~~
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

Post the output of command `postconf -n` and/or `postconf -M` — masegaloeh, Sep 17 '15 at 18:11
Thanks man your help all of these worked well. @masegaloeh and I understand how postfix works — itirazimvar, Apr 02 '16 at 21:52

score 2 · Accepted Answer · answered Sep 21 '15 at 15:42

In your config above you have Spamassassin and Policyd(v2 Cluebringer).

Email was fed to Policyd, because of this configuration

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031

That means postfix will send email to Policyd who listen at port 10031. You can find out about check_policy_service parameter in this page: Postfix SMTP Access Policy Delegation

On the other hand you feed email to SpamAssassin using this line of configuration

smtp     inet  n     -     -     -     -     smtpd -o content_filter=spamassassin

You can find out about this setup on Postfix After-Queue Content Filter.

So, what's the order of the add-on?

Here the simplified diagram of postfix filter

email ---> smtpd ---> check_policy_service ---> qmgr ---> SpamAssasin

Policyd (via check_policy_service) can't access the header and body of the email, so you can put the lightweight checks first. After postfix queued the email, postfix will pass it to heavy checks spamassassin.

Postfix change add-on priority

1 Answers1