summaryrefslogtreecommitdiffstats
path: root/README_FILES/CONTENT_INSPECTION_README
diff options
context:
space:
mode:
Diffstat (limited to 'README_FILES/CONTENT_INSPECTION_README')
-rw-r--r--README_FILES/CONTENT_INSPECTION_README56
1 files changed, 56 insertions, 0 deletions
diff --git a/README_FILES/CONTENT_INSPECTION_README b/README_FILES/CONTENT_INSPECTION_README
new file mode 100644
index 0000000..a6a6fd8
--- /dev/null
+++ b/README_FILES/CONTENT_INSPECTION_README
@@ -0,0 +1,56 @@
+PPoossttffiixx CCoonntteenntt IInnssppeeccttiioonn
+
+-------------------------------------------------------------------------------
+Postfix supports three content inspection methods, ranging from light-weight
+one-line-at-a-time scanning before mail is queued, to heavy duty machinery that
+does sophisticated content analysis after mail is queued. Each approach serves
+a different purpose.
+
+bbeeffoorree qquueeuuee,, bbuuiilltt--iinn,, lliigghhtt--wweeiigghhtt
+ This method inspects mail BEFORE it is stored in the queue, and uses
+ Postfix's built-in message header and message body inspection. Although the
+ main purpose is to stop a specific flood of mail from worms or viruses, it
+ is also useful to block a flood of bounced junk email and email
+ notifications from virus detection systems. The built-in regular
+ expressions are not meant to implement general SPAM and virus detection.
+ For that, you should use one of the content inspection methods described
+ below. Details are described in the BUILTIN_FILTER_README and
+ BACKSCATTER_README documents.
+
+aafftteerr qquueeuuee,, eexxtteerrnnaall,, hheeaavvyy--wweeiigghhtt
+ This method inspects mail AFTER it is stored in the queue, and uses
+ standard protocols such as SMTP or "pipe to command and wait for exit
+ status". After-queue inspection allows you to use content filters of
+ arbitrary complexity without causing timeouts while receiving mail, and
+ without running out of memory resources under a peak load. Details of this
+ approach are in the FILTER_README document.
+
+bbeeffoorree qquueeuuee,, eexxtteerrnnaall,, mmeeddiiuumm--wweeiigghhtt
+ The following two methods inspect mail BEFORE it is stored in the queue.
+
+ * The first method uses the SMTP protocol, and is described in the
+ SMTPD_PROXY_README document. This approach is available with Postfix
+ version 2.1 and later.
+
+ * The second method uses the Sendmail 8 Milter protocol, and is described
+ in the MILTER_README document. This approach is available with Postfix
+ version 2.3 and later.
+
+ Although these approaches appear to be attractive, they have some serious
+ limitations that you need to be aware of. First, content inspection
+ software must finish in a limited amount of time; if content inspection
+ needs too much time then incoming mail deliveries will time out. Second,
+ content inspection software must run in a limited amount of memory; if
+ content inspection needs too much memory then software will crash under a
+ peak load. Before-queue inspection limits the peak load that your system
+ can handle, and limits the sophistication of the content filter that you
+ can use.
+
+The more sophisticated content filtering software is not built into Postfix for
+good reasons: writing an MTA requires different skills than writing a SPAM or
+virus killer. Postfix encourages the use of external filters and standard
+protocols because this allows you to choose the best MTA and the best content
+inspection software for your purpose. Information about external content
+inspection software can be found on the Postfix website at http://
+www.postfix.org/, and on the postfix-users@postfix.org mailing list.
+