diff options
Diffstat (limited to 'README_FILES/CONTENT_INSPECTION_README')
-rw-r--r-- | README_FILES/CONTENT_INSPECTION_README | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/README_FILES/CONTENT_INSPECTION_README b/README_FILES/CONTENT_INSPECTION_README new file mode 100644 index 0000000..a6a6fd8 --- /dev/null +++ b/README_FILES/CONTENT_INSPECTION_README @@ -0,0 +1,56 @@ +PPoossttffiixx CCoonntteenntt IInnssppeeccttiioonn + +------------------------------------------------------------------------------- +Postfix supports three content inspection methods, ranging from light-weight +one-line-at-a-time scanning before mail is queued, to heavy duty machinery that +does sophisticated content analysis after mail is queued. Each approach serves +a different purpose. + +bbeeffoorree qquueeuuee,, bbuuiilltt--iinn,, lliigghhtt--wweeiigghhtt + This method inspects mail BEFORE it is stored in the queue, and uses + Postfix's built-in message header and message body inspection. Although the + main purpose is to stop a specific flood of mail from worms or viruses, it + is also useful to block a flood of bounced junk email and email + notifications from virus detection systems. The built-in regular + expressions are not meant to implement general SPAM and virus detection. + For that, you should use one of the content inspection methods described + below. Details are described in the BUILTIN_FILTER_README and + BACKSCATTER_README documents. + +aafftteerr qquueeuuee,, eexxtteerrnnaall,, hheeaavvyy--wweeiigghhtt + This method inspects mail AFTER it is stored in the queue, and uses + standard protocols such as SMTP or "pipe to command and wait for exit + status". After-queue inspection allows you to use content filters of + arbitrary complexity without causing timeouts while receiving mail, and + without running out of memory resources under a peak load. Details of this + approach are in the FILTER_README document. + +bbeeffoorree qquueeuuee,, eexxtteerrnnaall,, mmeeddiiuumm--wweeiigghhtt + The following two methods inspect mail BEFORE it is stored in the queue. + + * The first method uses the SMTP protocol, and is described in the + SMTPD_PROXY_README document. This approach is available with Postfix + version 2.1 and later. + + * The second method uses the Sendmail 8 Milter protocol, and is described + in the MILTER_README document. This approach is available with Postfix + version 2.3 and later. + + Although these approaches appear to be attractive, they have some serious + limitations that you need to be aware of. First, content inspection + software must finish in a limited amount of time; if content inspection + needs too much time then incoming mail deliveries will time out. Second, + content inspection software must run in a limited amount of memory; if + content inspection needs too much memory then software will crash under a + peak load. Before-queue inspection limits the peak load that your system + can handle, and limits the sophistication of the content filter that you + can use. + +The more sophisticated content filtering software is not built into Postfix for +good reasons: writing an MTA requires different skills than writing a SPAM or +virus killer. Postfix encourages the use of external filters and standard +protocols because this allows you to choose the best MTA and the best content +inspection software for your purpose. Information about external content +inspection software can be found on the Postfix website at http:// +www.postfix.org/, and on the postfix-users@postfix.org mailing list. + |