Eric Langheinrich:
> I've got postfix setup to pass messages through spam assassin and for some
> virtual domains the messages are then passed through a pipe for processing.
>
> The spamassassin definitions are as follows in master.cf:
>
> smtp inet n - - - - smtpd
> -o content_filter=spamassassin
> spamassassin unix - n n - - pipe
> user=debian-spamd argv=/usr/bin/spamc -f -e
> /usr/sbin/sendmail -oi -f ${sender} ${recipient}
>
> Obviously, with the call to sendmail to reinject the message I lose access
> to additional pipe variables like ${client_address} ${client_helo}
> ${client_hostname}.
That is solved by using SMTP ('proxy filter' or 'advanced filter')
or Milter, instead of pipe ('simple filter'). With Postfix you turn
on xforward to propagate parts of the initial SMTP context.
http://www.postfix.org/SMTPD_PROXY_README.html
http://www.postfix.org/FILTER_README.html
http://www.postfix.org/MILTER_README.html
Amavisd supports all of these, including SpamAssassin. For example,
https://wiki.apache.org/spamassassin/IntegratedInPostfixWithAmavis
> Is there a way to use spamassassin where the variables associated with the
> initial injection stay in tact?
>
> I'd like to be able to have the pipe call a script and pass in a set of the
> original injection variables.
Passing attacker-controlled bits from the network through a process
command line is just scary. Use SMTP or Milter instead. It was made
for doing that.
Wietse
