Frank Leonhardt wrote:
I think there's a terminology mis-match here. To me "milter" is a
sendmail mail filter, of which there can be any number configured (this
is me making no assumptions about Postfix &c). In this case it's just
spamass-milter (Georg C. F. Greve 2002)
Nope, you've got the terminology straight.
MIMEDefang is another (much more flexible) milter - which can call a
great many other things to do its processing including SpamAssassin.
IIRC amavis can be deployed as a milter. ClamAV ships one very similar
to spamass-milter, in that it's dedicated to passing messages to ClamAV.
There are several dedicated to SPF and DKIM.
And any of them can be used with Postfix >= 2.3 (although IIRC some
functions may not work well with Postfix 2.3).
IIRC, spamass-milter isn't particularly configurable; it's either
installed and passing all mail to SA, or not.
Other milters *do* have a lot more flexibility in deciding what to do
with any given message - for instance, since the "configuration" is a
Perl script fragment, anything you can do to a stream of bytes or a file
in Perl can be done by MIMEDefang. It uses SA a little differently (by
default) in that it loads the SA Perl libraries, rather than passing a
message to spamd.
I recently migrated outbound filtering at work to MIMEDefang from a
homebrew Postfix content filter. We have four or five intersecting sets
of conditions that decide whether or not a given message will be
scanned, and if so what threshold to reject the message at. The
conditions are currently set by the presence and content of a collection
of flatfiles, but we're planning on moving that data into a database
sometime.
- nothing to do with MIMEDefang
and suchlike.
Well, not exactly. sendmail <-> [some milter] <-> spamd (or the Perl SA
libraries)
[some milter] is spamass-milter in your case. I briefly tried a number
of milters before settling on MIMEDefang for flexibility in implementing
the full range of capabilities in the milter interface.
It's a daemon - hangs around on a socket and waits for
sendmail to give it an email.
And it's up to the milter to decide what to do with that message.
spamass-milter, IIRC, doesn't have many knobs to twist in this respect;
it passes everything to SA.
It then calls spamc and sends the modified
message back to sendmail. It didn't occur to me that it'd be called
indirectly by one of the other general purpose milters, but I can see
that now.
IIRC there *is* a milter-multiplexor milter that calls other milters,
but I'm not sure what the real use-case is.
> Fortunately for me it's written in 'C', so I've got a reasonable
> chance of understanding it. I'm trawling through the source now.
That's certainly an option. I'm not sure how active spamass-milter
development is, and whether they'd accept a patch for a "bypass on SMTP
AUTH" configuration switch - if not, you'll be carrying a custom patch.
-kgd