PostfixCandy

Summary

postfix, like many others MTA, requires a lot of custom work in order to add features like external spamfilters or anti-virus. The final config results to be sometimes quite complex. This is clearly sub-optimal because it makes the system more complex to maintain.

Rationale

Find a way to integrate these bits together easily for sysadmin mental sanity and for sysadmins wannabe that don't have time to learn all the way of SMTP from Jedi Master Lamont.

Use cases

  • company foo needs an active antivirus that can self sustain without maintainance running on their favourite postfix installation, but clearly they don't want to invest time in complex and custom configs.

Design

Several approaches can be used to achieve this target and they are really dependent on how performant/robust/secure the MTA needs to be. The following implementation is based on the postfix filter implementation http://www.postfix.org/FILTER_README.html that is a *MUST* read to understand the implementation itself.

Whatever filter implementation we choose, there is no real winner. They both have goodness and badness. In short (if you really don't want to read the doc above):

  • Simple filtering:
    • Easy to implement
    • Slow
    • Not very robust
    • Does not need open ports
  • Advanced filtering:
    • More complex to implement
    • Fast is manually fine tuned on the running the system
    • Generally robust
    • It requires 2 open ports on localhost

Assuming we want to go for a higher security model (no open ports), only Simple filtering can be applied, with a loss of performance of at least a factor of 5 (see above url).

The other important factor is that at this point in time there is no equivalent of postconf to edit master.cf and modifications to this file are mandatory to enable any content filter. So switching from one implementation to another is not easily doable yet.

Implementation

  • postfix modifications:
    • Add a default content filtering line master.cf to use a default script, similar to run-parts , that will parse a standard directory (for example: /etc/postfix/filters.d/) for filtering scripts.
    • Ship the dir empty and a default template based on the above url example.
  • clamav modifications:
    • ship a drop in script for /etc/postfix/filters.d/ based on the template.
  • other packages could do the same to add spam or whatever filter to the mail.

Data preservation and migration

  • none. feature should be usable either from clean install or non-custom upgrades.

Outstanding issues

  • performance impact.
  • switching implementation.

BoF agenda and discussion


CategorySpec

PostfixCandy (last edited 2008-08-06 16:21:44 by localhost)