1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Postfix Content Inspection </title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 11 12</head> 13 14<body> 15 16<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 17Content Inspection </h1> 18 19<hr> 20 21<p> Postfix supports three content inspection methods, ranging from 22light-weight one-line-at-a-time scanning before mail is queued, to 23heavy duty machinery that does sophisticated content analysis after 24mail is queued. Each approach serves a different purpose. </p> 25 26<dl> 27 28<dt> <b> before queue, built-in, light-weight</b> </dt> 29 30<dd> <p> This method inspects mail BEFORE it is stored in the queue, 31and uses Postfix's built-in message header and message body 32inspection. Although the main purpose is to stop a specific flood 33of mail from worms or viruses, it is also useful to block a flood 34of bounced junk email and email notifications from virus detection 35systems. The built-in regular expressions are not meant to implement 36general SPAM and virus detection. For that, you should use one of 37the content inspection methods described below. Details are described 38in the <a href="BUILTIN_FILTER_README.html">BUILTIN_FILTER_README</a> and <a href="BACKSCATTER_README.html">BACKSCATTER_README</a> documents. 39</p> 40 41<dt> <b> after queue, external, heavy-weight</b> </dt> 42 43<dd> <p> This method inspects mail AFTER it is stored in the queue, 44and uses standard protocols such as SMTP or "pipe to command and 45wait for exit status". After-queue inspection allows you to use 46content filters of arbitrary complexity without causing timeouts 47while receiving mail, and without running out of memory resources 48under a peak load. Details of this approach are in the <a href="FILTER_README.html">FILTER_README</a> 49document. </p> 50 51<dt> <b> before queue, external, medium-weight</b> </dt> 52 53<dd> <p> The following two methods inspect mail BEFORE it is stored in the 54queue. </p> 55 56<ul> 57 58<li> <p> The first method uses the SMTP protocol, and is described 59in the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document. This approach is available 60with Postfix version 2.1 and later. </p> 61 62<li> <p> The second method uses the Sendmail 8 Milter protocol, and 63is described in the <a href="MILTER_README.html">MILTER_README</a> document. This approach is 64available with Postfix version 2.3 and later. </p> 65 66</ul> 67 68<p> Although these approaches appear to be attractive, they have 69some serious limitations that you need to be aware of. First, 70content inspection software must finish in a limited amount of time; 71if content inspection needs too much time then incoming mail 72deliveries will time out. Second, content inspection software must 73run in a limited amount of memory; if content inspection needs too 74much memory then software will crash under a peak load. Before-queue 75inspection limits the peak load that your system can handle, and 76limits the sophistication of the content filter that you can use. 77</p> 78 79</dl> 80 81<p> The more sophisticated content filtering software is not built 82into Postfix for good reasons: writing an MTA requires different 83skills than writing a SPAM or virus killer. Postfix encourages the 84use of external filters and standard protocols because this allows 85you to choose the best MTA and the best content inspection software 86for your purpose. Information about external content inspection 87software can be found on the Postfix website at <a href="http://www.postfix.org/">http://www.postfix.org/</a>, 88and on the postfix-users@postfix.org mailing list. </p> 89 90</body> 91 92</html> 93