kchr · August 29, 2015 14:11
diff --git a/content_filter.sh b/content_filter.sh

 #!/bin/sh
 #
 # This file is defined as a transport pipe in postfix master.cf
 # See postfix-scanner/{main,master}.cf example files for sample configuration
 #
 INSPECT_DIR=/var/spool/postfix/scanner
 SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here.

 # Exit codes from <sysexits.h>
 EX_TEMPFAIL=75
 EX_UNAVAILABLE=69

 # Clean up when done or when aborting.
 trap "rm -f in.$$ out.$$" 0 1 2 3 15

 # Start processing.
 cd $INSPECT_DIR || {
    echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }

 cat >in.$$ || { 
    echo Cannot save mail to file; exit $EX_TEMPFAIL; }

 # Specify your content filter here.
 cat in.$$ | spamassassin | clamassassin >out.$$

 $SENDMAIL "$@" <out.$$

 exit $?
diff --git a/main.cf b/main.cf
 ## postfix/main.cf
 ##
 ## Your normal postfix configuration goes in here.

 [...]

 # Use procmail as final mailbox delivery agent (run by uid who gets the mail)
 # $EXTENSION is the mailbox expanded (for example: user+newsletter) 
 mailbox_command = procmail -a "$EXTENSION"
diff --git a/master.cf b/master.cf
 ## postfix/master.cf
 ##
 ## This file contains a table of default transport methods. 

 [...]

 ## Content filter local smtp transport (pre-delivery)
 ##
 ## Define listening smtp transport that forces content_filter=mailscan
 ## (which is the pipe transport we set up later below)
 ## The options set here becomes local for that specific smtp service only.
 ## This makes postfix also listen on port 10025 but relay those messages to our pipe.
 ##
 ## This has the side effect of "normal"/local mail being routed directly through 
 ## postfix to procmail, and external mail (delivered to port 10025 by imap/pop3 
 ## client) is queued and scanned separately before delivery route takes place.
 ##
 ## Use this transport for incoming mail from fetchmail or offlineimap.
 ##
 ## Messages that comes to postfix in another way/service/transport is not affected
 ## at all. To use content filter for all mail, set content_filter=mailscan in your 
 ## main.cf.
 ##
 # ==========================================================================
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
 127.0.0.1:10025 inet n  -       n       -       -       smtpd
              -o content_filter=mailscan
              -o local_recipient_maps=
              -o relay_recipient_maps=
              -o smtpd_restriction_classes=
              -o smtpd_client_restrictions=
              -o smtpd_helo_restrictions=
              -o smtpd_sender_restrictions=
              -o smtpd_recipient_restrictions=permit_mynetworks,reject
              -o mynetworks=127.0.0.0/8
              -o strict_rfc821_envelopes=yes
              -o smtpd_error_sleep_time=0
              -o smtpd_soft_error_limit=1001
              -o smtpd_hard_error_limit=1000

 ## The local transport we set up above will use this pipe as delivery method.
 ## It will be queued and processed in order - <maxproc> message(s) at a time. 
 ## This makes it possible to batch download a large number of messages in 
 ## parallel, and queue them up in postfix for scanning and end-user delivery. 
 ##
 ## The example pipe (content_filter.sh) ends by calling the postfix sendmail
 ## binary, which puts the message back into the postfix queue again - but this
 ## time using the normal delivery transport (which has been left untouched). 
 ## From here on you will have to configure postfix to actually deliver the mail. 
 ## Personally i use procmail as mailbox_command in main.cf.
 ##
 # ==========================================================================
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
 [...]
 mailscan unix   -       n       n       -       1       pipe 
              flags=Rq user=debian-spamd 
              argv=/var/spool/postfix/scanner/content_filter.sh -f ${sender} -- ${recipient}

	#!/bin/sh
	#
	# This file is defined as a transport pipe in postfix master.cf
	# See postfix-scanner/{main,master}.cf example files for sample configuration
	#
	INSPECT_DIR=/var/spool/postfix/scanner
	SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here.

	# Exit codes from <sysexits.h>
	EX_TEMPFAIL=75
	EX_UNAVAILABLE=69

	# Clean up when done or when aborting.
	trap "rm -f in.$$ out.$$" 0 1 2 3 15

	# Start processing.
	cd $INSPECT_DIR \|\| {
	echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }

	cat >in.$$ \|\| {
	echo Cannot save mail to file; exit $EX_TEMPFAIL; }

	# Specify your content filter here.
	cat in.$$ \| spamassassin \| clamassassin >out.$$

	$SENDMAIL "$@" <out.$$

	exit $?
	## postfix/main.cf
	##
	## Your normal postfix configuration goes in here.

	[...]

	# Use procmail as final mailbox delivery agent (run by uid who gets the mail)
	# $EXTENSION is the mailbox expanded (for example: user+newsletter)
	mailbox_command = procmail -a "$EXTENSION"
	## postfix/master.cf
	##
	## This file contains a table of default transport methods.

	[...]

	## Content filter local smtp transport (pre-delivery)
	##
	## Define listening smtp transport that forces content_filter=mailscan
	## (which is the pipe transport we set up later below)
	## The options set here becomes local for that specific smtp service only.
	## This makes postfix also listen on port 10025 but relay those messages to our pipe.
	##
	## This has the side effect of "normal"/local mail being routed directly through
	## postfix to procmail, and external mail (delivered to port 10025 by imap/pop3
	## client) is queued and scanned separately before delivery route takes place.
	##
	## Use this transport for incoming mail from fetchmail or offlineimap.
	##
	## Messages that comes to postfix in another way/service/transport is not affected
	## at all. To use content filter for all mail, set content_filter=mailscan in your
	## main.cf.
	##
	# ==========================================================================
	# service type private unpriv chroot wakeup maxproc command + args
	# (yes) (yes) (yes) (never) (100)
	# ==========================================================================
	127.0.0.1:10025 inet n - n - - smtpd
	-o content_filter=mailscan
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_client_restrictions=
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o mynetworks=127.0.0.0/8
	-o strict_rfc821_envelopes=yes
	-o smtpd_error_sleep_time=0
	-o smtpd_soft_error_limit=1001
	-o smtpd_hard_error_limit=1000

	## The local transport we set up above will use this pipe as delivery method.
	## It will be queued and processed in order - <maxproc> message(s) at a time.
	## This makes it possible to batch download a large number of messages in
	## parallel, and queue them up in postfix for scanning and end-user delivery.
	##
	## The example pipe (content_filter.sh) ends by calling the postfix sendmail
	## binary, which puts the message back into the postfix queue again - but this
	## time using the normal delivery transport (which has been left untouched).
	## From here on you will have to configure postfix to actually deliver the mail.
	## Personally i use procmail as mailbox_command in main.cf.
	##
	# ==========================================================================
	# service type private unpriv chroot wakeup maxproc command + args
	# (yes) (yes) (yes) (never) (100)
	# ==========================================================================
	[...]
	mailscan unix - n n - 1 pipe
	flags=Rq user=debian-spamd
	argv=/var/spool/postfix/scanner/content_filter.sh -f ${sender} -- ${recipient}