2.1 Verifying Recipients with Postfix

The Postfix  server receives incoming SMTP transmissions on port 25, hands the message off to a pass-through filtering proxy (amavisd-new), then sends valid messages on to the Cyrus LMTP transport for delivery to the message store. The diagram in Figure 2 illustrates this process.

Figure 2: Recipient Verification Using Postfix

In this configuration, the amavisd-new mail scanner serves as a Postfix ``before-queue'' content filter. This means that spam and virus filtering occur before the message is added to the postfix mail queue for cleanup and distribution. This technique is suited for low volume sites (or high memory sites) since a separate amavis process is required for each concurrent connection to the server. High volume sites usually configure amavisd as an ``after-queue'' content filter.

The processing pipeline is as follows:

  • The “before-filter” Postfix SMTP server receives mail from the Internet and performs relay access control and recipient verification. If the SMTP server detects one of these problems, the message is rejected outright. Otherwise, the unfiltered content is passed on to amavisd.

Note: Postfix SASL authentication also occurs before the content filter is activated (although it is disabled on this host).

  • Amavis examines the message content and either (a) reinjects it into the Postfix message stream or (b) returns an error code which causes Postfix to reject the message.

If the message is accepted for delivery, it is queued, cleaned up, and dispatched to the Cyrus LMTP delivery agent. If Cyrus is unable to locate the recipient’s virtual mail box, the message is discarded and a bounce notification is passed along to the sender. This bounce should not occur unless the Postfix and Cyrus virtual mailbox lists are out of sync.