Postfix Notes

How to configure Postfix to deliver mail to Cyrus IMAPd Shared Folders

This proved to be trickier than expected. There may be a cleaner way to do this.

  1. Configure an Alias for the shared mailbox with the name that is externally visible, pointing to another mailbox in a (non-existing) subdomain:
    sharedboxname@bsg.at sharedboxname@shared.bsg.at
    Put this either in /etc/aliases or in /etc/postfix/virtual.
  2. Create a transport definition for the subdomain in /etc/postfix/transport: 
    shared.bsg.at   cyrusbb:
  3. Create the hashed db for the transports file: 
    postmap /etc/postfix/transport
  4. Create a cyrusbb delivery service in /etc/postfix/master.cf to call the Cyrus deliver program with the correct parameters: 
    cyrusbb   unix  -       n       n       -       -       pipe
    flags=R user=cyrus argv=/usr/cyrus/bin/deliver -e -m ${user}
  5. Activate the transport map in postfix main.cf by adding the following line: 
    transport_maps = hash:/etc/postfix/transport
  6. Reload Postfix configuration: 
    postfix reload

How to implement content/attachment filters based upon filenames with Postfix

The goal is to filter mail based upon attached files (that is their extensions) with possibly harmful content. There is a simple content filter capability built into Postfix (See Postfix documentation) but what I wanted to do was one step ahead of this: Reject (evtl. recursivly) zipped versions of unwanted files also.

This is a quite rigorous counter measure, but in times of Macro viruses it might be worth considering. Please note that this solution bounces any offending mail (i.e. mail that contains an attachment with a filename you configured as unwanted. It does not remove the attachment. Also note that the script as downloadable here comes with various extensions preconfigured. You might want to change this default.

The interface to Postfix is managed using Macofida (see the link below), which runs as a daemon. It calls the filter script, which uses MIME-Tools to decode the message and scans the attachments for offending filenames.

The same tools can be used to implement any filter. In fact Macofoda is intended to be a filter interface for Postfix.

The Tools used:
Macofida which some additional Perl modules - see below
MIME Tools which - guess what - needs some additional Perl modules
Our filter script Adapt this to your needs.

The following Perl Modules are needed for MIME-Tools: Macofida needs these modules:

Using Postfix with SSL/TLS

Links:
Postfix/TLS