How to integrate postfix and mimedefang

Solution 1:

Going to chuck this in here since I just did this yesterday:

You don't have to roll your own anything. All you need is postfix, libmilter, and mimedefang the RPMs for which which are available in EPEL, so they should be available in other distros that actually stock current versions of packages rather than the 4-6 year old versions that EL repos do. But I digress.

On Centos 6.5 simply:

yum install mimedefang

which will spider out and get sendmail-milter [aka libmilter] as part of the dependencies. [SpamAssassin as well]

After this I recommend changing the socket settings for MIMEdefang to use an inet socket rather than a unix socket. This is mainly to avoid permissions issues since I can't be arsed to find a combination of user and permissions that works for both Postfix and MD.

in /etc/sysconfig/mimedefang uncomment and edit the SOCKET line to:

SOCKET=inet:10997

Make the port whatever you want, 10997 is my random choice.

Now:

service mimedefang start
chkconfig mimedefang on

And now you can simply add the milter config to main.cf or as an smtpd -o in master.cf like so:

smtpd_milters = inet:10997

Solution 2:

Either build or install mimedefang (I used yum as this was done on a CentOS 6.4 system). This will install sendmail also but don't be alarmed - it's a requirement for the software. If you are building note that you will need this dependency.

To write a milter using this process you need to search for and modify the file called mimedefang-filter. There are numerous samples available and depending on whether or not you did a self build or used an RPM there might be one or more available on your system. Put this file in /etc/mail and make sure it's executable.

Create a folder called /var/spool/MIMEDefang.

Find the service control code for mimedefang and put it in /etc/init.d. Make it executable. Open this code with an editor and look for section like so:

# Tricky stuff below... "echo -E" won't work, hence the two-step.
daemon $PROGDIR/$prog-multiplexor -p /var/spool/MIMEDefang/$prog-multiplexor.pid \
    $([ -n "$FILTER" ] && echo "-f $FILTER") \
    $([ -n "$SYSLOG_FACILITY" ] && echo "-S $SYSLOG_FACILITY") \
    $([ -n "$SUBFILTER" ] && echo "-F $SUBFILTER") \

... more lines follow with the same formatting...

    $([ "$MX_STATS_SYSLOG" = "yes" ] && echo "-T") \
    $([ "$MD_ALLOW_GROUP_ACCESS" = "yes" ] && echo "-G") \
    $([ -n "$MX_NOTIFIER" ] && echo "-O $MX_NOTIFIER") \
    echo "-U defang" \    <--------****** ADD THIS LINE ****
    -s $MX_SOCKET

Find the next section that starts like this:

daemon $PROGDIR/$prog -P /var/spool/MIMEDefang/$prog.pid \
    -m $MX_SOCKET \
    $([ -n "$LOOPBACK_RESERVED_CONNECTIONS" ] && echo "-R $LOOPBACK_RESERVED_CONNECTIONS") \
    $([ -n "$MX_USER" ] && echo "-U $MX_USER") \

... follow it down....

    $([ "$ALLOW_NEW_CONNECTIONS_TO_QUEUE" = "yes" ] && echo "-q") \
    echo "-U defang" \   <----------*** ADD THIS LINE ****
    -p $SOCKET

Follow this section of code down to right before the line "return $RETVAL". Add this line:

chmod oug+rw /var/spool/MIMEDefang/*.sock

If you don't, postfix won't be able to communicate with the mimedefang process.

Exit, save and add this to your services using chkconfig or whatever makes you happy.

Last step: open /etc/postfix/main.cf and add these lines:

smtpd_milters = unix:/var/spool/MIMEDefang/mimedefang.sock
milter_default_action = accept

Now - stop postfix, start mimedefang and then restart postfix. Check your logs for fun stuff and continue about your business.