[Mimedefang] Issues with porting MIMEDefang to another MTA

[Rudolph Pereira]

On Mon, Mar 31, 2003 at 11:10:01PM +0000, David F. Skoll wrote:
> There are also a couple of ways to implement MIMEDefang for another MTA:
> 
> 1) Modify the MTA source code to include milter-like functionality
> 2) Write a proxy that accepts connections on port 25 and relays it to
>    the real MTA.
<snip>
> Approach (2) is nice because it's MTA-independent -- one proxy will
> work with any MTA.  On the other hand, you then lose the ability to do
> access control in your MTA (all connections appear to come from
> 127.0.0.1 or whatever), and worst of all, requirement (5) means you
> have to implement queueing and retransmission in the proxy.  In other
> words, you end up re-implementing most of an MTA anyway.
I've just had a quick look at postfix's content filtering hooks, and it
seems like the disadvantages listed above might be able to be avoided.
Postfix allows one to specify a service through which mail is filtered
(during processing) after being accepted by postfix's smtpd service. The
filter has to speak smtp - so it is effectively an smtp proxy - but it
speaks and listens to other (internal) postfix services. 
It doesn't have to have access control, etc, because that's all still done
by postfix itself. You also don't have the usual proxy security
problems, because it doesn't have to be listening on anything other than
localhost (and you could probably get it to listen on a unix socket for
more speed/security).
Does any of this sound hopeful/useful?