Hi all,

I am currently working on an implementation of a new relay environemnt for our
Exchange servers. This means that the Postfix machines will do spam / virus /
header / whatever checking prior to forwarding it to our Exchange cluster.

The idea was to have two OpenBSD machines with pf + spamd to serve as mail
firewall. After that we get postfix + spamassassin + clamav + clamsmtp. Here,
postfix reads an hash database generated by postmap to see if the email address
is valid. And yes, only the full email address + domain is put in this hash db
and nothing else. These are all virtual users, so we don't use any local
accounts or whatsoever. After all the checking, we want to use maildrop as
filtering language. Here, we want to quarantine spam mails that are tagged by
spamassassin to a seperate folder. Also we want to use relaydb to forward the
spam email to the mail firewalls (where after spamassassin tagged an X amount of
messages as spam from 1 MTA, the sending MTA will be blocked.)

However, there is one problem. Since maildrop uses courier-authlib to
authenticate, the best possiblity will be to use the postmap generated hash
file. But now my question is ... is this possible? I was looking at auth_userdb,
but I am not sure if this is able to do what I want. The best option would be
that maildrop is not authenticating at all anymore, but I think maildrop always
wants to authenticate. This because we only want to use the filtering
capabilties of maildrop.

I know we can also use Amavis in theory, but we want to use relaydb and possibly
other filtering rules and this is not possible with Amavis. We prefer not to use
amavis due to upgrade issues we had in the past.

I hope my question is clear. I am open for other ideas, of course, but basically
the ideal solution would be to have maildrop authenticate against the postmap
hash db.

Thanks in advance,

Jorn

P.S: I am not sure if you need to see config files or not, but I don't think you
need to. Feel free to ask for them if you need them.