This section lists limitations of the Postfix Milter implementation.
Some limitations will be removed as the implementation is extended
over time. Of course the usual limitations of before-queue filtering
will always apply. See the
CONTENT_INSPECTION_README document for
Postfix currently supports only applications that speak
the Sendmail 8 Milter protocol versions 2..4. Support for other
protocol types or protocol versions may be added later.
For applications that are written in C, you need to use
the Sendmail libmilter library. A Postfix replacement may be
provided in the future.
There are TWO sets of mail filters: filters that are used
for SMTP mail only (specified with the
and filters for non-SMTP mail (specified with the
parameter). The non-SMTP filters are primarily for local submissions.
When mail is filtered by non-SMTP filters, the Postfix
cleanup(8) server has to simulate the SMTP client CONNECT and
DISCONNECT events, and the SMTP client EHLO, MAIL FROM, RCPT TO and
DATA commands. This works as expected, with only one exception:
non-SMTP filters must not REJECT or TEMPFAIL simulated RCPT TO
commands. When a non-SMTP filter REJECTs or TEMPFAILs a recipient,
Postfix will report a configuration error, and mail will stay in
Postfix currently does not apply content filters to mail
that is forwarded or aliased internally, or to mail that is generated
internally such as bounces or Postmaster notifications. This may
be a problem when you want to apply a signing Milter to such mail.
When you use the before-queue content filter for incoming
SMTP mail (see
SMTPD_PROXY_README), Milter applications have access
only to the SMTP command information; they have no access to the
message header or body, and cannot make modifications to the message
or to the envelope.
Postfix 2.3 does not support Milter requests to replace
the message body. Milter applications that request this unsupported
operation will log a warning like this:
application name: st_optionneg: 0x3d does not fulfill action requirements 0x1e
The solution is (to wait for) a Postfix version that supports
the missing functionality.
Most Milter configuration options are global. Future Postfix
versions may support per-Milter timeouts, per-Milter error handling,