Installing Djigzo email encryption with postfix and spampd

I have installed Djigzo email encryption on my mail server - running Ubuntu 8.04 LTS. I use Postfix and Spamassassin which is controlled by Spampd so it runs as a daemon for all my users. It turns out that once you have configured Postfix to use Spampd as a content filter, you don't need to change anything in the incoming mail stream, in order to add Djigzo.
In my configuration I have incoming mail go through spampd, then Djigzo. I configured Djigzo to listen on port 10027 instead of the default 10025. Then I changed the spampd config to send mail to port 10027 instead of 10026. Djigzo already sends mail back to Postfix through port 10026, so I changed nothing there.

In the outgoing mail stream, you need to add Djigzo as a content filter to make mail go through Djigzo on the way out. The changes I made are the following:

in /etc/default/spampd, change
DESTPORT=10026
to
DESTPORT=10027

In /usr/share/djigzo/james-x.x.x/apps/james/SAR-INF/config.xml (replace x's by your version of james)
change
10025
to
10027
to make Djigzo listen on port 10027.

To prevent outgoing email from going through spampd, I added a content filter to the smtps service in master.cf which makes postfix send this mail to Djigzo:10027. The smtps service is used by mail clients for sending outgoing mail. If your clients use another mail server for outgoing mail, you have to configure them to send encrypted or signed mail through Djigzo. You have to use smtps in clients, not smtp. If you use smtps, you can define a filter just for the mail clients sending email, if you use smtp for the clients, the mail server and Djgizo cannot discriminate between mail coming from clients and mail coming in from the internet. But in clients you want to use secure smtp anyway. This is my smtps filter, with the second line changed for Djigzo (in the original configuration there was nothing after the =):

smtps inet n - - - - smtpd
-o content_filter=smtp:[127.0.0.1]:10027
-o smtpd_sender_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING


Adding Djigzo to my mail server was actually easier than adding it to a standard Postfix mail server. Of course, installing Djigzo on a fresh Ubuntu machine or at least one with a blank Postfix is still easier because then you just copy all Postfix config files that come with Djigzo.