Thank you, I will definitively look into it.<br><br><div class="gmail_quote">On Sun, Feb 17, 2013 at 1:19 AM, Noel Jones <span dir="ltr"><<a href="mailto:njones@megan.vbhcs.org" target="_blank">njones@megan.vbhcs.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 2/16/2013 12:40 PM, Gary V wrote:<br>
> On Fri, Feb 15, 2013 at 6:51 AM, milos.kaurin wrote:<br>
>> Hi all<br>
>><br>
>><br>
>> I have set up a restrictive amavis-new daemon which works great<br>
>><br>
>><br>
>> I would, however, like some users on my domain to be able to accept some of<br>
>> the extensions that are otherwise banned.<br>
>><br>
>> I'm not sure what is the right way to go about doing this.<br>
>><br>
>> Basically, I need to let, say, <a href="mailto:tom@example.com">tom@example.com</a> and <a href="mailto:sally@example.com">sally@example.com</a> to be<br>
>> able to recieve .avi and .pdf (which is currently restricted)<br>
><br>
> If you use 2.3.0 or newer and your intent is to allow a particular<br>
> recipient (or recipients) to receive certain files that are blocked by<br>
> the current settings in banned_filename_re, you could first redefine<br>
> the %banned_rules hash and include a complete custom set of<br>
> $banned_filename_re settings there. In addition, this hash necessarily<br>
> includes the 'DEFAULT' banned_filename_re settings and needs to be<br>
> positioned after the existing $banned_filename_re new_RE( ... );<br>
> setting. Then set up a policy bank to trigger the recipient to use the<br>
> reconfigured rules. For example:<br>
><br>
> %banned_rules = (<br>
> 'ALLOW_PDF' => new_RE(<br>
> [qr'.\.(avi|pdf)$'i => 0], # pass .avi and .pdf files<br>
> # block certain double extensions anywhere in the base name:<br>
> qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,<br>
> qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?$'i, # Windows<br>
> Class ID CLSID, strict<br>
> qr'^application/x-msdownload$'i, # block these MIME types<br>
> qr'^application/x-msdos-program$'i,<br>
> qr'^application/hta$'i,<br>
> qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic<br>
> qr'^\.(exe-ms)$', # banned file(1) types<br>
> ),<br>
> 'DEFAULT'=>$banned_filename_re,<br>
> );<br>
><br>
> $inet_socket_port = [10024,10026];<br>
> $interface_policy{'10026'} = 'ALLOWPDF';<br>
><br>
> $policy_bank{'ALLOWPDF'} = {<br>
> banned_filename_maps => ['ALLOW_PDF'], # more permissive banning rules<br>
> };<br>
><br>
> In <a href="http://main.cf" target="_blank">main.cf</a> add a check_recipient_access that serves to toggle the<br>
> FILTER to port 10026:<br>
><br>
> smtpd_recipient_restrictions =<br>
> permit_mynetworks,<br>
> permit_sasl_authenticated,<br>
> reject_unauth_destination,<br>
> check_recipient_access hash:/etc/postfix/amavis_allow_pdf<br>
><br>
> The contents of /etc/postfix/amavis_allow_pdf (don't forget to postmap<br>
> the file):<br>
> <a href="mailto:tom@example.com">tom@example.com</a> FILTER smtp-amavis:[127.0.0.1]:10026<br>
> <a href="mailto:sally@example.com">sally@example.com</a> FILTER smtp-amavis:[127.0.0.1]:10026<br>
<br>
<br>
</div></div>Caution: FILTER is a per-message action, not per-recipient.<br>
Multirecipient mail may not be routed as you expect.<br>
<br>
Controlling the next-hop per recipient reliably requires using a<br>
transport map and multiple postfix instances. See postfix-users<br>
archives for details.<br>
<br>
Or you may decide you can live with occasional misrouted mail, but<br>
then you're not going to be surprised when that happens.<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
-- Noel Jones<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
<br>
><br>
> Hopefully it's obvious my amavis is configured as an after queue<br>
> filter and my transport in <a href="http://master.cf" target="_blank">master.cf</a> is called smtp-amavis<br>
><br>
<br>
</div></div></blockquote></div><br>