<div dir="ltr">I am running amavid-new with postfix and I like to skip content filter for senders with domain <a href="http://example.com">example.com</a><br clear="all"><div><br></div><div>I do have amavisd-new setup with postfix like this where amavisd is setup as the content_filter globally like below</div><div><br></div><span style="color:rgb(0,0,0);white-space:pre-wrap"># cat /etc/postfix/<a href="http://main.cf">main.cf</a></span><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap">...
content_filter = amavisfeed:[127.0.0.1]:10024
...
# cat /etc/postfix/<a href="http://master.cf">master.cf</a>
...
amavisfeed unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
<a href="http://127.0.0.1:10025">127.0.0.1:10025</a> inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=<a href="http://127.0.0.0/8">127.0.0.0/8</a>
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
# netstat -tunlp | grep 10024
tcp 0 0 <a href="http://127.0.0.1:10024">127.0.0.1:10024</a> 0.0.0.0:* LISTEN 26131/amavisd (mast
tcp 0 0 ::1:10024 :::* LISTEN 26131/amavisd (mast
# netstat -tunlp | grep 10025
tcp 0 0 <a href="http://127.0.0.1:10025">127.0.0.1:10025</a> 0.0.0.0:* LISTEN 28242/smtpd
# ps -ef | grep 26131
amavis 26131 1 0 05:49 ? 00:00:02 /usr/sbin/amavisd (master)
amavis 28157 26131 0 14:22 ? 00:00:01 /usr/sbin/amavisd (ch6-28157-06-3)
amavis 28322 26131 4 14:27 ? 00:00:06 /usr/sbin/amavisd (ch5-28322-05-7)
# ps -ef | grep 28242
postfix 28242 29732 0 14:25 ? 00:00:00 smtpd -n <a href="http://127.0.0.1:10025">127.0.0.1:10025</a> -t inet -u -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=<a href="http://127.0.0.0/8">127.0.0.0/8</a> -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings -o local_header_rewrite_clients= -o smtpd_milters= -o local_recipient_maps= -o relay_recipient_maps=</pre><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap"><br></pre><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap">And in amavisd.conf file I am using whitelist domains and email addresses like below</pre><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap"># cat /etc/amavisd/amavisd.conf</pre><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap">...</pre><pre style="word-wrap:break-word"><font color="#000000"><span style="white-space:pre-wrap">read_hash(\%whitelist_sender, '/etc/amavisd/whitelist');
@whitelist_sender_maps = (\%whitelist_sender);
...</span></font></pre><pre style="word-wrap:break-word"><font color="#000000"><span style="white-space:pre-wrap">$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 1, # enables disclaimer insertion if available
# notify administrator of locally originating malware
virus_admin_maps => ["virusalert\@$mydomain"],
spam_admin_maps => ["virusalert\@$mydomain"],
warnbadhsender => 1,
# forward to a smtpd service providing DKIM signing service
forward_method => 'smtp:[127.0.0.1]:10027',
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_spam_checks_maps => ['@whitelist_sender_maps'], # don't spam-check this mail
bypass_banned_checks_maps => ['@whitelist_sender_maps'], # was [1] allow sending any file names and types
bypass_header_checks_maps => ['@whitelist_sender_maps'], # don't header-check this mail
terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option
};
</span></font></pre><div><font color="#000000"><span style="white-space:pre-wrap">...</span></font></div><div><font color="#000000"><span style="white-space:pre-wrap"><br></span></font></div><div><font color="#000000"><div><span style="white-space:pre-wrap"># cat /etc/amavisd/whitelist </span></div><div><span style="white-space:pre-wrap"><a href="mailto:here@example.com">here@example.com</a></span></div><div><span style="white-space:pre-wrap"><a href="http://eample.net">eample.net</a></span></div><div><span style="white-space:pre-wrap"><br></span></div><div><span style="white-space:pre-wrap"><br></span></div><div><span style="white-space:pre-wrap">How do I make sure it is working? After I configured like below, I restarted amavisd and postfix and I am seeing a lot of </span></div><div style="white-space:pre-wrap">``RelayedOpenRelay'' like below.. </div><div style="white-space:pre-wrap"><br></div><div><br></div><div><span style="white-space:pre-wrap">Dec 11 01:10:02 myhost amavis[12264]: (12264-08) Passed CLEAN {RelayedOpenRelay}, [192.168.0.220]:51381 [192.168.0.220] <<a href="mailto:foo@example2.net">foo@example2.net</a>> -> <<a href="mailto:bar@juniper.net">bar@juniper.net</a>>, Message-ID: <<a href="mailto:20161211061002.7CDF95F777@example3.net">20161211061002.7CDF95F777@example3.net</a>>, mail_id: jTfE0zqJExAe, Hits: -1.899, size: 1920, queued_as: EB9F49ED41, 440 ms</span><br></div></font></div><pre style="word-wrap:break-word"><font color="#000000"><span style="white-space:pre-wrap">I have not used amavisd with postfix like this before and please let me know how I can achieve</span></font></pre><pre style="word-wrap:break-word"><font color="#000000"><span style="white-space:pre-wrap">whitelisting some of the sender addresses and sender domains and not making the mail server an openrelay.</span></font></pre><pre style="word-wrap:break-word"><font color="#000000"><span style="white-space:pre-wrap"><br></span></font></pre><pre style="word-wrap:break-word"><font color="#000000"><span style="white-space:pre-wrap">Thanks for your help!</span></font></pre><pre style="word-wrap:break-word"><font color="#000000"><span style="white-space:pre-wrap"><br></span></font></pre><pre style="word-wrap:break-word"><font color="#000000"><span style="white-space:pre-wrap"><br></span></font></pre><pre style="word-wrap:break-word"><font color="#000000"><span style="white-space:pre-wrap">
</span></font></pre><div class="gmail_signature">Asif Iqbal<br>PGP Key: 0xE62693C5 KeyServer: <a href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a><br>A: Because it messes up the order in which people normally read text.<br>Q: Why is top-posting such a bad thing?<br><br></div>
</div>