Submission clients bypass MYNETS policy

Gary V mr88talent at gmail.com
Tue Sep 20 03:15:10 CEST 2011 

On 9/19/11, Alex wrote:
> Hi,
>
>>>> I have set up an amavisd-new with postfix/spamassassin on fedora15.
>>>> I'm trying to set up a disclaimer footer using amavisd because I also
>>>> need always_bcc, and was having a problem with postfix duplicating the
>>>> messages as a result.
>>>>
>>>> Webmail now properly attaches the disclaimer footer using my amavisd
>>>> config, but somehow submission clients are bypassing the MYNETS
>>>> policy, which is where "allow_disclaimers = 1" is set.
>>>>
>>>> Here's a snapshot from the logs. "remotenet.net" is the remote host
>>>> and "mylocalnet.net" is the amavisd host.
>>>
>>> Deliver submission mail to amavis on a decicated amavis port. Map that
>>> port to
>>> a policy bank e.g. MYNETS.
>>
>> Can you guide me to where I can find information on how to do that?
>
> I've spent quite a bit more time on this, trying to figure out how to
> create another dedicated port by following
> http://www.ijs.si/software/amavisd/README.postfix.html
>
> Is this the correct document to be using? I tried implementing these
> steps, including the pre-cleanup, and other postfix changes apparently
> remapping the cleanup service for the always_bcc option, and it still
> results in duplicated messages and no disclaimer footer.
>
> Can you help me to understand which parts of that document, if any, I
> should be concentrating on, and how it relates to my situation?
>
> Thanks,
> Alex
>


Example:

in master.cf:

submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o receive_override_options=no_address_mappings
  -o content_filter=smtp-amavis:[127.0.0.1]:10026


in amavisd.conf:
$inet_socket_port = [10024, 10026];

$interface_policy{'10026'} = 'TRUSTED';
$policy_bank{'TRUSTED'} = {  # mail originating from trusted senders
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  os_fingerprint_method => undef,  # don't query p0f for internal clients
  allow_disclaimers => 1,
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};


-- 
Gary V

More information about the amavis-users mailing list