Submission clients bypass MYNETS policy

Gary V mr88talent at
Tue Sep 20 03:15:10 CEST 2011

On 9/19/11, Alex wrote:
> Hi,
>>>> I have set up an amavisd-new with postfix/spamassassin on fedora15.
>>>> I'm trying to set up a disclaimer footer using amavisd because I also
>>>> need always_bcc, and was having a problem with postfix duplicating the
>>>> messages as a result.
>>>> Webmail now properly attaches the disclaimer footer using my amavisd
>>>> config, but somehow submission clients are bypassing the MYNETS
>>>> policy, which is where "allow_disclaimers = 1" is set.
>>>> Here's a snapshot from the logs. "" is the remote host
>>>> and "" is the amavisd host.
>>> Deliver submission mail to amavis on a decicated amavis port. Map that
>>> port to
>>> a policy bank e.g. MYNETS.
>> Can you guide me to where I can find information on how to do that?
> I've spent quite a bit more time on this, trying to figure out how to
> create another dedicated port by following
> Is this the correct document to be using? I tried implementing these
> steps, including the pre-cleanup, and other postfix changes apparently
> remapping the cleanup service for the always_bcc option, and it still
> results in duplicated messages and no disclaimer footer.
> Can you help me to understand which parts of that document, if any, I
> should be concentrating on, and how it relates to my situation?
> Thanks,
> Alex



submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o receive_override_options=no_address_mappings
  -o content_filter=smtp-amavis:[]:10026

in amavisd.conf:
$inet_socket_port = [10024, 10026];

$interface_policy{'10026'} = 'TRUSTED';
$policy_bank{'TRUSTED'} = {  # mail originating from trusted senders
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  os_fingerprint_method => undef,  # don't query p0f for internal clients
  allow_disclaimers => 1,
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option

Gary V

More information about the amavis-users mailing list