excluding checks for @mynetowrks - amavis vs. postfix problem

Tomas Macek macek at fortech.cz
Thu Sep 22 12:04:14 CEST 2011 

Thank you Mark, works as I needed!
I had to add some line to the @client_ipaddr_policy array:

@client_ipaddr_policy = (
 	[qw( 192.168.0.0/29 )] => 'MYSERVERS',
 	\@mynetworks => 'MYNETS',
 	$_ => 'MYNETS',
);

Without that line Amavis "complained" about possible relay:

 	Open relay? Nonlocal recips but not originating: <mailaddress>

and from the log it seemed, that the IP address was unknown (debug level 
set to 5):

 	client IP address unknown, fetching from Received:

This happened when Postfix passes the parameters of the mail to the 
command line of our own notification program and this program sends the 
notification to the user to <mailaddress> via sendmail. Strange, but this 
works now.

I read the howto from here: 
http://groups.google.com/group/mailing.unix.amavis-user/browse_thread/thread/853bc5ca5426de9a/dfa9c522cb291007?lnk=gst&q=Open+relay%3F+Nonlocal+recips+but+not+originating#dfa9c522cb291007

Tomas


On Wed, 21 Sep 2011, Mark Martinec wrote:

> Tomas,
>
>> I want to exclude some part of Postfix's mynetworks from Amavis spam checks,
>> but really only some part, the rest should be checked as ussual. The "some
>> part" is a subnet, in that I have all my servers sending emails, that should
>> be excluded.
>> For example here I'm trying to say, that my servers (that I want to exclude)
>> are in 192.168.0.0/29 subnet.
>
> @client_ipaddr_policy = (
>   [qw( 192.168.0.0/29 )] => 'MYSERVERS',
>   \@mynetworks => 'MYNETS',
> );
>
> $policy_bank{'MYSERVERS'} = {
>  originating => 1,
>  bypass_decode_parts => 1,
>  bypass_virus_checks_maps => [1],
>  bypass_banned_checks_maps => [1],
>  bypass_spam_checks_maps => [1],
> };
>
>
> amavisd-new-2.6.3 release notes:
>
> - added a configuration variable @client_ipaddr_policy, which maps smtp
>  client's IP address lookup lists to a policy bank name. This allows for
>  loading a policy bank based on a client IP address, and generalizes a
>  formerly hard-wired mapping of @mynetworks_maps into 'MYNETS'.
>  The list is traversed in order, the first matching networks list stops
>  the search and its associated policy name is used. Suggested by Jo Rhett.
>
>  The default setting retains backwards compatibility:
>
>    @client_ipaddr_policy = map { $_ => 'MYNETS' } @mynetworks_maps;
>
>  but please keep in mind that this assignment is made during startup
>  before evaluating a config file, so if amavisd.conf changes the
>  @mynetworks_maps list, the assignment to @client_ipaddr_policy needs to
>  be re-evaluated to retain a desired default. This is not necessary when
>  @mynetworks_maps is left untouched but only its component @mynetworks
>  is changed.
>
>  Example:
>    @client_ipaddr_policy = (
>      [qw( 0.0.0.0/8 127.0.0.1/8 [::] [::1] )]            => 'LOCALHOST',
>      [qw( !172.16.1.0/24 172.16.0.0/12 192.168.0.0/16 )] => 'PRIVATENETS',
>      [qw( 192.0.2.0/25 192.0.2.129 192.0.2.130 )]        => 'PARTNER',
>      \@some_other_networks  => 'OTHER',
>      \@mynetworks           => 'MYNETS',
>    );
>
>
>
> Mark
>

More information about the amavis-users mailing list