Excluding 1 IP from a /24 listed in @mynetworks

Mark Martinec Mark.Martinec+amavis at ijs.si
Sat Aug 18 01:17:56 CEST 2012


> Hello. 2 problems. Let's say as an example I have the below mynetworks
> list and the MYNETS policy bank set up to allow these networks to bypass
> spam filtering. But let's say I have a single IP within mynetworks that
> I don't want to bypass spam filtering. Let's call it I've
> tried just inputting ! and also ! (at the
> end) but that didn't seem to work. So how do I do it?

You need to put this more specific item *before* a more general entry.
First match wins. This concept is quite generally adhered to throughout
amavisd. See README.lookups .

> SpamAssassin and
> Postfix conf shouldn't really matter, right? I haven't even set up
> trusted_networks in local.cf so that can't be it. My next idea would be
> to create another network list with that one IP and a new policy bank
> that doesn't bypass spam filtering but I am not even sure how to create
> the policy banks. This server is in production so I need to know before
> I start messing about with the configuration.

Using @mynetworks_maps or even @client_ipaddr_policy could achieve
that too, but there is no need for such big cannons in a simple case
like we have here.

> Also, I have another problem. When the mail server sends its reports
> each night, they are getting filtered. They shouldn't be getting
> filtered because is in the mynetworks list. The server's
> external IP is also in the mynetworks list so what the heck? Thanks!
> @mynetworks = qw( [::1] [FE80::]/10 [FEC0::]/10
>           );
> $policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
>   originating => 1, # is true in MYNETS by default, but let's make it explicit
>   os_fingerprint_method => undef,
>   bypass_spam_checks_maps => 1,
>   bypass_banned_checks_maps => 1,
>   bypass_header_checks_maps => 1,
> };

Perhaps the report is submitted to Postfix through a pickup
service so it doesn't come through SMTP on a loopback interface?
Try adding (meaning: 'this network') to the list
in @mynetworks and see if that helps. If it doesn't, you'll
need to rise the log level and see what is going on.


More information about the amavis-users mailing list