Excluding 1 IP from a /24 listed in @mynetworks
Mark Martinec
Mark.Martinec+amavis at ijs.si
Sat Aug 18 01:17:56 CEST 2012
Tay,
> Hello. 2 problems. Let's say as an example I have the below mynetworks
> list and the MYNETS policy bank set up to allow these networks to bypass
> spam filtering. But let's say I have a single IP within mynetworks that
> I don't want to bypass spam filtering. Let's call it 192.168.10.10. I've
> tried just inputting !192.168.10.10 and also !192.168.10.10/32 (at the
> end) but that didn't seem to work. So how do I do it?
You need to put this more specific item *before* a more general entry.
First match wins. This concept is quite generally adhered to throughout
amavisd. See README.lookups .
> SpamAssassin and
> Postfix conf shouldn't really matter, right? I haven't even set up
> trusted_networks in local.cf so that can't be it. My next idea would be
> to create another network list with that one IP and a new policy bank
> that doesn't bypass spam filtering but I am not even sure how to create
> the policy banks. This server is in production so I need to know before
> I start messing about with the configuration.
Using @mynetworks_maps or even @client_ipaddr_policy could achieve
that too, but there is no need for such big cannons in a simple case
like we have here.
> Also, I have another problem. When the mail server sends its reports
> each night, they are getting filtered. They shouldn't be getting
> filtered because 127.0.0.1 is in the mynetworks list. The server's
> external IP is also in the mynetworks list so what the heck? Thanks!
>
> @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
> 10.0.0.0/8 172.16.0.0/12 192.168.10.0/24 );
>
> $policy_bank{'MYNETS'} = { # mail originating from @mynetworks
> originating => 1, # is true in MYNETS by default, but let's make it explicit
> os_fingerprint_method => undef,
> bypass_spam_checks_maps => 1,
> bypass_banned_checks_maps => 1,
> bypass_header_checks_maps => 1,
> };
Perhaps the report is submitted to Postfix through a pickup
service so it doesn't come through SMTP on a loopback interface?
Try adding 0.0.0.0/8 (meaning: 'this network') to the list
in @mynetworks and see if that helps. If it doesn't, you'll
need to rise the log level and see what is going on.
Mark
More information about the amavis-users
mailing list