Virus notification question

Mark Martinec Mark.Martinec+amavis at ijs.si
Thu Feb 16 17:44:39 CET 2012 

Stephen,

> Thanks for the feedback Mark.
> I now have a better understanding of this side of amavisd.
> 
> I am using Petr Rohar's amavisd-milter
> (I didn't know you had one).

Yes, Petr's is the only milter interface to amavisd nowadays.
There used to be an equivalent of this in the amavisd-new
package, but I dropped it, as Petr's milter supports the new
AM.PDP protocol and is better maintained.

> Does the $inet_socket_port have any relevance at all in this context?

If you are accepting AM.PDP protocol requests over a Unix
socket ($unix_socketname or its equivalent in @listen_sockets),
and you don't have any other needs for other inet connections
(like from amavisd-release, which can use either a Unix
socket or an inet socket to contact amavisd), then the
$inet_socket_port has no relevance for your setup.

Btw,  starting with 2.7.0, the @listen_sockets is the generic
config setting for all listening sockets. The $inet_socket_bind,
$inet_socket_port, and $unix_socketname are only still there
for compatibility:

- @listen_sockets setting offers a unified configuration of listening
  sockets; it may be configured directly, or the traditional way: the
  $inet_socket_port, $unix_socketname and $inet_socket_bind just add
  their entries to the @listen_sockets list;


> My config has:
> 
> $policy_bank{'AM.PDP-SOCK'} = {
>   protocol => 'AM.PDP',
>   auth_required_release => 0,
>   final_spam_destiny => D_DISCARD
> };

Ok.
This applies to connections coming in over the $unix_socketname.

> And I have changed $notify_method to:
>   $notify_method  = 'smtp:[127.0.0.1]:587';
> (I can live with the unlikely reject).

Ok.

Keep in mind that a notification or DSN generated by amavisd
and submitted to the $notify_method will need to be accepted
and processed by MTA in order for the current mail processing
can continue. If the MTA will invoke milter/amavisd for this
submission too, there needs to be a spare amavisd process
available to handle this, otherwise we end up in a deadlock.

In practice this may be acceptable with sufficient number
of child processes. However if the $max_servers is small
(like 2, as may be a default), the likelihood of such a lockup
becomes real.

> $final_virus_destiny = D_DISCARD;
> 
> Are there any other settings relevant to the milter context?

Nothing comes to mind.

There are some differences between a milter approach and
the SMTP approach. With milter, amavisd can't split the
passed message, so if a message has multiple recipients
and they differ in their requirements (e.g. defanging,
header edits), these individual needs won't be met.

> PS My bogofilter version of amavisd seems to be working perfectly.

Good.
I left it running with my modified patch here for a couple of days
too, just to see that it works.

  Mark

More information about the amavis-users mailing list