MYNETS not working

Mark Martinec Mark.Martinec+amavis at ijs.si
Fri May 18 20:36:44 CEST 2012 

Danilo,

> I'm trying to setup Amavis so it would not perform spam tests on mail
> sent from my networks.
> 
> I tried it by defining 'mynetworks':
> > @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
> >                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
> >                   169.254.237.0/24 );
> 
> and using policy_bank 'MYNETS':
> > $policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
> >   syslog_ident => 'amavis-mynet',
> >   originating => 1,
> >   final_spam_destiny => D_DISCARD,
> >   os_fingerprint_method => undef,  # don't query p0f for internal clients
> >   bypass_spam_checks_maps => [1], # dont SPAM check local mail
> > };

This looks about right.

> However it seems that this doesn't work as I still get such log entires:
> 
> > May 17 10:26:15 mail amavis[9662]: (09662-01) Passed CLEAN
> > {RelayedOpenRelay}, [192.168.10.239]
> > <test at mydomain> -> <somebody at outside>,
> > Message-ID: <38DF5432303B6240BE323F5B763BFF97C66B41>,
> > mail_id: oYXpOcJ-2J6t, Hits: -3.378, size: 3399, queued_as: B5FDECD82B5,
> > Tests [AM.WBL=-2.5,BAYES_00=-1.9,DSPAM.Whitelisted=-0.200,
> > HTML_MESSAGE=0.001,MIME_HTML_MOSTLY=0.428,RDNS_NONE=0.793], 404 ms

The absence of MYNETS in this log entry and a presence of {RelayedOpenRelay}
indicates that the policy bank MYNETS was not loaded for some reason.

> Is there anything else I have to do to activate 'MYNETS'?
> Amavisd-new version is 2.7.0 on SLES 11.

The above should suffice, unless you also have some assignment
to @mynetworks_maps in your config file. If so, then you also
need a line like:
  @client_ipaddr_policy = map(($_,'MYNETS'), @mynetworks_maps);
somewhere *after* the @mynetworks_maps has been changed.

I wonder why there is only one IP address shown in your log entry.
Typically there would be two, one obtained from Postfix through
its XFORWARD smtp extension command, the other obtained by parsing
a mail header for the bottom-most public IP address. Are you using
some other mailer than Postfix, or is it perhaps not enabled
( -o smtp_send_xforward_command=yes  on a smtp service feeding
mail to amavisd ) ?

  Mark

More information about the amavis-users mailing list