bypass amavisd after OK from policy daemon?
franz at electromail.org
Tue Aug 6 10:58:21 CEST 2013
On Tue, Aug 06, 2013 at 08:37:09AM +0200, Patrick Ben Koetter wrote:
> * Franz Schwartau <franz at electromail.org>:
> > Hi Noel,
> > thanks for your answer.
> > On 05.08.2013 18:31, Noel Jones wrote:
> > > On 8/5/2013 10:42 AM, Franz Schwartau wrote:
> > >> Dear list,
> > >>
> > >> I configured postfix to use amavisd as a SMTP proxy (smtpd_proxy_filter). Now I'd like to skip amavisd if a policy daemon called in smtpd_recipient_restrictions returns OK.
> > >>
> > >> Has anyone any idea how to accomplish this?
> > >>
> > >> As far as I unterstood postfix' restrictions there is no "final" OK skipping any further checks.
> > >
> > > The insurmountable problem is that amavisd is called before the
> > > policy server is ever run.
> > > Any bypass will need to be in amavisd itself.
> > >
> > > The built-in bypass mechanisms in amavisd-new are the various
> > > bypass* and *lovers parameters. If they can't do what you want,
> > > custom code will be needed.
> > I'm aware of the fact that amavisd is run before the policy daemon if
> > configured as a smtpd_proxy_filter. This is why I asked "Is there any
> > way to flag anything so amavisd skips it's checks?"
> > The only way I found so far is to set an extra header in postfix via
> > PREPEND. This extra header can be evaluted by spamassassin setting a
> > very low score. Unfortunatly this doesn't cover virus or bad header checks.
> > amavisd's bypass and lovers maps are for recipients, only.
> > Any idea how amavisd can be configured to skip checks if an extra header
> > is set?
> Not unless you add (read: program) a custom class.
> What problem do you need to solve? Maybe we can use a different approach.
Basically I'd like to skip any further checks based on a result of a policy daemon.
I use smtpd_recipient_restrictions to ask a policy server using check_policy_service. This policy server implements black- and whitelisting in dependency of the recipient domain. The parameters for black- or whitelisting are stored in a SQL database. The parameters can be of all types (client name, client address, hello parameter, sender, recipient). If some parameter is whitelisted amavisd shouldn't perform any checks.
BTW. I know SMTP is a multi recipient protocol. Black- and whitelisting can be complicated. But please don't let us discuss it here. Maybe I have to use another call to a policy daemon in smtpd_data_restrictions to solve multiple recipient problems.
So I'm looking for a possibility to skip checks within amavisd based on some critera, e. g. special header is present, external file based on queue id is present.
More information about the amavis-users