Bypass banned content check from localhost , and bypass incoming badh problem
weber at zackbummfertig.de
weber at zackbummfertig.de
Tue Feb 5 22:44:18 CET 2013
Am 2013-01-28 08:21, schrieb Patrick Ben Koetter:
> * weber at zackbummfertig.de <weber at zackbummfertig.de>:
>> >You have a Postfix smtpd server listening on 10026 AND you tell
>> amavis to
>> >listen on 10026 too? I doubt this will work. Did you tell amavis to
>> bind to
>> >port 10026?
>>
>> No, not all. I have :
>>
>> /etc/amavisd.conf =
>>
>> $inet_socket_port = 10024;
>
> That's part of your problem.
>
> By default all traffic, regardless where it comes from (external,
> internal)
> and goes to (external, internal) is handled by the same amavis
> filtering policy.
>
> You want to treat some senders different. ATM you want to identify
> them by
> their sender address (which is not a good method, because it can be
> faked
> easily. But that's something we may address later).
>
> So you need to create a special context within that amavis will apply
> different filtering rules.
>
> The way to create special contexts in amavis is to define
> policy_banks. Within
> a policy bank you may apply special, non-default settings; default
> settings
> from amavis default context will remain unchanged.
>
> You've created a policy_bank and called it ORIGINATING.
>
> Then you told amavis to route all traffic, that enters amavis on port
> 10026 to
> its ORIGINATING policy bank.
>
> So far so good. So what is missing at the moment?
>
> You haven't told amavis yet to _listen_ on port 10026. A
> configuration that
> tells amavis to listen on 10024 AND 10026 goes like this:
>
> $inet_socket_port = [10024,10026];
from an mail before:
i have this in my <<<master.cf>>>
127.0.0.1:10026 inet n - n - - smtpd
-o content_filter=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o mynetworks=127.0.0.0/8
-o mynetworks_style=host
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o relay_recipient_maps=
-o smtp_send_xforward_command=yes
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_delay_reject=no
-o smtpd_end_of_data_restrictions=
-o smtpd_error_sleep_time=0
-o smtpd_hard_error_limit=1000
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_restriction_classes=
-o smtpd_sender_restrictions=
-o smtpd_soft_error_limit=1001
-o strict_rfc821_envelopes=yes
and this in the amavid.conf:
$notify_method = 'smtp:[127.0.0.1]:10026';
$forward_method = 'smtp:[127.0.0.1]:10025';
so when i do like u suggested:
$inet_socket_port = [10024,10026];
i get in logs :
Feb 5 21:57:53 mail amavis[15917]: starting. /usr/sbin/amavisd at
mail.zbfmail.de amavisd-new-2.7.2 (20120629), Unicode aware,
LANG="en_GB.utf8"
Feb 5 21:57:53 mail amavis[15918]: (!)Net::Server: 2013/02/05-21:57:53
Can't connect to TCP port 10026 on 127.0.0.1 [Address already in use]\n
at line 67 in file
/usr/lib64/perl5/vendor_perl/5.12.4/Net/Server/Proto/TCP.pm
cause postfix already listens on 10026.
do i just have to follow your link that my own domain on sending is
skipped checking for banned content?
or do i have to change the
<http://www.ijs.si/software/amavisd/README.postfix.html#filter_by_sender>
marko
>
> Use 'lsof -Pni | grep amavis' after you reloaded amavis to verify it
> listens
> on both ports.
>
> Once you have this set up, amavis will be ready to apply different
> filtering
> rules.
>
> Now if you use Postfix to feed amavis with messages, you need to tell
> Postfix
> to route messages for specific senders to port 10026. This link
> should explain
> how to do it:
>
> <http://www.ijs.si/software/amavisd/README.postfix.html#filter_by_sender>
>
> p at rick
More information about the amavis-users
mailing list