Bypass banned content check from localhost , and bypass incoming badh problem
weber at zackbummfertig.de
weber at zackbummfertig.de
Thu Jan 24 15:26:45 CET 2013
(internet)---(server -> aviramailgate -> amavis -> postfix (clamav) ->
dovecot
(mails arrive on port 25 and go amavis)
/etc/postfix/master.cf =
smtpd pass - - n - - smtpd
-o content_filter=avira-smtp:[127.0.0.1]:10027
# -o content_filter=lmtp-amavis:[127.0.0.1]:10024
-o cleanup_service_name=pre-cleanup
127.0.0.1:10025 inet n - - - - smtpd
-o cleanup_service_name=cleanup
-o content_filter=dspam-lmtp:unix:/var/run/dspam/dspam.sock
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o mynetworks=127.0.0.0/8
-o mynetworks_style=host
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o relay_recipient_maps=
-o smtp_send_xforward_command=yes
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_delay_reject=no
-o smtpd_end_of_data_restrictions=
-o smtpd_error_sleep_time=0
-o smtpd_hard_error_limit=1000
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_restriction_classes=
-o smtpd_sender_restrictions=
-o smtpd_soft_error_limit=1001
-o strict_rfc821_envelopes=yes
127.0.0.1:10026 inet n - n - - smtpd
-o content_filter=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o mynetworks=127.0.0.0/8
-o mynetworks_style=host
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o relay_recipient_maps=
-o smtp_send_xforward_command=yes
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_delay_reject=no
-o smtpd_end_of_data_restrictions=
-o smtpd_error_sleep_time=0
-o smtpd_hard_error_limit=1000
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_restriction_classes=
-o smtpd_sender_restrictions=
-o smtpd_soft_error_limit=1001
-o strict_rfc821_envelopes=yes
-------------------------------------------------------------------
/etc/amavisd.conf =
$inet_socket_port = 10024;
(i think i dont touched this block:)
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
originating => 1, # is true in MYNETS by default, but let's make it
explicit
os_fingerprint_method => undef, # don't query p0f for internal
clients
bypass_banned_checks_maps => [1],
};
# it is up to MTA to re-route mail from authenticated roaming users or
# from internal hosts to a dedicated TCP port (such as 10026) for
filtering
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our
users
originating => 1, # declare that mail was submitted by our smtp
client
allow_disclaimers => 1, # enables disclaimer insertion if available
# notify administrator of locally originating malware
virus_admin_maps => ["virusalert\@$mydomain"],
spam_admin_maps => ["virusalert\@$mydomain"],
warnbadhsender => 1,
# forward to a smtpd service providing DKIM signing service
#### weber change start
forward_method => 'smtp:[127.0.0.1]:10026',
### weber change stop
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_banned_checks => [1], # allow sending any file names and
types
final_bad_header_destiny => D_PASS,
terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS
option
};
### weber change start
$notify_method = 'smtp:[127.0.0.1]:10026';
$forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with
milter!
### weber change stop
Do you need more from my config files?
thanks
marko
Am 2013-01-24 15:06, schrieb Patrick Ben Koetter:
> * weber at zackbummfertig.de <weber at zackbummfertig.de>:
>> Patrick,
>> thanks for answering, but it dont work for me.
>> i still get "Banned content messages" and mail is not sent out...
>> Do i also have to set something in the master.cf to enable this
>> policy_bank ORIGINATING ?
>
>
> Please post config that shows how you route messages from Postfix (?)
> into
> amavis and the relevant parts in amavis that route those messages to
> the
> policy bank including its settings.
>
> p at rick
>
>> marko, from hamburg
>>
>> (sorry,hatte vorhin nur auf reply gedrückt)
>
> Kein Thema. Hatte ich mir schon gedacht.
>
>
>>
>> Am 2013-01-24 13:11, schrieb Patrick Ben Koetter:
>> >* weber at zackbummfertig.de <weber at zackbummfertig.de>:
>> >>i want my users to be able to send banned content files.
>> >>
>> >>my goal is to have a map in amavis where i can set which user is
>> >>allowed to send banned content.
>> >>
>> >> ferdinand at domain.de is allowed to send,
>> >> ulrike at domain.de is NOT allowed to send,
>> >>
>> >>banned content.
>> >
>> >
>> >I recommend you let local users send over submission (587) port
>> >and create a
>> >dedicated policy for those senders:
>> >
>> >$policy_bank{'ORIGINATING'} = {
>> > originating => 1,
>> > bypass_spam_checks_maps => [1],
>> > bypass_banned_checks_maps => [1],
>> > final_virus_destiny => D_REJECT,
>> > final_bad_header_destiny => D_PASS,
>> > terminate_dsn_on_notify_success => 0,
>> >};
>> >
>> >p at rick
>>
More information about the amavis-users
mailing list