Capabilities

Dusan Obradovic via amavis-users amavis-users at amavis.org
Wed May 28 10:07:02 CEST 2014


On May 22, 2014, at 4:29 AM, Gregory Sloop via amavis-users wrote:

> However, we can't just block every .zip file for example. Some zips from some senders are legit.
> Further, I don't want to block mail without generating a bounce reply. [An alternative would be rejecting it before accept at the MTA]
> But generating a bounce for blocked attachments will cause a host of back-scatter.

To reject mail at SMTP time, you can use Postfix before-queue content filtering, http://www.postfix.org/SMTPD_PROXY_README.html


Working master.cf example:

# To override one or more main.cf options, specify them as arguments
# below, preceding each option by "-o".  There must be no whitespace
# in the option itself (separate multiple values for an option by
# commas).
#
# In order to use the "uucp" message tranport below, set up entries
# in the transport table.
#
# In order to use the "cyrus" message transport below, configure it
# in main.cf as the mailbox_transport.
#
# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.
# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.
#
# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
   -o smtpd_proxy_filter=127.0.0.1:10024
   -o smtpd_client_connection_count_limit=10
   -o smtpd_authorized_xforward_hosts=127.0.0.0/8
   -o smtpd_authorized_xclient_hosts=127.0.0.0/8
smtps     inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
post-cleanup unix n     -       n       -       0       cleanup -o virtual_maps=
#
#=====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
#=====================================================================
# Pre-filtering
#=====================================================================
mailprefilter     unix  -       n       n       -       -       pipe user=filter argv=/usr/sbin/mailprefilter
    --
    -s ${sender}
    -r ${recipient}
    -u ${sasl_username}
    -c ${client_address}
#=====================================================================
# Global antivirus/antispam pre-filter (Amavis)
#=====================================================================
smtp-amavis  unix -     -       n       -       5       smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
# SMTP interface for injecting mail into Amavis
127.0.0.1:10025 inet n	-	n	-	-  smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10024
    -o cleanup_service_name=post-cleanup
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
#=====================================================================
# Mail re-injection (after pre-filtering)
#=====================================================================
127.0.0.1:10026 inet n	-	n	-	-  smtpd
    -o content_filter=
    -o cleanup_service_name=post-cleanup
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
#=====================================================================
# Mail policy
#=====================================================================
# mailpolicy        unix  -       n       n       -       -       spawn user=filter argv=/usr/sbin/kolab_smtpdpolicy
#=====================================================================
# Post-filtering
#=====================================================================
mailpostfilter     unix  -       n       n       -       -       pipe user=filter argv=/usr/sbin/mailpostfilter
    --
    -s ${sender}
    -r ${recipient}
    -c ${client_address}
#=====================================================================
# Mail delivery via LMTP/Dspam
#=====================================================================
127.0.0.1:10027 inet n	-	n	-	-  smtpd -o content_filter=lmtp:unix:/var/lib/dspam/dspam.sock



More information about the amavis-users mailing list