polcy bank question
Patrick Ben Koetter
p at sys4.de
Wed Nov 12 06:40:51 CET 2014
Curtis,
* Curtis Maurand <curtis at maurand.com>:
> I'm new to polcy banks. I currently have:
>
> $interface_policy{'10026'} = 'ORIGINATING';
> $policy_bank{'ORIGINATING'} = {originating => 1,
> smtpd_discard_ehlo_keywords => ['8BITMIME'],
> };
>
>
> How do you have multiple policies on the same interface? The
> documentation along these lines is unreadable.
this is what you can do:
#############################################################################
## SERVER
#
# How many instances should we run?
$max_servers = 16;
# On which sockets do we listen for incoming connections?
@listen_sockets = (
# Release
'[::1]:9998',
# Post-Queue, Submission
'[::1]:10024',
# Pre-Queue, MTA to MTA
"$MYHOME/amavisd.sock"
);
#############################################################################
## POLICY MAPPING
#
# We map incoming mail to policy banks. Mail is identified via:
#
#
# - TCP/UNIX-Sockets
# - IP-Address/IP-Range
# - DKIM-authenticated signatures
# Where do we map @listen_sockets to?
$interface_policy{'10024'} = 'SUBMISSION';
$interface_policy{'SOCK'} = 'AM.PDP-SOCK';
$interface_policy{'9998'} = 'AM.PDP-INET';
# Where to we map specific network ranges to?
@client_ipaddr_policy = (
[qw( 0.0.0.0/8 127.0.0.1/32 [::] [::1] )] => 'LOCALHOST',
[qw( !172.16.1.0/24 172.16.0.0/12 192.168.0.0/16 )] => 'PRIVATENETS',
[qw( 192.0.2.0/25 192.0.2.129 192.0.2.130 )] => 'PARTNER',
[qw( 212.7.160.0/19 )] => 'SUBMISSION',
\@mynetworks => 'MYNETS'
);
# Where do we map DKIM-verified senderdomains to?
@author_to_policy_bank_maps = ( {
'state-of-mind.de' => 'WHITELIST,NOBANNEDCHECK,NOVIRUSCHECK',
'.paypal.de' => 'WHITELIST',
'amazon.de' => 'WHITELIST',
# Your content class filter rules...
#############################################################################
## POLICY BANKS: SUBMISSION
#
$policy_bank{'SUBMISSION'} = {
originating => 1,
bypass_spam_checks_maps => [1],
final_virus_destiny => D_BOUNCE,
final_banned_destiny=> D_PASS,
final_bad_header_destiny => D_PASS,
banned_filename_maps => ['MYNETS-DEFAULT'],
warnbadhsender => 0,
forward_method => 'smtp:127.0.0.1:10025',
notify_method => 'smtp:127.0.0.1:10025',
undecipherable_subject_tag => undef,
};
#############################################################################
## POLICY BANKS: MYNETS
#
$policy_bank{'MYNETS'} = {
originating => 1,
bypass_spam_checks_maps => [1],
final_virus_destiny => D_BOUNCE,
final_banned_destiny=> D_PASS,
final_bad_header_destiny => D_PASS,
banned_filename_maps => ['MYNETS-DEFAULT'],
warnbadhsender => 0,
undecipherable_subject_tag => undef,
};
#############################################################################
## POLICY BANKS: AM.PDP
#
$policy_bank{'AM.PDP-INET'} = {
protocol => 'AM.PDP',
inet_acl => [qw( 127.0.0.1 )],
auth_required_release => 0,
};
$policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP',
notify_method => 'smtp:127.0.0.1:10025',
auth_required_release => 0,
};
HTH,
p at rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the amavis-users
mailing list