How to specify different policies for different unix sockets?
Mark Martinec
Mark.Martinec+amavis at ijs.si
Mon Apr 25 18:06:19 CEST 2016
Hamy,
> Hi, i would like to use unix socket instead of inet in amavisd for
> postfix to
> communicate with it and then secure it by setting appropriate
> permissions.
> However, i dot not want to disable the default AM.PDP-SOCK policy which
> is
> required for amavisd-release and maybe other scripts(and
> amavisd-milter) to work.
> also i might need to have multiple smtp unix sockets in future with
> different
> set of policy banks applied to them. How can one do so? it's easily
> possibly
> to do that with inet ports, but what about unix sockets?
> [...]
amavisd-new-2.7.0 release notes, July 1, 2011 :
- a policy bank may now be loaded based on a path name of a Unix socket
receiving a connection.
Example use:
@listen_sockets = (
"$helpers_home/amavisd.sock1",
"$helpers_home/amavisd.sock2",
"$helpers_home/amavisd.sock3",
);
$interface_policy{"$helpers_home/amavisd.sock1"} = 'UX-S1';
$interface_policy{"$helpers_home/amavisd.sock2"} = 'UX-S2';
$interface_policy{"$helpers_home/amavisd.sock3"} = 'UX-S3';
$policy_bank{'UX-S1'} = { ... };
$policy_bank{'UX-S2'} = { ... };
$policy_bank{'UX-S3'} = { ... };
amavisd-new-2.8.0 release notes:
- load all (both) applicable policy banks when %interface_policy contain
both a "SOCK" entry and a Unix socket path name; and similarly when it
contains both the "IPaddress:port" and a "port" entries. Previously
the "SOCK" policy bank was not loaded when a socket path name entry
existed in %interface_policy, and similarly a port-only -based policy
bank was not loaded when a more specific "IPaddress:port" entry
existed;
Mark
More information about the amavis-users
mailing list