How to specify different policies for different unix sockets?

Mark Martinec Mark.Martinec+amavis at ijs.si
Mon Apr 25 18:06:19 CEST 2016


Hamy,

> Hi, i would like to use unix socket instead of inet in amavisd for 
> postfix to
> communicate with it and then secure it by setting appropriate 
> permissions.
> However, i dot not want to disable the default AM.PDP-SOCK policy which 
> is
> required for amavisd-release and maybe other scripts(and 
> amavisd-milter) to work.
> also i might need to have multiple smtp unix sockets in future with 
> different
> set of policy banks applied to them. How can one do so? it's easily 
> possibly
> to do that with inet ports, but what about unix sockets?
> [...]

amavisd-new-2.7.0 release notes, July 1, 2011 :

- a policy bank may now be loaded based on a path name of a Unix socket
   receiving a connection.

   Example use:

     @listen_sockets = (
       "$helpers_home/amavisd.sock1",
       "$helpers_home/amavisd.sock2",
       "$helpers_home/amavisd.sock3",
     );

     $interface_policy{"$helpers_home/amavisd.sock1"} = 'UX-S1';
     $interface_policy{"$helpers_home/amavisd.sock2"} = 'UX-S2';
     $interface_policy{"$helpers_home/amavisd.sock3"} = 'UX-S3';

     $policy_bank{'UX-S1'} = { ... };
     $policy_bank{'UX-S2'} = { ... };
     $policy_bank{'UX-S3'} = { ... };


amavisd-new-2.8.0 release notes:

- load all (both) applicable policy banks when %interface_policy contain
   both a "SOCK" entry and a Unix socket path name; and similarly when it
   contains both the "IPaddress:port" and a "port" entries. Previously
   the "SOCK" policy bank was not loaded when a socket path name entry
   existed in %interface_policy, and similarly a port-only -based policy
   bank was not loaded when a more specific "IPaddress:port" entry 
existed;



Mark


More information about the amavis-users mailing list