whitelist sender domain

Asif Iqbal vadud3 at gmail.com
Sun Dec 11 07:24:03 CET 2016 

I am running amavid-new with postfix and I like to skip content filter for
senders with domain example.com

I do have amavisd-new setup with postfix like this where amavisd is setup
as the content_filter globally like below

# cat /etc/postfix/main.cf

...
content_filter = amavisfeed:[127.0.0.1]:10024
...

# cat /etc/postfix/master.cf
...

amavisfeed unix    -       -       n        -      2     lmtp
    -o lmtp_data_done_timeout=1200
    -o lmtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
127.0.0.1:10025 inet n    -       n       -       -     smtpd
    -o content_filter=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o smtpd_restriction_classes=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
    -o local_header_rewrite_clients=
    -o smtpd_milters=
    -o local_recipient_maps=
    -o relay_recipient_maps=

# netstat -tunlp | grep 10024
tcp        0      0 127.0.0.1:10024             0.0.0.0:*
     LISTEN      26131/amavisd (mast
tcp        0      0 ::1:10024                   :::*
     LISTEN      26131/amavisd (mast

# netstat -tunlp | grep 10025
tcp        0      0 127.0.0.1:10025             0.0.0.0:*
     LISTEN      28242/smtpd

# ps -ef | grep 26131
amavis   26131     1  0 05:49 ?        00:00:02 /usr/sbin/amavisd (master)
amavis   28157 26131  0 14:22 ?        00:00:01 /usr/sbin/amavisd
(ch6-28157-06-3)
amavis   28322 26131  4 14:27 ?        00:00:06 /usr/sbin/amavisd
(ch5-28322-05-7)

# ps -ef | grep 28242
postfix  28242 29732  0 14:25 ?        00:00:00 smtpd -n
127.0.0.1:10025 -t inet -u -o content_filter= -o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject -o
smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o
smtpd_recipient_restrictions=permit_mynetworks,reject -o
smtpd_data_restrictions=reject_unauth_pipelining -o
smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o
mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o
smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o
smtpd_client_connection_count_limit=0 -o
smtpd_client_connection_rate_limit=0 -o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients= -o smtpd_milters= -o
local_recipient_maps= -o relay_recipient_maps=


And in amavisd.conf file I am using whitelist domains and email
addresses like below

# cat /etc/amavisd/amavisd.conf

...

read_hash(\%whitelist_sender, '/etc/amavisd/whitelist');
@whitelist_sender_maps = (\%whitelist_sender);
...

$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["virusalert\@$mydomain"],
  spam_admin_maps  => ["virusalert\@$mydomain"],
  warnbadhsender   => 1,
  # forward to a smtpd service providing DKIM signing service
  forward_method => 'smtp:[127.0.0.1]:10027',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  bypass_spam_checks_maps => ['@whitelist_sender_maps'], # don't
spam-check this mail
  bypass_banned_checks_maps => ['@whitelist_sender_maps'],  # was [1]
allow sending any file names and types
  bypass_header_checks_maps => ['@whitelist_sender_maps'],  # don't
header-check this mail
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};

...

# cat /etc/amavisd/whitelist
here at example.com
eample.net


How do I make sure it is working? After I configured like below, I
restarted amavisd and postfix and I am seeing a lot of
``RelayedOpenRelay'' like below..


Dec 11 01:10:02 myhost amavis[12264]: (12264-08) Passed CLEAN
{RelayedOpenRelay}, [192.168.0.220]:51381 [192.168.0.220] <foo at example2.net>
-> <bar at juniper.net>, Message-ID: <20161211061002.7CDF95F777 at example3.net>,
mail_id: jTfE0zqJExAe, Hits: -1.899, size: 1920, queued_as: EB9F49ED41, 440
ms

I have not used amavisd with postfix like this before and please let
me know how I can achieve

whitelisting some of the sender addresses and sender domains and not
making the mail server an openrelay.


Thanks for your help!





Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20161211/518117c4/attachment.html>

More information about the amavis-users mailing list