whitelist sender domain
Asif Iqbal
vadud3 at gmail.com
Sun Dec 11 07:24:03 CET 2016
I am running amavid-new with postfix and I like to skip content filter for
senders with domain example.com
I do have amavisd-new setup with postfix like this where amavisd is setup
as the content_filter globally like below
# cat /etc/postfix/main.cf
...
content_filter = amavisfeed:[127.0.0.1]:10024
...
# cat /etc/postfix/master.cf
...
amavisfeed unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
# netstat -tunlp | grep 10024
tcp 0 0 127.0.0.1:10024 0.0.0.0:*
LISTEN 26131/amavisd (mast
tcp 0 0 ::1:10024 :::*
LISTEN 26131/amavisd (mast
# netstat -tunlp | grep 10025
tcp 0 0 127.0.0.1:10025 0.0.0.0:*
LISTEN 28242/smtpd
# ps -ef | grep 26131
amavis 26131 1 0 05:49 ? 00:00:02 /usr/sbin/amavisd (master)
amavis 28157 26131 0 14:22 ? 00:00:01 /usr/sbin/amavisd
(ch6-28157-06-3)
amavis 28322 26131 4 14:27 ? 00:00:06 /usr/sbin/amavisd
(ch5-28322-05-7)
# ps -ef | grep 28242
postfix 28242 29732 0 14:25 ? 00:00:00 smtpd -n
127.0.0.1:10025 -t inet -u -o content_filter= -o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject -o
smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o
smtpd_recipient_restrictions=permit_mynetworks,reject -o
smtpd_data_restrictions=reject_unauth_pipelining -o
smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o
mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o
smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o
smtpd_client_connection_count_limit=0 -o
smtpd_client_connection_rate_limit=0 -o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients= -o smtpd_milters= -o
local_recipient_maps= -o relay_recipient_maps=
And in amavisd.conf file I am using whitelist domains and email
addresses like below
# cat /etc/amavisd/amavisd.conf
...
read_hash(\%whitelist_sender, '/etc/amavisd/whitelist');
@whitelist_sender_maps = (\%whitelist_sender);
...
$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 1, # enables disclaimer insertion if available
# notify administrator of locally originating malware
virus_admin_maps => ["virusalert\@$mydomain"],
spam_admin_maps => ["virusalert\@$mydomain"],
warnbadhsender => 1,
# forward to a smtpd service providing DKIM signing service
forward_method => 'smtp:[127.0.0.1]:10027',
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_spam_checks_maps => ['@whitelist_sender_maps'], # don't
spam-check this mail
bypass_banned_checks_maps => ['@whitelist_sender_maps'], # was [1]
allow sending any file names and types
bypass_header_checks_maps => ['@whitelist_sender_maps'], # don't
header-check this mail
terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option
};
...
# cat /etc/amavisd/whitelist
here at example.com
eample.net
How do I make sure it is working? After I configured like below, I
restarted amavisd and postfix and I am seeing a lot of
``RelayedOpenRelay'' like below..
Dec 11 01:10:02 myhost amavis[12264]: (12264-08) Passed CLEAN
{RelayedOpenRelay}, [192.168.0.220]:51381 [192.168.0.220] <foo at example2.net>
-> <bar at juniper.net>, Message-ID: <20161211061002.7CDF95F777 at example3.net>,
mail_id: jTfE0zqJExAe, Hits: -1.899, size: 1920, queued_as: EB9F49ED41, 440
ms
I have not used amavisd with postfix like this before and please let
me know how I can achieve
whitelisting some of the sender addresses and sender domains and not
making the mail server an openrelay.
Thanks for your help!
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20161211/518117c4/attachment.html>
More information about the amavis-users
mailing list