Troubleshooting Policy Banks - Re: Open relay from localhost and other questions
Robert Moskowitz
rgm at htt-consult.com
Mon Apr 24 23:46:28 CEST 2017
How do I trace what is happening with policy banks?
https://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks
How can I tell if the IP address is being supplied? How can I tell what
is in MYNETS?
etc.
thanks
On 04/24/2017 04:40 PM, Robert Moskowitz wrote:
>
>
> On 04/22/2017 01:00 AM, Benny Pedersen wrote:
>> Robert Moskowitz skrev den 2017-04-21 21:16:
>>
>>> Been doing some research. mynetworks should stop the localhost from
>>> seeming like an Open relay. I don't have this problem on my old
>>> production server. I am researching it.
>>
>> check originating policy banks in amavisd, make sure local originated
>> emails is gone into this bank in amavisd, this is important else it
>> would be seen as a relay host and all sorts of fake msgs :=)
>>
>> and for xforward in mta as well to help solve it
>>
>> i dont use amavisd anymore, so cant help more with it
>
> I have just done more testing, and cannot get this working. I even
> copied exactly what I have for @mynetworks from my old system, and
> made the change right were the default in amavis.conf is instead of
> appending it to the end. No change.
>
> @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
> 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
>
> And this server is at: 192.168.192.14/24
>
> The old system is running: amavisd-new-2.6.4-2.el6
> and the new one: amavisd-new-2.10.1-5.el7
>
> Also BOTH .confs define policy_bank as:
>
> $policy_bank{'MYNETS'} = { # mail originating from @mynetworks
> originating => 1, # is true in MYNETS by default, but let's make it
> explicit
> os_fingerprint_method => undef, # don't query p0f for internal clients
> };
>
> And no where is MYNETS defined on either system's .conf
>
> ? Puzzled
>
> WAIT!!!
>
> The old server is at: 50.253.254.3/28
>
> and that is not EVEN in @mynetworks!
>
> And the other servers are on 50.253.254.0/28 and they do not get the
> Open Relay message!
>
> Something else is at work here...
>
>
More information about the amavis-users
mailing list