Troubleshooting Policy Banks - Re: Open relay from localhost and other questions

Tue Apr 25 00:05:03 CEST 2017

* Robert Moskowitz <rgm at htt-consult.com>:
> How do I trace what is happening with policy banks?
> 
> https://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks
> 
> How can I tell if the IP address is being supplied?  How can I tell what is
> in MYNETS?

Increase the log level and amavis will log the policy banks it applies.

p at rick

> 
> etc.
> 
> thanks
> 
> 
> On 04/24/2017 04:40 PM, Robert Moskowitz wrote:
> > 
> > 
> > On 04/22/2017 01:00 AM, Benny Pedersen wrote:
> > > Robert Moskowitz skrev den 2017-04-21 21:16:
> > > 
> > > > Been doing some research.  mynetworks should stop the localhost from
> > > > seeming like an Open relay.  I don't have this problem on my old
> > > > production server.  I am researching it.
> > > 
> > > check originating policy banks in amavisd, make sure local
> > > originated emails is gone into this bank in amavisd, this is
> > > important else it would be seen as a relay host and all sorts of
> > > fake msgs :=)
> > > 
> > > and for xforward in mta as well to help solve it
> > > 
> > > i dont use amavisd anymore, so cant help more with it
> > 
> > I have just done more testing, and cannot get this working.  I even
> > copied exactly what I have for @mynetworks from my old system, and made
> > the change right were the default in amavis.conf is instead of appending
> > it to the end.  No change.
> > 
> > @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
> >                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
> > 
> > And this server is at: 192.168.192.14/24
> > 
> > The old system is running: amavisd-new-2.6.4-2.el6
> > and the new one: amavisd-new-2.10.1-5.el7
> > 
> > Also BOTH .confs define policy_bank as:
> > 
> > $policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
> >   originating => 1,  # is true in MYNETS by default, but let's make it
> > explicit
> >   os_fingerprint_method => undef,  # don't query p0f for internal clients
> > };
> > 
> > And no where is MYNETS defined on either system's .conf
> > 
> > ?  Puzzled
> > 
> > WAIT!!!
> > 
> > The old server is at:  50.253.254.3/28
> > 
> > and that is not EVEN in @mynetworks!
> > 
> > And the other servers are on 50.253.254.0/28 and they do not get the
> > Open Relay message!
> > 
> > Something else is at work here...
> > 
> > 
> 

-- 
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein