reset @mynetworks and load them from file

Matus UHLAR - fantomas uhlar at fantomas.sk
Fri Dec 7 16:54:06 CET 2018 

Hello,

some time ago I've had problems setting up @mynetworks so all outgoing mail
can be DKIM-signed AND amavis does not complain about
"Open relay? Nonlocal recips but not originating".

As recorded on:
https://lists.amavis.org/pipermail/amavis-users/2018-October/005520.html

I have successfully configured it using:

@mynetworks=("127.0.0.0/8","[::1]");
&read_array(\@mynetworks, '/etc/postfix/mynetworks');
$policy_bank{'MYNETS'} = {
        originating =>  1,
};

originating flag must be set, because it's not set by default even when mail
is received from host in mynetworks.


NOW
I have found out that I must even clean up @mynetworks, defaulting to:

@mynetworks = qw( 127.0.0.0/8 [::1] 169.254.0.0/16 [fe80::]/10
                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
                  [fc00::]/7 );  # consider also RFC 6598: 100.64.0.0/10

because I receive mail from gateway in internal network, and all mail
received from it was tagged ALL_TRUSTED because of this.


It seems that amavis ignores Received: headers when originating flah is set:
http://mail-archives.apache.org/mod_mbox/spamassassin-users/201811.mbox/<20181111183400.GE11839%40fantomas.sk>


Just a note, the qw(...) perl syntax (often used by perl programmers) quotes
all values in pareentheses:

qw( 127.0.0.0/8 ) 
 is expanded to:

("127.0.0.0/8")

while simple

(127.0.0.0/8)

would be expanded to (0)

...at least in amavisd config file as I found out solving problems.
This resulted to amavisd crash:

Dec  7 13:56:56 mail amavis[2364]: (!!)TROUBLE in pre_loop_hook: IPv4 address [0] contains fewer than 4 fields
Dec  7 13:56:56 mail amavis[2364]: (!)_DIE: Suicide () TROUBLE in pre_loop_hook: IPv4 address [0] contains fewer than 4 fields

this error was reported in the past, I believe tould have been caused by
similar issue

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
You have the right to remain silent. Anything you say will be misquoted,
then used against you.

More information about the amavis-users mailing list