get rid of "Open relay?" and set up DKIM

Dusan Obradovic dusan at euracks.net
Thu Oct 18 23:48:21 CEST 2018 

> On Oct 18, 2018, at 16:31, Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
> 
> Hello,
> 
> I am trying to get rid of annoying "Open relay?" messages and later set up
> DKIM signing, which both I believe are doable by properly setting
> @mynetworks.
> 
> the README.lookups says:
> 
> @mynetworks_maps = (read_array('/etc/amavisd-mynetworks'), \@mynetworks);
> 
> or
> 
> @mynetworks_maps = (read_hash('/etc/amavisd-mynetworks'), \@mynetworks);
> 
> and https://sourceforge.net/p/amavis/mailman/message/24573173/ recommends
> "not to forget to re-evaluate the @client_ipaddr_policy after/if
> @mynetworks_maps is changed:"
> 
>   @client_ipaddr_policy = map(($_,'MYNETS'), @mynetworks_maps);
> 
> 
> I have tried it all.
> 
> I have even assigned direct IP addresses to @mynetworks:
> 
> @mynetworks = qw(127.0.0.1 192.168.20.40 );
> 
> but the message still appears:
> 
> Oct 18 16:15:48 smtp2 amavis[1814]: (01814-15) Checking: WwuVqzvm1fVY AM.PDP-SOCK [192.168.20.40] <censored> -> <censored>
> Oct 18 16:15:48 smtp2 amavis[1814]: (01814-15) Open relay? Nonlocal recips but not originating: censored
> 
> I am using amavisd-milter to process mail at SMTP level. do I need to play with policy banks? 
> amavisd-new-2.10.1, Debian 8.
> 
> -- 
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> You have the right to remain silent. Anything you say will be misquoted,
> then used against you. 

I have it working using read_cidr().

@mynetworks      = @{ read_cidr('/etc/postfix/mynetworks') };

$policy_bank{'MYNETS'} = {
  originating => 1,
  os_fingerprint_method => undef,
};


amavisd-new-2.8.0 release notes:

- added a subroutine read_cidr() which can read a Postfix style CIDR file,
  with a syntax interpreted according a Postfix cidr_table(5) man page.
  The subroutine returns a ref to an array by default (but can also
  produce a hash, and is able to add data to an existing array or hash).

  Typical use:
    @mynetworks_maps = ( read_cidr('/etc/postfix/mynetworks.cidr') );
    @client_ipaddr_policy = map(($_,'MYNETS'), @mynetworks_maps);

  or:
    @mynetworks = @{ read_cidr('/etc/postfix/mynetworks.cidr') };

  For details and more complex usage see leading comments in the read_cidr
  subroutine;

More information about the amavis-users mailing list