get rid of "Open relay?" and set up DKIM

[Dominic Raferd]

On Thu, 18 Oct 2018 at 15:32, Matus UHLAR - fantomas <uhlar at fantomas.sk>
wrote:

> Hello,
>
> I am trying to get rid of annoying "Open relay?" messages and later set up
> DKIM signing, which both I believe are doable by properly setting
> @mynetworks.
>
> the README.lookups says:
>
>  @mynetworks_maps = (read_array('/etc/amavisd-mynetworks'), \@mynetworks);
>
> or
>
>  @mynetworks_maps = (read_hash('/etc/amavisd-mynetworks'), \@mynetworks);
>
> and https://sourceforge.net/p/amavis/mailman/message/24573173/ recommends
> "not to forget to re-evaluate the @client_ipaddr_policy after/if
> @mynetworks_maps is changed:"
>
>     @client_ipaddr_policy = map(($_,'MYNETS'), @mynetworks_maps);
>
>
> I have tried it all.
>
> I have even assigned direct IP addresses to @mynetworks:
>
> @mynetworks = qw(127.0.0.1 192.168.20.40 );
>
> but the message still appears:
>
> Oct 18 16:15:48 smtp2 amavis[1814]: (01814-15) Checking: WwuVqzvm1fVY
> AM.PDP-SOCK [192.168.20.40] <censored> -> <censored>
> Oct 18 16:15:48 smtp2 amavis[1814]: (01814-15) Open relay? Nonlocal recips
> but not originating: censored
>
> I am using amavisd-milter to process mail at SMTP level.
> do I need to play with policy banks?
>
> amavisd-new-2.10.1, Debian 8.
>

I too have had this problem. But now, based on studying
amavisd.conf-default, I think the problem is that when we set a policy_bank
it overwrites (for emails that are covered by it) with default values many
variables that may be specifically defined by us outside the policy bank -
which is not the behaviour you or I would expect. This includes
@mynetworks; so you need to define @mynetworks *inside* the policy bank for
it to be effective for these emails - in your case this means inside
$policy_bank { 'AM.PDP-SOCK' }.

HTH, Dominic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20181019/a45605c9/attachment.html>