get rid of "Open relay?" and set up DKIM
Ralph Seichter
m16+amavis at monksofcool.net
Fri Oct 19 13:30:21 CEST 2018
On 19.10.18 07:52, Dominic Raferd wrote:
> you need to define @mynetworks *inside* the policy bank for it to
> be effective for these emails - in your case this means inside
> $policy_bank { 'AM.PDP-SOCK' }.
The following works for me with amavisd-new 2.10.1
$inet_socket_bind = ['127.0.0.1', '[::1]'];
$inet_socket_port = [1234, 5678];
$policy_bank{'SUBMISSION'} = {
originating => 1,
final_virus_destiny => D_REJECT,
smtpd_discard_ehlo_keywords => ['8BITMIME', 'STARTTLS'],
# ...
};
$interface_policy{'5678'} = 'SUBMISSION';
This opens port 5678 to deal with mail that enters through Postfix'
submission process (listening on port 587), which is either done by
authenticated users or matches Postfix' "mynetworks" setting. Binding a
policy bank to a localhost port that is only ever accessed by Postfix
ensures that only outbound mail passes through, so Amavis can add DKIM
signatures.
-Ralph
More information about the amavis-users
mailing list