get rid of "Open relay?" and set up DKIM

Ralph Seichter m16+amavis at
Fri Oct 19 13:30:21 CEST 2018

On 19.10.18 07:52, Dominic Raferd wrote:

> you need to define @mynetworks *inside* the policy bank for it to
> be effective for these emails - in your case this means inside
> $policy_bank { 'AM.PDP-SOCK' }.

The following works for me with amavisd-new 2.10.1

  $inet_socket_bind = ['', '[::1]'];
  $inet_socket_port = [1234, 5678];

  $policy_bank{'SUBMISSION'} = {
    originating => 1,
    final_virus_destiny => D_REJECT,
    smtpd_discard_ehlo_keywords => ['8BITMIME', 'STARTTLS'],
    # ...

  $interface_policy{'5678'} = 'SUBMISSION';

This opens port 5678 to deal with mail that enters through Postfix'
submission process (listening on port 587), which is either done by
authenticated users or matches Postfix' "mynetworks" setting. Binding a
policy bank to a localhost port that is only ever accessed by Postfix
ensures that only outbound mail passes through, so Amavis can add DKIM


More information about the amavis-users mailing list