milter messages marked as ALL_TRUSTED
Henrik K
hege at hege.li
Wed Apr 22 13:30:47 CEST 2020
On Wed, Apr 22, 2020 at 02:21:25PM +0300, Henrik K wrote:
> On Wed, Apr 22, 2020 at 01:40:32PM +0300, Henrik K wrote:
> >
> > Actually I found the problem, looking at my locally patched amavisd..
> >
> > The patch is missing one call.
> >
> > Look for string
> >
> > # load policy banks from the 'client_ipaddr_policy' lookup
> >
> > ... there's two of those
> >
> > But this first one was missing the $msginfo->originating call... this is
> > inside the check_ampdp_policy function which I think is used with amavisd-milter
> >
> > # load policy banks from the 'client_ipaddr_policy' lookup
> > Amavis::load_policy_bank($_,$msginfo) for @bank_names_cl;
> > $msginfo->originating(c('originating'));
> > # additional banks from the request
> > Amavis::load_policy_bank(untaint($_),$msginfo) for @$bank_names_ref;
> >
> > I'll investigate a bit more how to do this the most clean way, but adding
> > that $msginfo->originating(c('originating')); will make it work..
>
> Bug filed:
>
> https://gitlab.com/amavis/amavis/-/issues/61
This can also be worked around by always forcing a policy load.
There good example in amavisd documentation:
$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
# Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c
# (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'):
$policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP',
auth_required_release => 0, # do not require secret_id for amavisd-release
};
This forces Amavis::load_policy_bank to be called and the load_policy_bank
function itself will run the $msginfo->originating(c('originating')); call..
I suspect I'm not the only one who simply has these lines in amavisd.conf root and
not a policy bank.
$protocol = 'AM.PDP';
$auth_required_release = 0;
More information about the amavis-users
mailing list