milter messages marked as ALL_TRUSTED

Matus UHLAR - fantomas uhlar at fantomas.sk
Wed Apr 22 13:47:57 CEST 2020 

>> On Wed, Apr 22, 2020 at 01:40:32PM +0300, Henrik K wrote:
>> >
>> > Actually I found the problem, looking at my locally patched amavisd..
>> >
>> > The patch is missing one call.
>> >
>> > Look for string
>> >
>> > # load policy banks from the 'client_ipaddr_policy' lookup
>> >
>> > ... there's two of those
>> >
>> > But this first one was missing the $msginfo->originating call...  this is
>> > inside the check_ampdp_policy function which I think is used with amavisd-milter
>> >
>> >     # load policy banks from the 'client_ipaddr_policy' lookup
>> >     Amavis::load_policy_bank($_,$msginfo) for @bank_names_cl;
>> >     $msginfo->originating(c('originating'));
>> >     # additional banks from the request
>> >     Amavis::load_policy_bank(untaint($_),$msginfo) for @$bank_names_ref;
>> >
>> > I'll investigate a bit more how to do this the most clean way, but adding
>> > that $msginfo->originating(c('originating')); will make it work..

>On Wed, Apr 22, 2020 at 02:21:25PM +0300, Henrik K wrote:
>> Bug filed:
>>
>> https://gitlab.com/amavis/amavis/-/issues/61

great, I'll try the patch

On 22.04.20 14:30, Henrik K wrote:
>This can also be worked around by always forcing a policy load.

we have some servers where it might not be best idea, but I will think about
it. So far, I wanted to keep detection on MYNETS

>There good example in amavisd documentation:

>$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
...
>$policy_bank{'AM.PDP-SOCK'} = {
>  protocol => 'AM.PDP',

This is what I have now for some time, according to the policy.

...I use this to change behaviour from D_BOUNCE to D_REJECT for mail from
remote servers.

>I suspect I'm not the only one who simply has these lines in amavisd.conf root and
>not a policy bank.
>
>$protocol = 'AM.PDP';
>$auth_required_release = 0;

I don't - I have started with LMTP and added milter later. So, I use
inly use AM.PDP on socket.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.

More information about the amavis-users mailing list