Policy Banks Examples
Patrick Ben Koetter
p at sys4.de
Mon Jan 4 09:50:31 CET 2021
Phil,
Am 03.01.21 um 23:41 schrieb Philip:
> Morning,
>
> Does anyone have any good tutorials on creating different policy
> banks. The documentation I find isn't very forth coming.
a policy bank needs something that triggers it. This can be a TCP or
UNIX socket, an IP (range) or a DKIM verified sender (domain).
# TCP/UNIX Sockets
@listen_sockets = (
# Release
'[::1]:9998',
# Post-Queue, Submission
'[::1]:10024',
# Pre-Queue, MTA zu MTA
"$MYHOME/amavisd.sock"
);
# DKIM and Client IPs are given
Once you've created your 'triggers', you need to map them to a policy bank:
#############################################################################
## POLICY MAPPING
##
# - TCP/UNIX-socket
# - Client IP-address/IP-range
# - DKIM-authenticated sender/senderdomain
# Where to we map @listen_sockets to?
$interface_policy{'10024'} = 'SUBMISSION';
$interface_policy{'SOCK'} = 'AM.PDP-SOCK';
$interface_policy{'9998'} = 'AM.PDP-INET';
# Where do we map IP-addresses/-ranges to?
@client_ipaddr_policy = (
[qw( 0.0.0.0/8 127.0.0.1/32 [::] [::1] )] => 'LOCALHOST',
[qw( !172.16.1.0/24 172.16.0.0/12 192.168.0.0/16 )] => 'PRIVATENETS',
[qw( 192.0.2.0/25 192.0.2.129 192.0.2.130 )] => 'PARTNER',
[qw( 212.7.160.0/19 )] => 'SUBMISSION',
\@mynetworks => 'MYNETS'
);
# Where to we map DKIM verified sender/senderdomains to?
@author_to_policy_bank_maps = ( {
'state-of-mind.de' => 'WHITELIST,NOBANNEDCHECK',
'.paypal.de' => 'WHITELIST',
'amazon.de' => 'WHITELIST',
} );
Finally you define the policy banks and what their policies are:
#############################################################################
## POLICY BANKS: WHITELIST
#
$policy_bank{'WHITELIST'} = {
bypass_spam_checks_maps => [1],
spam_lovers_maps => [1],
};
#############################################################################
## POLICY BANKS: NOVIRUSCHECK
#
$policy_bank{'NOVIRUSCHECK'} = {
bypass_decode_parts => 1,
bypass_virus_checks_maps => [1],
virus_lovers_maps => [1],
};
#############################################################################
## POLICY BANKS: NOBANNEDCHECK
#
$policy_bank{'NOBANNEDCHECK'} = {
bypass_banned_checks_maps => [1],
banned_files_lovers_maps => [1],
};
#############################################################################
## POLICY BANKS: SUBMISSION
#
$policy_bank{'SUBMISSION'} = {
originating => 1,
bypass_spam_checks_maps => [1],
final_virus_destiny => D_BOUNCE,
final_banned_destiny=> D_PASS,
final_bad_header_destiny => D_PASS,
banned_filename_maps => ['MYNETS-DEFAULT'],
warnbadhsender => 0,
forward_method => 'smtp:127.0.0.1:10025',
notify_method => 'smtp:127.0.0.1:10025',
undecipherable_subject_tag => undef,
};
#############################################################################
## POLICY BANKS: MYNETS
#
$policy_bank{'MYNETS'} = {
originating => 1,
bypass_spam_checks_maps => [1],
final_virus_destiny => D_BOUNCE,
final_banned_destiny=> D_PASS,
final_bad_header_destiny => D_PASS,
banned_filename_maps => ['MYNETS-DEFAULT'],
warnbadhsender => 0,
forward_method => 'smtp:*:*',
notify_method => 'smtp:*:*',
undecipherable_subject_tag => undef,
};
#############################################################################
## POLICY BANKS: AM.PDP
#
$policy_bank{'AM.PDP-INET'} = {
protocol => 'AM.PDP',
inet_acl => [qw( 127.0.0.1 )],
auth_required_release => 0,
};
$policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP',
notify_method => 'smtp:127.0.0.1:10025',
auth_required_release => 0,
};
Please do not copy the policies over without reviewing them first. They
need to fit your local policy.
HTH
p at rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20210104/1cb155d1/attachment.htm>
More information about the amavis-users
mailing list