From uhlar at fantomas.sk Wed Jan 12 16:23:17 2022 From: uhlar at fantomas.sk (Matus UHLAR - fantomas) Date: Wed, 12 Jan 2022 16:23:17 +0100 Subject: autodetect authenticated mail Message-ID: <20220112152317.GA12118@fantomas.sk> Hello, I'm trying to set up DKIM signing for mailserver in client's private network. I was able to set @mynetworks but it does not apply for authenticated clients from outside. can amavisd detect if mail was authenticated via SMTP? or do I need to to explicitly set originating = 1 ? thanks. -- Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody From amavis at arcsin.de Wed Jan 12 21:17:21 2022 From: amavis at arcsin.de (Damian) Date: Wed, 12 Jan 2022 21:17:21 +0100 Subject: autodetect authenticated mail In-Reply-To: <20220112152317.GA12118@fantomas.sk> References: <20220112152317.GA12118@fantomas.sk> Message-ID: <5e2cda09-4479-b89e-8eb5-ac430f1aabc1@arcsin.de> > can amavisd detect if mail was authenticated via SMTP? Not directly. > or do I need to to explicitly set originating = 1 ? Yes. From dino.edwards at mydirectmail.net Wed Jan 19 11:43:51 2022 From: dino.edwards at mydirectmail.net (Dino Edwards) Date: Wed, 19 Jan 2022 10:43:51 +0000 Subject: Per User Bayes Message-ID: <5d5b117f553d4090be2bab16798c3cc2@mydirectmail.net> I was trying to setup Per User Bayes with SA and Amavis but I couldn't get it to work. Then I read somewhere that even though SA's default behavior is Per User Bayes, using Amavis forces you with Global Bayes. Is that still the case? If so, are there plans to add that functionality? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From me at junc.eu Wed Jan 19 15:41:31 2022 From: me at junc.eu (Benny Pedersen) Date: Wed, 19 Jan 2022 15:41:31 +0100 Subject: Per User Bayes In-Reply-To: <5d5b117f553d4090be2bab16798c3cc2@mydirectmail.net> References: <5d5b117f553d4090be2bab16798c3cc2@mydirectmail.net> Message-ID: On 2022-01-19 11:43, Dino Edwards wrote: > I was trying to setup Per User Bayes with SA and Amavis but I couldn't > get it to work. Then I read somewhere that even though SA's default > behavior is Per User Bayes, using Amavis forces you with Global Bayes. > Is that still the case? If so, are there plans to add that > functionality? how is your dbi config in spamassassin ? if you force specifik username, then comment that line, not configured spamd/spamc ? all is simply if using fuglu, bah for amavisd is dokumented here https://mailing.unix.amavis-user.narkive.com/kI4E1QHD/sa-userconf-maps-and-sa-username-maps-syntax-question then maybe just use spamc client from amavisd, and disable amavisd spamassassin loadind, what is best i dont know, but it can in some cases be one of them that is most simple, and do not make surprisses, with i had in the past with amavisd :( From dino.edwards at mydirectmail.net Thu Jan 20 15:13:39 2022 From: dino.edwards at mydirectmail.net (Dino Edwards) Date: Thu, 20 Jan 2022 14:13:39 +0000 Subject: Per User Bayes In-Reply-To: References: <5d5b117f553d4090be2bab16798c3cc2@mydirectmail.net> Message-ID: <3d03b8f21fb04d63a41ed1931b650447@mydirectmail.net> > how is your dbi config in spamassassin ? I don't have dbi config in spamassassin. I'm using file based bayes if you force specifik username, then comment that line, not configured spamd/spamc ? > all is simply if using fuglu, bah Sorry what's fuglu? From me at junc.eu Thu Jan 20 16:21:47 2022 From: me at junc.eu (Benny Pedersen) Date: Thu, 20 Jan 2022 16:21:47 +0100 Subject: Per User Bayes In-Reply-To: <3d03b8f21fb04d63a41ed1931b650447@mydirectmail.net> References: <5d5b117f553d4090be2bab16798c3cc2@mydirectmail.net> <3d03b8f21fb04d63a41ed1931b650447@mydirectmail.net> Message-ID: On 2022-01-20 15:13, Dino Edwards wrote: >> how is your dbi config in spamassassin ? > I don't have dbi config in spamassassin. I'm using file based bayes with all that permisson problems as readed on maillists running spamd as root is also discoraged > if you force specifik username, then comment that line, not configured > spamd/spamc ? >> all is simply if using fuglu, bah > > Sorry what's fuglu? https://fuglu.org/ i using gentoo, with fuglu, and its my own ebuild since gentoo devs does not want to proxy maintain help me, but i have less problems with it then amavisd also mimedefang is known by me, but this is only nearly for perl geeks not for server administrators with no knowlegde in perl From support at deeztek.com Thu Jan 20 16:24:47 2022 From: support at deeztek.com (Deeztek Support) Date: Thu, 20 Jan 2022 15:24:47 +0000 Subject: Per User Bayes In-Reply-To: References: <5d5b117f553d4090be2bab16798c3cc2@mydirectmail.net> <3d03b8f21fb04d63a41ed1931b650447@mydirectmail.net> Message-ID: <6a058f745ac14ec2975e5768b599a0ed@deeztek.com> I'm having a very hard time parsing what you are talking about. I just wanted to know if there is a way to run per-user bayes in SA with Amavis. On 2022-01-20 15:13, Dino Edwards wrote: >> how is your dbi config in spamassassin ? > I don't have dbi config in spamassassin. I'm using file based bayes with all that permisson problems as readed on maillists running spamd as root is also discoraged > if you force specifik username, then comment that line, not configured > spamd/spamc ? >> all is simply if using fuglu, bah > > Sorry what's fuglu? https://fuglu.org/ i using gentoo, with fuglu, and its my own ebuild since gentoo devs does not want to proxy maintain help me, but i have less problems with it then amavisd also mimedefang is known by me, but this is only nearly for perl geeks not for server administrators with no knowlegde in perl From me at junc.eu Thu Jan 20 16:34:30 2022 From: me at junc.eu (Benny Pedersen) Date: Thu, 20 Jan 2022 16:34:30 +0100 Subject: Per User Bayes In-Reply-To: <6a058f745ac14ec2975e5768b599a0ed@deeztek.com> References: <5d5b117f553d4090be2bab16798c3cc2@mydirectmail.net> <3d03b8f21fb04d63a41ed1931b650447@mydirectmail.net> <6a058f745ac14ec2975e5768b599a0ed@deeztek.com> Message-ID: On 2022-01-20 16:24, Deeztek Support wrote: > I'm having a very hard time parsing what you are talking about. I just > wanted to know if there is a way to run per-user bayes in SA with > Amavis. are you trolling now ? https://mailing.unix.amavis-user.narkive.com/5oit9RJe/per-user-sa-bayes-tokens-in-sql if you dont read it, i cant help more From miro.igov at pharmya.com Thu Jan 20 17:33:28 2022 From: miro.igov at pharmya.com (Miro Igov) Date: Thu, 20 Jan 2022 18:33:28 +0200 Subject: Remove headers from Amavis Message-ID: <000001d80e1b$750b2480$5f216d80$@pharmya.com> Hello, I have Amavis setup that adds disclaimer text and DKIM signature on all outgoing emails. There are some mail users that forward copy of received email to external email addresses. Amavis adds DKIM and disclaimer to such forwards just fine but if the email is already DKIM signed is it possible to remove the original signature? Currently forwarded emails have 2 signatures and only the last one is valid. -- This message has been sent as a part of discussion between PHARMYA and the addressee whose name is specified above. Should you receive this message by mistake, we would be most grateful if you informed us that the message has been sent to you. In this case, we also ask that you delete this message from your mailbox, and do not forward it or any part of it to anyone else. Thank you for your cooperation and understanding. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: PharmyaGDPRLogo1.png Type: image/png Size: 848 bytes Desc: not available URL: From support at deeztek.com Thu Jan 20 17:45:53 2022 From: support at deeztek.com (Deeztek Support) Date: Thu, 20 Jan 2022 16:45:53 +0000 Subject: Per User Bayes Message-ID: <054ddc95bcad48da8618dbe5a5f32f17@deeztek.com> > are you trolling now ? > https://mailing.unix.amavis-user.narkive.com/5oit9RJe/per-user-sa-bayes-tokens-in-sql > if you dont read it, i cant help more No, not trolling. Just trying to understand you. I already have Amavis using SQL and I have the policy table. However, I'm not seeing a sa_username column in that table like the link above says. I guess I can always add that column to the policy table. Additionally, do I need to configure SA to use per-user SQL preferences for this to work? Thanks From tshikose at tshimix.cd Fri Jan 21 07:03:27 2022 From: tshikose at tshimix.cd (TSHIMANGA Minkoka) Date: Fri, 21 Jan 2022 07:03:27 +0100 Subject: Remove headers from Amavis In-Reply-To: <000001d80e1b$750b2480$5f216d80$@pharmya.com> References: <000001d80e1b$750b2480$5f216d80$@pharmya.com> Message-ID: Hello, You can stop Amavis from DKIM signing emails by setting $enable_dkim_signing = 1; in /etc/amavis/amavis.conf I think that in your case another process (maybe OpenDKIM) is DKIM signing the email, so you should stop Amavis doing so to avoid double signing. Regards, Tshimanga On Thu, 2022-01-20 at 18:33 +0200, Miro Igov wrote: > Hello, > > I have Amavis setup that adds disclaimer text and DKIM signature on > all outgoing emails. > There are some mail users that forward copy of received email to > external email addresses. > Amavis adds DKIM and disclaimer to such forwards just fine but if the > email is already DKIM signed is it possible to remove the original > signature? > Currently forwarded emails have 2 signatures and only the last one is > valid. > > This message has been sent as a part of discussion between PHARMYA > and the addressee whose name is specified above. Should you receive > this message by mistake, we would be most grateful if you informed us > that the message has been sent to you. In this case, we also ask that > you delete this message from your mailbox, and do not forward it or > any part of it to anyone else. > Thank you for your cooperation and understanding. > From miro.igov at pharmya.com Fri Jan 21 09:35:06 2022 From: miro.igov at pharmya.com (Miro Igov) Date: Fri, 21 Jan 2022 10:35:06 +0200 Subject: Remove headers from Amavis In-Reply-To: References: <000001d80e1b$750b2480$5f216d80$@pharmya.com> Message-ID: <001401d80ea1$cbcccdb0$63666910$@pharmya.com> I am absolutely sure that amavis is the only process signing emails. If i disable amavis from signing $enable_dkim_signing = 0; in my /etc/amavis/conf.d/50-user config file i get only the original signature before reaching my mail server. Imagine user at gmail.com sends to miro.igov at pharmya.com and miro.igov at pharmya.com is set to forward a copy of the email to user at yahoo.com In yahoo message i can see google dkim signature. I want google dkim stripped because it reports permfail as obviously message is altered in my amavis setup before forwarded to yahoo. -----Original Message----- From: TSHIMANGA Minkoka Sent: Friday, January 21, 2022 08:03 To: Miro Igov ; amavis-users at amavis.org Subject: Re: Remove headers from Amavis Hello, You can stop Amavis from DKIM signing emails by setting $enable_dkim_signing = 1; in /etc/amavis/amavis.conf I think that in your case another process (maybe OpenDKIM) is DKIM signing the email, so you should stop Amavis doing so to avoid double signing. Regards, Tshimanga -- This message has been sent as a part of discussion between PHARMYA and the addressee whose name is specified above. Should you receive this message by mistake, we would be most grateful if you informed us that the message has been sent to you. In this case, we also ask that you delete this message from your mailbox, and do not forward it or any part of it to anyone else. Thank you for your cooperation and understanding. From tshikose at tshimix.cd Fri Jan 21 09:45:39 2022 From: tshikose at tshimix.cd (TSHIMANGA Minkoka) Date: Fri, 21 Jan 2022 09:45:39 +0100 Subject: Remove headers from Amavis In-Reply-To: <001401d80ea1$cbcccdb0$63666910$@pharmya.com> References: <000001d80e1b$750b2480$5f216d80$@pharmya.com> <001401d80ea1$cbcccdb0$63666910$@pharmya.com> Message-ID: <0e4f83e274bd813d5f75169dd38ba57a6dbcf0e2.camel@tshimix.cd> Dear, For the email forwarding (and similarly mailing lists) you need to consider the ARC rules. Check the related RFCs. There are also some software that does that such as OpenARC. I was giving a try few weeks ago, but I did not have time to complete it. Regards, Tshimanga On Fri, 2022-01-21 at 10:35 +0200, Miro Igov wrote: > I am absolutely sure that amavis is the only process signing emails. > If i disable amavis from signing $enable_dkim_signing = 0; in my > /etc/amavis/conf.d/50-user config file i get only the original > signature before reaching my mail server. > Imagine user at gmail.com sends to miro.igov at pharmya.com and > miro.igov at pharmya.com is set to forward a copy of the email to > user at yahoo.com > In yahoo message i can see google dkim signature. I want google dkim > stripped because it reports permfail as obviously message is altered > in my amavis setup before forwarded to yahoo. > > -----Original Message----- > From: TSHIMANGA Minkoka > Sent: Friday, January 21, 2022 08:03 > To: Miro Igov ; amavis-users at amavis.org > Subject: Re: Remove headers from Amavis > > Hello, > > You can stop Amavis from DKIM signing emails by setting > $enable_dkim_signing = 1; in /etc/amavis/amavis.conf > > I think that in your case another process (maybe OpenDKIM) is DKIM > signing the email, so you should stop Amavis doing so to avoid double > signing. > > Regards, > > Tshimanga > From miro.igov at pharmya.com Fri Jan 21 09:57:35 2022 From: miro.igov at pharmya.com (Miro Igov) Date: Fri, 21 Jan 2022 10:57:35 +0200 Subject: Remove headers from Amavis In-Reply-To: <0e4f83e274bd813d5f75169dd38ba57a6dbcf0e2.camel@tshimix.cd> References: <000001d80e1b$750b2480$5f216d80$@pharmya.com> <001401d80ea1$cbcccdb0$63666910$@pharmya.com> <0e4f83e274bd813d5f75169dd38ba57a6dbcf0e2.camel@tshimix.cd> Message-ID: <002501d80ea4$ef532a60$cdf97f20$@pharmya.com> I do not use DMARC and am not interested in ARC rules. I asked is it possible that Amavis could strip any previous DKIM headers before placing it's own DKIM? -----Original Message----- From: TSHIMANGA Minkoka Sent: Friday, January 21, 2022 10:46 To: Miro Igov ; amavis-users at amavis.org Subject: Re: Remove headers from Amavis Dear, For the email forwarding (and similarly mailing lists) you need to consider the ARC rules. Check the related RFCs. There are also some software that does that such as OpenARC. I was giving a try few weeks ago, but I did not have time to complete it. Regards, Tshimanga -- This message has been sent as a part of discussion between PHARMYA and the addressee whose name is specified above. Should you receive this message by mistake, we would be most grateful if you informed us that the message has been sent to you. In this case, we also ask that you delete this message from your mailbox, and do not forward it or any part of it to anyone else. Thank you for your cooperation and understanding. From tshikose at tshimix.cd Fri Jan 21 10:00:34 2022 From: tshikose at tshimix.cd (TSHIMANGA Minkoka) Date: Fri, 21 Jan 2022 10:00:34 +0100 Subject: Remove headers from Amavis In-Reply-To: <002501d80ea4$ef532a60$cdf97f20$@pharmya.com> References: <000001d80e1b$750b2480$5f216d80$@pharmya.com> <001401d80ea1$cbcccdb0$63666910$@pharmya.com> <0e4f83e274bd813d5f75169dd38ba57a6dbcf0e2.camel@tshimix.cd> <002501d80ea4$ef532a60$cdf97f20$@pharmya.com> Message-ID: What you want to achieve is precisely done by OpenARC. And I am not talking about OpenDMARC, that does something else, that should also consider. Few links to consults. https://en.wikipedia.org/wiki/Authenticated_Received_Chain https://tools.ietf.org/html/rfc8617 http://arc-spec.org/ On Fri, 2022-01-21 at 10:57 +0200, Miro Igov wrote: > I do not use DMARC and am not interested in ARC rules. > > I asked is it possible that Amavis could strip any previous DKIM > headers before placing it's own DKIM? > > -----Original Message----- > From: TSHIMANGA Minkoka > Sent: Friday, January 21, 2022 10:46 > To: Miro Igov ; amavis-users at amavis.org > Subject: Re: Remove headers from Amavis > > Dear, > > For the email forwarding (and similarly mailing lists) you need to > consider the ARC rules. > Check the related RFCs. > There are also some software that does that such as OpenARC. > > I was giving a try few weeks ago, but I did not have time to complete > it. > > Regards, > > Tshimanga > From danilo.godec at agenda.si Fri Jan 21 09:55:02 2022 From: danilo.godec at agenda.si (Danilo Godec) Date: Fri, 21 Jan 2022 09:55:02 +0100 Subject: Remove headers from Amavis In-Reply-To: <000001d80e1b$750b2480$5f216d80$@pharmya.com> References: <000001d80e1b$750b2480$5f216d80$@pharmya.com> Message-ID: <6188c058-11e8-d000-1639-808861a9b279@agenda.si> On 20. 01. 22 17:33, Miro Igov wrote: > > Hello, > > I have Amavis setup that adds disclaimer text and DKIM signature on > all outgoing emails. > > There are some mail users that forward copy of received email to > external email addresses. > > Amavis adds DKIM and disclaimer to such forwards just fine but if the > email is already DKIM signed is it possible to remove the original > signature? > > Currently forwarded emails have 2 signatures and only the last one is > valid. > > > GDPR Logo This message has been sent as a part of discussion between > PHARMYA and the addressee whose name is specified above. Should you > receive this message by mistake, we would be most grateful if you > informed us that the message has been sent to you. In this case, we > also ask that you delete this message from your mailbox, and do not > forward it or any part of it to anyone else. > Thank you for your cooperation and understanding. > > > > Hi, please clarify whether you mean automatic forwarding (through .forward file or similar) or manual forwarding (by using a 'Forward' button in an email client such as Thunderbird)? ?? Danilo -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: PharmyaGDPRLogo1.png Type: image/png Size: 848 bytes Desc: not available URL: From miro.igov at pharmya.com Fri Jan 21 10:10:03 2022 From: miro.igov at pharmya.com (Miro Igov) Date: Fri, 21 Jan 2022 11:10:03 +0200 Subject: Remove headers from Amavis In-Reply-To: <6188c058-11e8-d000-1639-808861a9b279@agenda.si> References: <000001d80e1b$750b2480$5f216d80$@pharmya.com> <6188c058-11e8-d000-1639-808861a9b279@agenda.si> Message-ID: <002b01d80ea6$ad1898e0$0749caa0$@pharmya.com> By forwarding i mean using alias_maps in postfix with content similar to: miro.igov-pharmya.com: user at yahoo.com,\miro.igov-pharmya.com From: amavis-users On Behalf Of Danilo Godec Sent: Friday, January 21, 2022 10:55 To: amavis-users at amavis.org Subject: Re: Remove headers from Amavis On 20. 01. 22 17:33, Miro Igov wrote: Hello, I have Amavis setup that adds disclaimer text and DKIM signature on all outgoing emails. There are some mail users that forward copy of received email to external email addresses. Amavis adds DKIM and disclaimer to such forwards just fine but if the email is already DKIM signed is it possible to remove the original signature? Currently forwarded emails have 2 signatures and only the last one is valid. Hi, please clarify whether you mean automatic forwarding (through .forward file or similar) or manual forwarding (by using a 'Forward' button in an email client such as Thunderbird)? Danilo -- This message has been sent as a part of discussion between PHARMYA and the addressee whose name is specified above. Should you receive this message by mistake, we would be most grateful if you informed us that the message has been sent to you. In this case, we also ask that you delete this message from your mailbox, and do not forward it or any part of it to anyone else. Thank you for your cooperation and understanding. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: PharmyaGDPRLogo1.png Type: image/png Size: 848 bytes Desc: not available URL: From miro.igov at pharmya.com Fri Jan 21 10:15:06 2022 From: miro.igov at pharmya.com (Miro Igov) Date: Fri, 21 Jan 2022 11:15:06 +0200 Subject: Remove headers from Amavis In-Reply-To: References: <000001d80e1b$750b2480$5f216d80$@pharmya.com> <001401d80ea1$cbcccdb0$63666910$@pharmya.com> <0e4f83e274bd813d5f75169dd38ba57a6dbcf0e2.camel@tshimix.cd> <002501d80ea4$ef532a60$cdf97f20$@pharmya.com> Message-ID: <004401d80ea7$61e00bf0$25a023d0$@pharmya.com> I know i can do it with postfix so forwarded email is processed through postfix service with header_checks option which removes the DKIM headers, then forwarded to amavis for mangle & sign and injected back to postfix for external delivery. But why not amavis doing it? Just like remove_existing_spam_headers option. From: Dominic Raferd Sent: Friday, January 21, 2022 11:05 To: Miro Igov Cc: amavis-users at amavis.org Subject: Re: Remove headers from Amavis I do not believe amavis can do this, but your MTA maybe can. Postfix has this capability, and if you want complex conditions to be met you can use postfwd, for example. On Fri, 21 Jan 2022, 08:58 Miro Igov, > wrote: I do not use DMARC and am not interested in ARC rules. I asked is it possible that Amavis could strip any previous DKIM headers before placing it's own DKIM? -- This message has been sent as a part of discussion between PHARMYA and the addressee whose name is specified above. Should you receive this message by mistake, we would be most grateful if you informed us that the message has been sent to you. In this case, we also ask that you delete this message from your mailbox, and do not forward it or any part of it to anyone else. Thank you for your cooperation and understanding. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: PharmyaGDPRLogo1.png Type: image/png Size: 848 bytes Desc: not available URL: From dominic at timedicer.co.uk Fri Jan 21 10:05:28 2022 From: dominic at timedicer.co.uk (Dominic Raferd) Date: Fri, 21 Jan 2022 09:05:28 +0000 Subject: Remove headers from Amavis In-Reply-To: <002501d80ea4$ef532a60$cdf97f20$@pharmya.com> References: <000001d80e1b$750b2480$5f216d80$@pharmya.com> <001401d80ea1$cbcccdb0$63666910$@pharmya.com> <0e4f83e274bd813d5f75169dd38ba57a6dbcf0e2.camel@tshimix.cd> <002501d80ea4$ef532a60$cdf97f20$@pharmya.com> Message-ID: I do not believe amavis can do this, but your MTA maybe can. Postfix has this capability, and if you want complex conditions to be met you can use postfwd, for example. On Fri, 21 Jan 2022, 08:58 Miro Igov, wrote: > I do not use DMARC and am not interested in ARC rules. > > I asked is it possible that Amavis could strip any previous DKIM headers > before placing it's own DKIM? > -------------- next part -------------- An HTML attachment was scrubbed... URL: From karagian at dataways.gr Fri Jan 21 10:42:30 2022 From: karagian at dataways.gr (Savvas Karagiannidis) Date: Fri, 21 Jan 2022 11:42:30 +0200 Subject: Remove headers from Amavis In-Reply-To: <001401d80ea1$cbcccdb0$63666910$@pharmya.com> References: <000001d80e1b$750b2480$5f216d80$@pharmya.com> <001401d80ea1$cbcccdb0$63666910$@pharmya.com> Message-ID: Hello, You don't really have to remove the already existing DKIM signature headers, just as you do not remove any other headers from the email... It is normal for a message to have multiple DKIM signature as it hops between servers that sign it. According to RFC the message will be verified as long as any of the signatures is verified. Signatures that may be invalid are actually ignored in this case. https://datatracker.ietf.org/doc/html/rfc7489 : Note that a single email can contain multiple DKIM signatures, and it is considered to be a DMARC "pass" if any DKIM signature is aligned and verifies. It may not be directly relevant to your question, but just clarifying this... Regards, Savvas Karagiannidis On 21/1/2022 10:35, Miro Igov wrote: > I am absolutely sure that amavis is the only process signing emails. > If i disable amavis from signing $enable_dkim_signing = 0; in my /etc/amavis/conf.d/50-user config file i get only the original signature before reaching my mail server. > Imagineuser at gmail.com sends tomiro.igov at pharmya.com andmiro.igov at pharmya.com is set to forward a copy of the email touser at yahoo.com > In yahoo message i can see google dkim signature. I want google dkim stripped because it reports permfail as obviously message is altered in my amavis setup before forwarded to yahoo. > > -----Original Message----- > From: TSHIMANGA Minkoka > Sent: Friday, January 21, 2022 08:03 > To: Miro Igov;amavis-users at amavis.org > Subject: Re: Remove headers from Amavis > > Hello, > > You can stop Amavis from DKIM signing emails by setting $enable_dkim_signing = 1; in /etc/amavis/amavis.conf > > I think that in your case another process (maybe OpenDKIM) is DKIM signing the email, so you should stop Amavis doing so to avoid double signing. > > Regards, > > Tshimanga > -------------- next part -------------- An HTML attachment was scrubbed... URL: From miro.igov at pharmya.com Fri Jan 21 11:06:27 2022 From: miro.igov at pharmya.com (Miro Igov) Date: Fri, 21 Jan 2022 12:06:27 +0200 Subject: Remove headers from Amavis In-Reply-To: References: <000001d80e1b$750b2480$5f216d80$@pharmya.com> <001401d80ea1$cbcccdb0$63666910$@pharmya.com> Message-ID: <007d01d80eae$8e7fd3f0$ab7f7bd0$@pharmya.com> Sounds good. Thank you for the info. From: amavis-users On Behalf Of Savvas Karagiannidis Sent: Friday, January 21, 2022 11:43 To: amavis-users at amavis.org Subject: Re: Remove headers from Amavis Hello, You don't really have to remove the already existing DKIM signature headers, just as you do not remove any other headers from the email... It is normal for a message to have multiple DKIM signature as it hops between servers that sign it. According to RFC the message will be verified as long as any of the signatures is verified. Signatures that may be invalid are actually ignored in this case. https://datatracker.ietf.org/doc/html/rfc7489 : Note that a single email can contain multiple DKIM signatures, and it is considered to be a DMARC "pass" if any DKIM signature is aligned and verifies. It may not be directly relevant to your question, but just clarifying this... Regards, Savvas Karagiannidis On 21/1/2022 10:35, Miro Igov wrote: I am absolutely sure that amavis is the only process signing emails. If i disable amavis from signing $enable_dkim_signing = 0; in my /etc/amavis/conf.d/50-user config file i get only the original signature before reaching my mail server. Imagine user at gmail.com sends to miro.igov at pharmya.com and miro.igov at pharmya.com is set to forward a copy of the email to user at yahoo.com In yahoo message i can see google dkim signature. I want google dkim stripped because it reports permfail as obviously message is altered in my amavis setup before forwarded to yahoo. -----Original Message----- From: TSHIMANGA Minkoka Sent: Friday, January 21, 2022 08:03 To: Miro Igov ; amavis-users at amavis.org Subject: Re: Remove headers from Amavis Hello, You can stop Amavis from DKIM signing emails by setting $enable_dkim_signing = 1; in /etc/amavis/amavis.conf I think that in your case another process (maybe OpenDKIM) is DKIM signing the email, so you should stop Amavis doing so to avoid double signing. Regards, Tshimanga -- This message has been sent as a part of discussion between PHARMYA and the addressee whose name is specified above. Should you receive this message by mistake, we would be most grateful if you informed us that the message has been sent to you. In this case, we also ask that you delete this message from your mailbox, and do not forward it or any part of it to anyone else. Thank you for your cooperation and understanding. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: PharmyaGDPRLogo1.png Type: image/png Size: 848 bytes Desc: not available URL: From mysqlstudent at gmail.com Sun Jan 30 23:36:39 2022 From: mysqlstudent at gmail.com (Alex) Date: Sun, 30 Jan 2022 17:36:39 -0500 Subject: Per-domain processing? Message-ID: Hi, I'm using amavis with postfix-3.10 and spamassassin and would like to be able to apply different policies for different domains, but I'm unsure how to do that. I'm using postfix in a multi-instance configuration, with each instance processing mail for a different domain (or set of domains) and would like to be able to have one amavisd process still handle all postfix instances. I suppose I could otherwise use transport maps with postfix and different amavisd processes, each of which with a different port and different config. Currently I have @local_domains_maps set to all domains for which it should process mail, but I'd like to be able to control virus/spam scanning, blocklist/allowlist, and other features on a per-domain basis. Is this possible? I'm aware of $policy_bank but isn't that based on IP address? Can I set @client_ipaddr_policy based on domain rather than IP? Or perhaps there's some sort of @client_domain_policy? Also, Example 3 in the policy banks section from the main doc (https://opensource.apple.com/source/amavisd/amavisd-114/amavisd/amavisd-new-2.4.4/README_FILES/amavisd-new-docs.html#pbanks-ex) seems to be closest to what I need, but I'm still not understanding. Perhaps it's possible to have one amavisd process listen on multiple sockets with different config files include files, each of which has a different configuration? Ideas greatly appreciated. From amavis at arcsin.de Mon Jan 31 13:57:13 2022 From: amavis at arcsin.de (Damian) Date: Mon, 31 Jan 2022 13:57:13 +0100 Subject: Per-domain processing? In-Reply-To: References: Message-ID: <71eac8ec-7af8-4169-a7bb-b01bedbd0e44@arcsin.de> > I have @local_domains_maps set to all domains for which it > should process mail, but I'd like to be able to control virus/spam > scanning, blocklist/allowlist, and other features on a per-domain > basis. Is this possible? > > I'm aware of $policy_bank but isn't that based on IP address? Can I > set @client_ipaddr_policy based on domain rather than IP? Or perhaps > there's some sort of @client_domain_policy? There is no out-of-the-box mechanism for domain-based policybanks. One reason might be that Amavis can handle multi-recipient mails, where there is no canonical choice which domain-policybank should be loaded. > Also, Example 3 in the policy banks section from the main doc > (https://opensource.apple.com/source/amavisd/amavisd-114/amavisd/amavisd-new-2.4.4/README_FILES/amavisd-new-docs.html#pbanks-ex) > seems to be closest to what I need, but I'm still not understanding. Example 2 and 3 differ in terms of Postfix configuration, so have a look at the Amavis configuration of Example 2. I see that you have gotten a "go ahead" for content filtering via transport on the Postfix-ML, so try that one instead of FILTER. However, I suppose you shouldn't use a relay-transport but something dedicated with smtp_send_xforward_command=yes (see README.postfix).