per-domain recipient policy?

Patrick Ben Koetter p at sys4.de
Wed May 17 07:24:56 CEST 2023 

* Alex <mysqlstudent at gmail.com>:
> I have a fedora37 amavisd system that's processing mail for a handful of
> domains. One of the domains wants more of the bulk email like newsletters
> and mailing lists to be delivered than the rest. How do I do this?
> 
> I can create an SA rule that triggers on the "Precedence" header,
> which should probably be enough to get started, but how then do I trigger
> amavisd to use that to allow that mail to be delivered?
> 
> It appears policy banks are more for IP addresses, correct? Perhaps I can

Currently policy banks are more source (IP, Port, DKIM) focussed and less
destination driven.

> use @score_sender_maps but I don't know how to do it based on an SA rule or
> something that doesn't depend on knowing the sending domain.
> 
> I have amavisd connected to postfix as the default transport. I don't
> entirely understand the connection between $policy_bank, $interface_policy
> and being able to send specific emails to different policies.

Maybe this config example helps:

#############################################################################
## POLICY MAPPING
#

# We are able to identify and route incoming messages via:
#
# - TCP / UNIX-Socket
# - IP-address / IP-range
# - DKIM-authenticated domain / sender

# Assign policy by socket:
$interface_policy{'10024'}  = 'SUBMISSION';
$interface_policy{'SOCK'}   = 'AM.PDP-SOCK';
$interface_policy{'9998'}   = 'AM.PDP-INET';

# Assign policy by IP address / range:
@client_ipaddr_policy = (
    [qw( 0.0.0.0/8 127.0.0.1/32 [::] [::1] )] => 'LOCALHOST',
    [qw( !172.16.1.0/24 172.16.0.0/12 192.168.0.0/16 )] => 'PRIVATENETS',
    [qw( 192.0.2.0/25 192.0.2.129 192.0.2.130 )] => 'PARTNER',
    [qw( 212.7.160.0/19 )] => 'SUBMISSION',
    \@mynetworks => 'MYNETS'
);

# Assign policy by verified DKIM domain
@author_to_policy_bank_maps = ( {
    'state-of-mind.de'          => 'WHITELIST,NOBANNEDCHECK,NOVIRUSCHECK',
    '.paypal.de'                => 'WHITELIST',
    'amazon.de'                 => 'WHITELIST',
} );


#############################################################################
## POLICY BANKS: WHITELIST
#

$policy_bank{'WHITELIST'} = {
    bypass_spam_checks_maps => [1],
    spam_lovers_maps => [1],
};

#############################################################################
## POLICY BANKS: NOVIRUSCHECK
#

$policy_bank{'NOVIRUSCHECK'} = {
    bypass_decode_parts => 1,
    bypass_virus_checks_maps => [1],
    virus_lovers_maps => [1],
};

#############################################################################
## POLICY BANKS: NOBANNEDCHECK
#

$policy_bank{'NOBANNEDCHECK'} = {
    bypass_banned_checks_maps => [1],
    banned_files_lovers_maps  => [1],
};


#############################################################################
## POLICY BANKS: SUBMISSION
#

$policy_bank{'SUBMISSION'} = {
    originating => 1,
    bypass_spam_checks_maps => [1],
    final_virus_destiny => D_BOUNCE,
    final_banned_destiny=> D_PASS,
    final_bad_header_destiny => D_PASS,
    banned_filename_maps => ['MYNETS-DEFAULT'],
    warnbadhsender => 0,
    forward_method => 'smtp:127.0.0.1:10025',
    notify_method => 'smtp:127.0.0.1:10025',
    undecipherable_subject_tag => undef,
};


#############################################################################
## POLICY BANKS: MYNETS
#
$policy_bank{'MYNETS'} = {
    originating => 1,
    bypass_spam_checks_maps   => [1],
    final_virus_destiny => D_BOUNCE,
    final_banned_destiny=> D_PASS,
    final_bad_header_destiny => D_PASS,
    banned_filename_maps => ['MYNETS-DEFAULT'],
    warnbadhsender => 0,
    forward_method => 'smtp:*:*',
    notify_method => 'smtp:*:*',
    undecipherable_subject_tag => undef,
};

#############################################################################
## POLICY BANKS: AM.PDP
#

$policy_bank{'AM.PDP-INET'} = {
    protocol => 'AM.PDP',
    inet_acl => [qw( 127.0.0.1 )],
    auth_required_release => 0,
};

$policy_bank{'AM.PDP-SOCK'} = {
    protocol => 'AM.PDP',
    notify_method => 'smtp:127.0.0.1:10025',
    auth_required_release => 0,
};


> If I want to have domain1.com use my DOMAIN1 policy and domain2.com use my
> DOMAIN2 policy, do I need to have separate postfix transports send only
> mail for the respective domains to their respective ports defined by
> $interface_policy?

That's a way to go. Another way would be to feed amavis with per-domain /
per-recipient settings via SQL / LDAP.

p at rick

-- 
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

More information about the amavis-users mailing list