per-domain recipient policy?

Alex mysqlstudent at gmail.com
Wed May 17 13:00:38 CEST 2023


Hi,

>
> >
> > It appears policy banks are more for IP addresses, correct? Perhaps I can
>
> Currently policy banks are more source (IP, Port, DKIM) focussed and less
> destination driven.
>
> > use @score_sender_maps but I don't know how to do it based on an SA rule
> or
> > something that doesn't depend on knowing the sending domain.
> >
> > I have amavisd connected to postfix as the default transport. I don't
> > entirely understand the connection between $policy_bank,
> $interface_policy
> > and being able to send specific emails to different policies.
>
> Maybe this config example helps:
>

Yes, I think that's helpful, if for nothing else than to show me what I
really want to do isn't possible.

How can I set the default spam level and cutoff level in a policy bank, so
I can then add the subject modifier?

$sa_spam_subject_tag = '';
$final_spam_destiny = D_PASS;
$sa_tag_level_deflt  = -200.0;
$sa_tag2_level_deflt = 5;
$sa_kill_level_deflt = 5;

I've also just found this:

@spam_tag2_level_maps =
        ({
        '.example.com' => 8.0,
        '.example2.com' => 6.5,
        '.' => 7.0,
        });

or read from an external file:
@spam_tag2_level_maps = (read_hash("/var/amavis/tag2level"), 7.0);

contents of /var/amavis/tag2level:
.example.com 8.0
.example2.com 6.5

Do you know where these hashes/associative arrays are actually defined,
other than in the huge amavis main doc? Something like a man page would be
so much more clear. Something that defined all of these settings would be
very helpful.

Thanks so much,
Alex





>
>
> #############################################################################
> ## POLICY MAPPING
> #
>
> # We are able to identify and route incoming messages via:
> #
> # - TCP / UNIX-Socket
> # - IP-address / IP-range
> # - DKIM-authenticated domain / sender
>
> # Assign policy by socket:
> $interface_policy{'10024'}  = 'SUBMISSION';
> $interface_policy{'SOCK'}   = 'AM.PDP-SOCK';
> $interface_policy{'9998'}   = 'AM.PDP-INET';
>
> # Assign policy by IP address / range:
> @client_ipaddr_policy = (
>     [qw( 0.0.0.0/8 127.0.0.1/32 [::] [::1] )] => 'LOCALHOST',
>     [qw( !172.16.1.0/24 172.16.0.0/12 192.168.0.0/16 )] => 'PRIVATENETS',
>     [qw( 192.0.2.0/25 192.0.2.129 192.0.2.130 )] => 'PARTNER',
>     [qw( 212.7.160.0/19 )] => 'SUBMISSION',
>     \@mynetworks => 'MYNETS'
> );
>
> # Assign policy by verified DKIM domain
> @author_to_policy_bank_maps = ( {
>     'state-of-mind.de'          => 'WHITELIST,NOBANNEDCHECK,NOVIRUSCHECK',
>     '.paypal.de'                => 'WHITELIST',
>     'amazon.de'                 => 'WHITELIST',
> } );
>
>
>
> #############################################################################
> ## POLICY BANKS: WHITELIST
> #
>
> $policy_bank{'WHITELIST'} = {
>     bypass_spam_checks_maps => [1],
>     spam_lovers_maps => [1],
> };
>
>
> #############################################################################
> ## POLICY BANKS: NOVIRUSCHECK
> #
>
> $policy_bank{'NOVIRUSCHECK'} = {
>     bypass_decode_parts => 1,
>     bypass_virus_checks_maps => [1],
>     virus_lovers_maps => [1],
> };
>
>
> #############################################################################
> ## POLICY BANKS: NOBANNEDCHECK
> #
>
> $policy_bank{'NOBANNEDCHECK'} = {
>     bypass_banned_checks_maps => [1],
>     banned_files_lovers_maps  => [1],
> };
>
>
>
> #############################################################################
> ## POLICY BANKS: SUBMISSION
> #
>
> $policy_bank{'SUBMISSION'} = {
>     originating => 1,
>     bypass_spam_checks_maps => [1],
>     final_virus_destiny => D_BOUNCE,
>     final_banned_destiny=> D_PASS,
>     final_bad_header_destiny => D_PASS,
>     banned_filename_maps => ['MYNETS-DEFAULT'],
>     warnbadhsender => 0,
>     forward_method => 'smtp:127.0.0.1:10025',
>     notify_method => 'smtp:127.0.0.1:10025',
>     undecipherable_subject_tag => undef,
> };
>
>
>
> #############################################################################
> ## POLICY BANKS: MYNETS
> #
> $policy_bank{'MYNETS'} = {
>     originating => 1,
>     bypass_spam_checks_maps   => [1],
>     final_virus_destiny => D_BOUNCE,
>     final_banned_destiny=> D_PASS,
>     final_bad_header_destiny => D_PASS,
>     banned_filename_maps => ['MYNETS-DEFAULT'],
>     warnbadhsender => 0,
>     forward_method => 'smtp:*:*',
>     notify_method => 'smtp:*:*',
>     undecipherable_subject_tag => undef,
> };
>
>
> #############################################################################
> ## POLICY BANKS: AM.PDP
> #
>
> $policy_bank{'AM.PDP-INET'} = {
>     protocol => 'AM.PDP',
>     inet_acl => [qw( 127.0.0.1 )],
>     auth_required_release => 0,
> };
>
> $policy_bank{'AM.PDP-SOCK'} = {
>     protocol => 'AM.PDP',
>     notify_method => 'smtp:127.0.0.1:10025',
>     auth_required_release => 0,
> };
>
>
> > If I want to have domain1.com use my DOMAIN1 policy and domain2.com use
> my
> > DOMAIN2 policy, do I need to have separate postfix transports send only
> > mail for the respective domains to their respective ports defined by
> > $interface_policy?
>
> That's a way to go. Another way would be to feed amavis with per-domain /
> per-recipient settings via SQL / LDAP.
>
> p at rick
>
> --
> [*] sys4 AG
>
> https://sys4.de, +49 (89) 30 90 46 64
> Schleißheimer Straße 26/MG,80333 München
>
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> Aufsichtsratsvorsitzender: Florian Kirstein
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20230517/b8debeb7/attachment.htm>


More information about the amavis-users mailing list