Amavis and OpenDMARC

Matus UHLAR - fantomas uhlar at fantomas.sk
Mon Nov 13 09:19:29 CET 2023 

On 11.11.23 10:55, Dino Edwards wrote:
>>to be more precise: OpenDMARC running as milter only sees output from
>milters applied before it.
>
>>Milter is run pre-queue and content_filter is run after queue, so opendmarc
>does not see that amavis produced, because it was added later.
>
>>If you used amavisd-milter at SMTP port, opendmarc could see its output.
>
>>I run amavisd-milter at SMTP port, so it can reject spam/viruses
>immediately and amavis as content-filter by default (local and trusted
>submission).
>
>So it looks like I can run amavis as content_filter AND milter. This sounds
>like a good solution. Do you mind sharing your postfix config for amavis
>milter? I'm assuming I need a separate program called amavis-milter?

amavisd config - Debian's /etc/amavis/conf.d/50-user

$final_virus_destiny            = D_REJECT;
$final_banned_destiny           = D_REJECT;
$final_spam_destiny             = D_PASS;

$interface_policy{'SOCK'} = 'AM.PDP-SOCK';      # milter
$policy_bank{'AM.PDP-SOCK'} = {
         protocol => 'AM.PDP',   # select Amavis policy delegation protocol
         spam_kill_level_maps    => 10,
         final_spam_destiny      => D_REJECT,
         final_virus_destiny     => D_REJECT,
         final_banned_destiny    => D_REJECT,
};


I have experimented with final_*_destiny
- D_REJECT in content_filter causes bouce back to sender which should be safe 
with local senders.
- D_BOUNCE Does the same but it's amavis who creates the notification. 
Perhaps it'd be better.

main.cf:

content_filter=amavisfeed:[127.0.0.1]:10024

master.cf:

smtp      inet  n       -       y       -       1       postscreen
smtpd     pass  -       -       y       -       -       smtpd
   -o content_filter=
   -o smtpd_milters=unix:/amavis/amavisd-milter.sock


Where 'amavisfeed' and '127.0.0.1:10025' are set up according to amavisd-new 
README.Postfix (lmtp version)

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95

More information about the amavis-users mailing list