any idea patrick ?
Am 2013-01-24 15:26, schrieb [email protected]:
(internet)---(server -> aviramailgate -> amavis -> postfix (clamav)
-> dovecot
(mails arrive on port 25 and go amavis)
/etc/postfix/master.cf =
smtpd pass - - n - - smtpd
-o content_filter=avira-smtp:[127.0.0.1]:10027
# -o content_filter=lmtp-amavis:[127.0.0.1]:10024
-o cleanup_service_name=pre-cleanup
127.0.0.1:10025 inet n - - - - smtpd
-o cleanup_service_name=cleanup
-o content_filter=dspam-lmtp:unix:/var/run/dspam/dspam.sock
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o mynetworks=127.0.0.0/8
-o mynetworks_style=host
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o relay_recipient_maps=
-o smtp_send_xforward_command=yes
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_delay_reject=no
-o smtpd_end_of_data_restrictions=
-o smtpd_error_sleep_time=0
-o smtpd_hard_error_limit=1000
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_restriction_classes=
-o smtpd_sender_restrictions=
-o smtpd_soft_error_limit=1001
-o strict_rfc821_envelopes=yes
127.0.0.1:10026 inet n - n - - smtpd
-o content_filter=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o mynetworks=127.0.0.0/8
-o mynetworks_style=host
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o relay_recipient_maps=
-o smtp_send_xforward_command=yes
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_delay_reject=no
-o smtpd_end_of_data_restrictions=
-o smtpd_error_sleep_time=0
-o smtpd_hard_error_limit=1000
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_restriction_classes=
-o smtpd_sender_restrictions=
-o smtpd_soft_error_limit=1001
-o strict_rfc821_envelopes=yes
-------------------------------------------------------------------
/etc/amavisd.conf =
$inet_socket_port = 10024;
(i think i dont touched this block:)
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
originating => 1, # is true in MYNETS by default, but let's make
it explicit
os_fingerprint_method => undef, # don't query p0f for internal
clients
bypass_banned_checks_maps => [1],
};
# it is up to MTA to re-route mail from authenticated roaming users
or
# from internal hosts to a dedicated TCP port (such as 10026) for
filtering
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = { # mail supposedly originating from
our users
originating => 1, # declare that mail was submitted by our smtp
client
allow_disclaimers => 1, # enables disclaimer insertion if
available
# notify administrator of locally originating malware
virus_admin_maps => ["virusalert\@$mydomain"],
spam_admin_maps => ["virusalert\@$mydomain"],
warnbadhsender => 1,
# forward to a smtpd service providing DKIM signing service
#### weber change start
forward_method => 'smtp:[127.0.0.1]:10026',
### weber change stop
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_banned_checks => [1], # allow sending any file names and
types
final_bad_header_destiny => D_PASS,
terminate_dsn_on_notify_success => 0, # don't remove
NOTIFY=SUCCESS option
};
### weber change start
$notify_method = 'smtp:[127.0.0.1]:10026';
$forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with
milter!
### weber change stop
Do you need more from my config files?
thanks
marko
Am 2013-01-24 15:06, schrieb Patrick Ben Koetter:
* [email protected] <[email protected]>:
Patrick,
thanks for answering, but it dont work for me.
i still get "Banned content messages" and mail is not sent out...
Do i also have to set something in the master.cf to enable this
policy_bank ORIGINATING ?
Please post config that shows how you route messages from Postfix
(?) into
amavis and the relevant parts in amavis that route those messages to
the
policy bank including its settings.
p@rick
marko, from hamburg
(sorry,hatte vorhin nur auf reply gedrückt)
Kein Thema. Hatte ich mir schon gedacht.
Am 2013-01-24 13:11, schrieb Patrick Ben Koetter:
>* [email protected] <[email protected]>:
>>i want my users to be able to send banned content files.
>>
>>my goal is to have a map in amavis where i can set which user is
>>allowed to send banned content.
>>
>> [email protected] is allowed to send,
>> [email protected] is NOT allowed to send,
>>
>>banned content.
>
>
>I recommend you let local users send over submission (587) port
>and create a
>dedicated policy for those senders:
>
>$policy_bank{'ORIGINATING'} = {
> originating => 1,
> bypass_spam_checks_maps => [1],
> bypass_banned_checks_maps => [1],
> final_virus_destiny => D_REJECT,
> final_bad_header_destiny => D_PASS,
> terminate_dsn_on_notify_success => 0,
>};
>
>p@rick
