* [email protected] <[email protected]>: > any idea patrick ?
Sorry for the delayed answer. Today was a busy day... :/ > Am 2013-01-24 15:26, schrieb [email protected]: > >(internet)---(server -> aviramailgate -> amavis -> postfix (clamav) > >-> dovecot > > > >(mails arrive on port 25 and go amavis) > > > >/etc/postfix/master.cf = > > > >smtpd pass - - n - - smtpd > > -o content_filter=avira-smtp:[127.0.0.1]:10027 > > -o cleanup_service_name=pre-cleanup > > > >127.0.0.1:10025 inet n - - - - smtpd > > -o cleanup_service_name=cleanup > > -o content_filter=dspam-lmtp:unix:/var/run/dspam/dspam.sock > > -o local_header_rewrite_clients= > > -o local_recipient_maps= > > -o mynetworks=127.0.0.0/8 > > -o mynetworks_style=host > > -o > > receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters > > -o relay_recipient_maps= > > -o smtp_send_xforward_command=yes > > -o smtpd_authorized_xforward_hosts=127.0.0.0/8 > > -o smtpd_client_connection_count_limit=0 > > -o smtpd_client_connection_rate_limit=0 > > -o smtpd_client_restrictions=permit_mynetworks,reject > > -o smtpd_data_restrictions=reject_unauth_pipelining > > -o smtpd_delay_reject=no > > -o smtpd_end_of_data_restrictions= > > -o smtpd_error_sleep_time=0 > > -o smtpd_hard_error_limit=1000 > > -o smtpd_helo_restrictions= > > -o smtpd_recipient_restrictions=permit_mynetworks,reject > > -o smtpd_restriction_classes= > > -o smtpd_sender_restrictions= > > -o smtpd_soft_error_limit=1001 > > -o strict_rfc821_envelopes=yes > > > > > >127.0.0.1:10026 inet n - n - - smtpd > > -o content_filter= > > -o local_header_rewrite_clients= > > -o local_recipient_maps= > > -o mynetworks=127.0.0.0/8 > > -o mynetworks_style=host > > -o > > receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters > > -o relay_recipient_maps= > > -o smtp_send_xforward_command=yes > > -o smtpd_authorized_xforward_hosts=127.0.0.0/8 > > -o smtpd_client_connection_count_limit=0 > > -o smtpd_client_connection_rate_limit=0 > > -o smtpd_client_restrictions=permit_mynetworks,reject > > -o smtpd_data_restrictions=reject_unauth_pipelining > > -o smtpd_delay_reject=no > > -o smtpd_end_of_data_restrictions= > > -o smtpd_error_sleep_time=0 > > -o smtpd_hard_error_limit=1000 > > -o smtpd_helo_restrictions= > > -o smtpd_recipient_restrictions=permit_mynetworks,reject > > -o smtpd_restriction_classes= > > -o smtpd_sender_restrictions= > > -o smtpd_soft_error_limit=1001 > > -o strict_rfc821_envelopes=yes > > > > > > > > > > > >------------------------------------------------------------------- > > > >/etc/amavisd.conf = > > > >$inet_socket_port = 10024; > > > > > >(i think i dont touched this block:) > >$policy_bank{'MYNETS'} = { # mail originating from @mynetworks > > originating => 1, # is true in MYNETS by default, but let's make it > > explicit > > os_fingerprint_method => undef, # don't query p0f for internal clients > > bypass_banned_checks_maps => [1], > >}; > > > > > ># it is up to MTA to re-route mail from authenticated roaming users or > ># from internal hosts to a dedicated TCP port (such as 10026) for filtering > >$interface_policy{'10026'} = 'ORIGINATING'; You have a Postfix smtpd server listening on 10026 AND you tell amavis to listen on 10026 too? I doubt this will work. Did you tell amavis to bind to port 10026? > >$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users > > originating => 1, # declare that mail was submitted by our smtp client > > allow_disclaimers => 1, # enables disclaimer insertion if available > > # notify administrator of locally originating malware > > virus_admin_maps => ["virusalert\@$mydomain"], > > spam_admin_maps => ["virusalert\@$mydomain"], > > warnbadhsender => 1, > > # forward to a smtpd service providing DKIM signing service > > > > #### weber change start > > forward_method => 'smtp:[127.0.0.1]:10026', > > ### weber change stop > > > > # force MTA conversion to 7-bit (e.g. before DKIM signing) > > smtpd_discard_ehlo_keywords => ['8BITMIME'], > > bypass_banned_checks => [1], # allow sending any file names and > >types > > final_bad_header_destiny => D_PASS, > > terminate_dsn_on_notify_success => 0, # don't remove > >NOTIFY=SUCCESS option > >}; > > > > > >### weber change start > >$notify_method = 'smtp:[127.0.0.1]:10026'; > >$forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with > >milter! > >### weber change stop > > > >Do you need more from my config files? Not at the moment. We need to fix the routing first, before we can test and evenually fix the filters on the route. Make shure mail really enters on your policy_bank port. When in doubt log verbose in amavis to see on which port _exactly_ amavis receives a message. p@rick > >Am 2013-01-24 15:06, schrieb Patrick Ben Koetter: > >>* [email protected] <[email protected]>: > >>>Patrick, > >>>thanks for answering, but it dont work for me. > >>>i still get "Banned content messages" and mail is not sent out... > >>>Do i also have to set something in the master.cf to enable this > >>>policy_bank ORIGINATING ? > >> > >> > >>Please post config that shows how you route messages from > >>Postfix (?) into > >>amavis and the relevant parts in amavis that route those > >>messages to the > >>policy bank including its settings. > >> > >>p@rick > >> > >>>marko, from hamburg > >>> > >>>(sorry,hatte vorhin nur auf reply gedrückt) > >> > >>Kein Thema. Hatte ich mir schon gedacht. > >> > >> > >>> > >>>Am 2013-01-24 13:11, schrieb Patrick Ben Koetter: > >>>>* [email protected] <[email protected]>: > >>>>>i want my users to be able to send banned content files. > >>>>> > >>>>>my goal is to have a map in amavis where i can set which user is > >>>>>allowed to send banned content. > >>>>> > >>>>> [email protected] is allowed to send, > >>>>> [email protected] is NOT allowed to send, > >>>>> > >>>>>banned content. > >>>> > >>>> > >>>>I recommend you let local users send over submission (587) port > >>>>and create a > >>>>dedicated policy for those senders: > >>>> > >>>>$policy_bank{'ORIGINATING'} = { > >>>> originating => 1, > >>>> bypass_spam_checks_maps => [1], > >>>> bypass_banned_checks_maps => [1], > >>>> final_virus_destiny => D_REJECT, > >>>> final_bad_header_destiny => D_PASS, > >>>> terminate_dsn_on_notify_success => 0, > >>>>}; > >>>> > >>>>p@rick > >>> > > -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
