amavis-user October 2010 archive
Main Archive Page > Month Archives  > amavis-user archives
amavis-user: Re: [AMaViS-user] Disclaimer doesn't work

Re: [AMaViS-user] Disclaimer doesn't work

From: Gary V <mr88talent_at_nospam>
Date: Sat Oct 30 2010 - 03:28:43 GMT

On 10/29/10, Zhang Huangbin wrote:
> On Oct 30, 2010, at 2:29 AM, Mark Martinec wrote:
>> In your case the $allow_disclaimers was false. Seems like the
>> policy ORIGINATING was not invoked.
> I have below settings in postfix
> content_filter = smtp-amavis:[]:10024
> In postfix
> If i change the port to 10026, it works:
> content_filter = smtp-amavis:[]:10026
> What's the difference between port 10024 and 10026?

Changing to content_filter = smtp-amavis:[]:10026 is a
mistake. This is the port you have configured to use the ORIGINATING
policy bank. That policy bank is bypassing banned files checks,
allowing everyone in the world to send you banned files. Port 10024 is
typically the "normal" amavisd-new port. Other ports can be opened and
configured to use policy banks. Policy banks are used to override
current "normal" settings. You need to send mail from the outside
world to port 10024 and mail from your client to port 10026 (or add
their IP addresses or network address to @mynetworks as you did at one
time). Typically if the clients are not in @mynetworks then you would
have remote clients use SMTP AUTH and configure Postfix to send their
messages to a policy back (like the ORIGINATING one you configured on
port 10026).

 Here is an example of a snippet from Postfix where a
message submitted to port 587 will use amavisd-new port 10026:

submission inet n - - - - smtpd
  -o smtpd_tls_security_level=may
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[]:10026

Of course this requires that you also set up SMTP AUTH and then have
the client change the way their users send mail to you. What objection
did you have to adding their network address to @mynetworks and using
the MYNETS policy bank? Seems like the simple solution to me and you
said it works. If they are relaying all their mail from from a single
server then you would only need to add the IP address of their server.

-- Gary V ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store _______________________________________________ AMaViS-user mailing list Please visit regularly For administrativa requests please send email to rainer at openantivirus dot org