Re: [AMaViS-user] warnvirusrecip problem

Rick,

> I solved my problem...

Good. It is tricky to do it right in a milter setup.
The cleanest solution is to submit notifications to
a separate MTA instance (or port) which has content
filtering disabled. This is standard in a dual-MTA
or Postfix setup.

> I wanted to ask one more thing:
> about the policy_bank
>
> $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our
> users
> originating => 1, # declare that mail was submitted by our smtp client
> allow_disclaimers => 1, # enables disclaimer insertion if available
> # notify administrator of locally originating malware
> virus_admin_maps => ["virusalert\@$mydomain"],
> spam_admin_maps => ["virusalert\@$mydomain"],
> warnbadhsender => 1,
> # forward to a smtpd service providing DKIM signing service
> forward_method => 'smtp:[127.0.0.1]:10027',
> # force MTA conversion to 7-bit (e.g. before DKIM signing)
> smtpd_discard_ehlo_keywords => ['8BITMIME'],
> bypass_banned_checks_maps => [1], # allow sending any file names and
> types
> terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS
> option
> };
>
> I do not have any DKIM mail server wither I do not have
> amavisd-new listening on port 10027
>
> is this Stanza ignored ?

Yes, it is ignored, unless activated somehow.
The following mechanisms are currently available to load a policy bank:

- by assigning a policy bank name to an interface on which amavisd
accepted a filtering request (a unix socket or TCP port number),
e.g.:
$inet_socket_port = [10024,10026]; # listen on two ports
$interface_policy{'10026'} = 'ORIGINATING';

- automagically a MYNETS policy bank is loaded if SMTP client's
IP address is known and matches @mynetworks_maps

- if a request comes through AM.PDP protocol (e.g. from a new
milter helper program), the request can specify polic bank name(s):
amavisd-new-2.5.0 release notes:
- extended AM.PDP protocol with an attribute 'policy_bank' which
may be used in a client's request to require loading additional
policy banks;

> Also lookign at documentation I did not understand how to
> implement a white list for mail originating inside my network

Arrange for some policy bank to be activated when mail comes in
from internal hosts. If you don't care for submissions from authenicated
roaming users, then MYNETS mechanism suffices. In a milter setup,
the request must contain SMTP client's IP address, for MYNETS to be
applicable, which is only possible by using the new Petr Rehor's
helper program which uses AM.PDP protocol (and is not possible by
using old AM.CL protocol and the old helper program that comes
with amavisd-new package).

Mark

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/