[AMaViS-user] Whitelisting mynetworks

Greetings,
I have a fresh install of Postfix+amavisd-new+SpamAssassin. I just
migrated away from a qmail+tcpserver+qmail-scanner+SpamAssassin setup,
and I'm trying to force amavisd to not scan emails that originate
from localhost. Right now, I am forced to whitelist *@domain.tld,
which spammers love to use from time-to-time, so things are bypassing
SpamAssassin. If I could get amavis to not scan localhost, then life
would be better.

Here are the pertinent configs as I see them. Let me know if you need
more details:

Versions:

OS: Ubuntu Server 7.10
Postfix: 2.4.5-3ubuntu1
Amavis: 1:2.4.2-6.2ubuntu1
SpamAssassin: 3.2.3-0ubuntu1

==================
$ postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
delay_warning_time = 4h
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = DOMAIN localhost localhost.localdomain DOMAIN.TLD
myhostname = DOMAIN.TLD
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
proxy_read_maps = $local_recipient_maps $mydestination
$relay_recipient_maps $relay_domains $canonical_maps
$sender_canonical_maps $recipient_canonical_maps $relocated_maps
$transport_maps $mynetworks
receive_override_options = no_address_mappings
recipient_delimiter = -
relayhost =
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks
hash:/etc/postfix/spammer/ips
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated reject_unauth_destination
reject_unauth_pipelining reject_non_fqdn_recipient
reject_non_fqdn_sender reject_unknown_sender_domain
reject_unknown_recipient_domain check_sender_access
hash:/etc/postfix/spammer/domains reject_rbl_client zen.spamhaus.org
reject_rbl_client list.dsbl.org
smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes

==================
/etc/amavis/conf.d/50-user

### NOTE: 1.2.3.4 is not in my configs. My real IP is in the configs.
@mynetworks = qw(127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 1.2.3.4);
$pax='pax';
%spam_lovers = ();
@spam_lovers_acl = ('spam@DOMAIN.TLD');
$spam_lovers_re = undef;
@spam_lovers_maps = (\%spam_lovers, \@spam_lovers_acl, \$spam_lovers_re);
$spam_quarantine_to = 'spam@DOMAIN.TLD';
$virus_quarantine_to = 'spam@DOMAIN.TLD';
$banned_quarantine_to = 'spam@DOMAIN.TLD';
$bad_header_quarantine_to = 'spam@DOMAIN.TLD';
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
bypass_banned_checks_maps => [1],
bypass_virus_checks_maps => [1],
bypass_spam_checks_maps => [1],
bypass_header_checks_maps => [1],
};
1;

==================
Pertinent parts of /etc/postfix/master.cf
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_data_restrictions=reject_unauth_pipelining
-o mynetworks=127.0.0.0/8
-o receive_override_options= (THESE TWO LINES ARE ONE LINE)
no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1
-o smtpd_delay_reject=no
-o smtpd_end_of_data_restrictions=
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0

Am I missing something here? Is there a web page that documents how to
do this? I've searched the web and mailing list archives, and this is
the config that I came up with, but it's not working properly.

Also, the configs:
$spam_quarantine_to = 'spam@DOMAIN.TLD';
$virus_quarantine_to = 'spam@DOMAIN.TLD';
$banned_quarantine_to = 'spam@DOMAIN.TLD';
$bad_header_quarantine_to = 'spam@DOMAIN.TLD';

don't appear to be working. The mail still gets tagged as spam in the
sugject line and delivered to the target account. There, I have a
procmail filter setup to forward the message on to spam@DOMAIN.TLD. This
is where the second scanning comes into play. Since most (about 93%) of
my mail is spam, I figured I could reduce my load quite a bit by not
scanning emails that originate from localhost (thus, preventing the
scanning of items forwarded to spam@DOMAIN.TLD.)

--
John Evans

-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/