'Re: [AMaViS-user] Disclaimer doesn't work'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       amavis-user
Subject:    Re: [AMaViS-user] Disclaimer doesn't work
From:       Gary V <mr88talent () gmail ! com>
Date:       2010-10-30 3:28:43
Message-ID: AANLkTi=ADQVAzMRtCsOJoDoc4sbouidep=JNALckFNjE () mail ! gmail ! com
[Download RAW message or body]

On 10/29/10, Zhang Huangbin wrote:
>
> On Oct 30, 2010, at 2:29 AM, Mark Martinec wrote:
>
>> In your case the $allow_disclaimers was false. Seems like the
>> policy ORIGINATING was not invoked.
>
> I have below settings in postfix main.cf:
>
> content_filter = smtp-amavis:[127.0.0.1]:10024
>
> In postfix master.cf:
>
> If i change the port to 10026, it works:
>
> content_filter = smtp-amavis:[127.0.0.1]:10026
>
> What's the difference between port 10024 and 10026?

Changing to content_filter = smtp-amavis:[127.0.0.1]:10026 is a
mistake. This is the port you have configured to use the ORIGINATING
policy bank. That policy bank is bypassing banned files checks,
allowing everyone in the world to send you banned files. Port 10024 is
typically the "normal" amavisd-new port. Other ports can be opened and
configured to use policy banks. Policy banks are used to override
current "normal" settings. You need to send mail from the outside
world to port 10024 and mail from your client to port 10026 (or add
their IP addresses or network address to @mynetworks as you did at one
time). Typically if the clients are not in @mynetworks then you would
have remote clients use SMTP AUTH and configure Postfix to send their
messages to a policy back (like the ORIGINATING one you configured on
port 10026).

 Here is an example of a snippet from Postfix master.cf where a
message submitted to port 587 will use amavisd-new port 10026:

submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=may
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

Of course this requires that you also set up SMTP AUTH and then have
the client change the way their users send mail to you. What objection
did you have to adding their network address to @mynetworks and using
the MYNETS policy bank? Seems like the simple solution to me and you
said it works. If they are relaying all their mail from from a single
server then you would only need to add the IP address of their server.

-- 
Gary V

------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/amavis-user 
 Please visit http://www.ijs.si/software/amavisd/ regularly
 For administrativa requests please send email to rainer at openantivirus dot org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic