Re: [AMaViS-user] policy banks

Thu, 25 Aug 2005 11:24:51 -0700 

>> But you are accessing your server through a dial-up connection?

> Yes. And the 192.168.0.10 is my router/desktop.

>> I'm not certain, but the $MYNETS policy bank may not be right for
>> this situation.

> I ascertain, I forget it better. *g*

Jim is relying on SMTP AUTH to allow users to relay through the server,
so MYNETS is not a good fit.

I have another idea. I don't think it will break anything, but I would
appreciate it if someone thinks it might. Jim has:

smtpd_recipient_restrictions =
   <blah blah>
   permit_mynetworks
   permit_sasl_authenticated
   reject_unauth_destination
   <blah blah>

and:
smtp      inet  n       -       n       -       -       smtpd
        -o receive_override_options=no_address_mappings
        -o content_filter=smtp-amavis:[127.0.0.1]:10024
        
which looks fine.

In amavisd.conf you could set up a new policy bank that listens on
port 10027:

$inet_socket_port = [10024,10027]; # add 10027 to $inet_socket_port

$interface_policy{'10027'} = 'CANSEND';

$policy_bank{'CANSEND'} = {
 bypass_spam_checks_maps => [1],
 bypass_banned_checks_maps => [1],
 final_spam_destiny   => D_PASS,
 final_banned_destiny => D_PASS,
};

Then in master.cf, you could have Postfix listen on port 4025
(for example, you choose whatever high port you think is good):

4025      inet  n       -       n       -       -       smtpd
        -o receive_override_options=no_address_mappings
        -o content_filter=smtp-amavis:[127.0.0.1]:10027
          
and so anyone that connects to 4025 will use the CANSEND policy bank.

You would have to reconfigure iptables or whatever firewall setup you
have to allow users to connect to 4025.

You would also of course need to reconfigure your MUAs to use port 4025
instead of 25 for outgoing SMTP.

I'm pretty sure this would not affect SMTP AUTH, but it would take a
Postfix guy to confirm this. Anyone?

Gary V



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to