Peter wrote:
> We have amavis-new with Postfix/ClamAV/SA running as our secure mail gateway
> and it works very well. We have an internal Linux mail server that only
> talks to the amavis gateway box for security reasons. I now want to stop all
> our outgoing mail being scanned as mail with password protected zips get
> flagged as virus mails and quarantined. :(
> Looking for a solution.
> regards
> Peter
>
The best way is to use a policy bank. This way you can scan for
viruses but bypass everything else. You can use the MYNETS policy bank
or you can configure a check_client_access map in main.cf to send mail
to a different amavisd-new listening port and then configure a policy
bank for that port (among other methods).
You need to make sure you use smtp_send_xforward_command (or
lmtp_send_xforward_command if you use lmtp) here in master.cf:
smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
You need to use and configure @mynetworks in amavisd.conf:
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); # default
The network (or IP address) the sending server is on should be included
here, and at least the IP address of the sending server should also be
listed in mynetworks in main.cf
Then, if you would like to use MYNETS:
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
bypass_spam_checks_maps => [1], # don't spam-check internal mail
bypass_banned_checks_maps => [1], # don't banned-check internal mail
final_spam_destiny => D_PASS,
final_banned_destiny => D_PASS,
};
Another way is more specific:
smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/amavis_internal
permit_mynetworks
reject_unauth_destination
contents of /etc/postfix/amavis_internal
(ip address of the internal server is listed here):
192.168.1.17 FILTER smtp-amavis:[127.0.0.1]:10026
Then in amavisd.conf:
$inet_socket_port = [10024, 10026];
$interface_policy{'10026'} = 'INTERNAL';
$policy_bank{'INTERNAL'} = { # mail originating from the internal server
bypass_spam_checks_maps => [1], # don't spam-check outgoing mail
bypass_banned_checks_maps => [1], # don't banned-check outgoing mail
final_spam_destiny => D_PASS, # insure spam passes
final_banned_destiny => D_PASS, # insure banned files pass
};
See more examples in amavisd.conf-sample and
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks-ex
Gary V
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
