Valentin wrote: > Hello, > I'm currently having the same problem. Unfortunatelly found no solution yet. > I think the problem isn't one of amavisd-new rather than one of postfix.
> Amavisd-new offers with 'policy_bank' a feature to handle such things. > But I found no way to configure postfix using another port for mailfiltering > for mails being sent via smtp_auth. Did you mean 'without using another port'? > The only way seems to be using two different IP-Addresses or different > ports: > One for Incoming mail traffic (e.g. Port 25) > Another one for smtp_auth. (e.g. Port 587) > (See also http://sourceforge.net/mailarchive/message.php?msg_id=9867255) > Does somone have a solution without 2 different IPs or 2 different ports. > Any help would be aprecciated. > Thanks valli 'Example 3' in the the link I provided does not require an additional IP address or port. All it takes is a minute of study to understand how it works and of course it requires the rest of the solution (the corresponding policy bank) be configured in amavisd.conf. This could be simplified by using the same policy bank (configured to bypass spam checks) for authenticated users and users in mynetworks and by having the catchall /etc/postfix/filter-catchall.regexp use the standard port 10024: smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_recipient_domain, reject_unknown_sender_domain, permit_sasl_authenticated, permit_tls_clientcerts, permit mynetworks, reject_unauth_destination, check_sender_access regexp:/etc/postfix/filter-catchall.regexp # global default, this permissive setting is used unless # sender makes it to filter-catchall.regexp: content_filter=smtp-amavis:[127.0.0.1]:10040 /etc/postfix/filter-catchall.regexp: /^/ FILTER smtp-amavis:[127.0.0.1]:10024 In amavisd.conf: $inet_socket_port = [10024,10040]; $interface_policy{'10040'} = 'PERMISSIVE'; # sender came here because they did not make it to # the more restrictive catchall $policy_bank{'PERMISSIVE'} = { # OK to bypass spam and banned checks bypass_spam_checks_maps => [1], # don't spam-check this mail bypass_banned_checks_maps => [1], # don't banned-check this mail final_spam_destiny => D_PASS, final_banned_destiny=> D_PASS, }; The main drawback to this approach is you have to be very careful about any access lists or restrictions in smtpd_recipient_restrictions that OK/PERMIT something/someone prior to: check_sender_access regexp:/etc/postfix/filter-catchall.regexp because they would use the more permissive policy bank. The order of any access lists would be important and testing would be in order. It's more 'permit then deny' rather than 'deny then permit'. Gary V ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
