Adam,
> How do you use policy banks with the sendmail/amavisd-milter setup?
The new AM.PDP protocol allows the caller to provide a SMTP client's
IP address in an attribute pair like: client_address=10.2.3.4
If the client IP information is provided and @mynetworks_maps is defined,
then the MYNETS policy bank gets selected on mail from our networks,
just like in a Postfix setup.
I know that milter in its call to mlfi_connect provides
client's host name as well as its IP address.
It remains to be seen whether Petr Rehor's amavisd-milter
helper program passes this information to amavisd.
It shouldn't be too much work if it doesn't already do so.
> Sendmail cannot connect to different amavisd sockets based on
> originating smtp client IP.
That is true I guess, but at least it should be able to pass
client's IP address.
> It seems like policy banks were really
> meant for postfix mainly because most comments I see about it are about
> postfix(even comments in the amavisd.conf file with MYNETS).
Well, yes, Postfix gets most of my attention and attention from the
mailing list. Wherever some feature makes sense for other setups
like milter or courier, it is likely that it is supported there as well.
> The issues I am still trying to find a good solution for are:
>
> - Need a way to bypass all spam checks for mail generated from
> 127.0.0.1. Automated reports and forwards can sometimes get triggered
> as spam. I cannot use soft whitelisting for this because mail is sent
> as the users email address for forwards and other things, etc. I know
> for a fact that mail generated from 127.0.0.1 will never be spam so it
> seems more logical to bypass this by IP.
I'm aware of the problem, but don't know of a good solution.
I hope someone more intimately involved with milter will provide one...
Perhaps a decision based on client's address can be used - a helper
program may decide to complete the request by itself, without
interrogating amavisd.
> - Need a way to bypass mail from certain hosts that are known to trigger
> as spam and I never want to check spam from.
My planned course could cover that, provided a client's IP address is
available.
> It would be nice to be able to bypass spam checking by IP without
> needing policy banks. Setting up policy banks just to bypass spam
> checks for some hosts seems like a lot of complexity for what I think is
> a common need.
Well, I don't think the following is excessively complicated:
@mynetworks = qw(127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 ...);
$policy_bank{'MYNETS'} = {
bypass_spam_checks_maps => [1],
}
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
