Matt wrote:

> On Mon, Dec 11, 2006 at 01:12:24PM -0700, Gary V wrote:
>> Matt wrote:
>> 
>> > Hi All.
>> 
>> > http://www200.pair.com/mecham/spam/bypassing.html#1
>> 
>> > I followed the above directions hoping that they would work for incoming
>> > mail and whoops, they don't.
>> 
>> > All I can think of is, I have an lmtp line that looks like this:
>> 
>> > lmtp      unix  -       -       n       -       -       lmtp
>> 
>> > and have not configured amavis as the lmtp as suggested.
>> 
>> > lmtp-amavis unix    -    -    n    -    2    lmtp
>> 
>> > I need all mail originating in $mynetworks to pass through the spamgate
>> > and onto my single relay host untouched. As if amavis wan't there at
>> > all.
>> 
>> > Please advise.
>> 
>> The lmtp-amavis as shown is an alternative to the more common
>> smtp-amavis.
>> 
>> Show your master.cf and output of:
>> postconf content_filter
>> 
>> Gary V

> Hi Gary. Thanks for your continued support.

># postconf content_filter
> content_filter = smtp-amavis:[127.0.0.1]:10024

> smtp-amavis unix        -       -       -       -       4       smtp
>         -o smtp_data_done_timeout=1200
>         -o smtp_send_xforward_command=yes
>         -o disable_dns_lookups=yes
>         -o max_use=20

Ok, you are using smtp-amavis, so there is no reason to also create
lmtp-amavis. The MYNETS policy bank will not leave mail from
@mynetworks 'untouched'. Mail is still sent to amavisd for processing.
In the example, everything except virus checks is bypassed, but even
if you bypass virus checks, mail is still 'touched'. What you are
requesting is mail from certain clients should bypass amavisd-new.

To accomplish this, you could use example #2 with a slight
modification:
http://www200.pair.com/mecham/spam/bypassing.html#2

The modification would be on the second IP address where you would use
 -o content_filter=

192.168.1.222:smtp inet  n       -       n       -       -       smtpd
    -o content_filter=
    -o mynetworks=127.0.0.0/8,!192.168.1.1,192.168.1.0/24
    -o smtpd_client_restrictions=permit_mynetworks,reject

This requires you reconfigure your clients to use the new IP address.

or like example 4, use a different port (which also requires you
reconfigure your clients). Here port 4025 is used as an example:

4025 inet  n       -       n       -       -       smtpd
    -o content_filter=
    -o mynetworks=127.0.0.0/8,192.168.1.0/24
    -o smtpd_client_restrictions=permit_mynetworks,reject

Another way is explained in example #5. This does not require you
reconfigure your clients. Read the note near the end of
that section. Instead of using a hash: table you could a use a
cidr: table and list your network there:

smtpd_client_restrictions =
    check_client_access cidr:/etc/postfix/amavis_bypass

contents of cidr:/etc/postfix/amavis_bypass:
# this one does not bypass amavisd-new:
10.0.0.1 FILTER smtp:[127.0.0.1]:10024
# other internal clients do:
10.0.0.0/24 FILTER smtp:[127.0.0.1]:10025

Gary V


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to