Hi, I have questions regarding the suggestions on http://www.ijs.si/software/amavisd/amavisd-new-docs.html regarding "Putting policy banks to good use -- examples", and I am a little unclear how it is supposed to work.
I'm specifically looking at Example 3 in the policy bank. The configuration shown is: main.cf: content_filter=smtp-amavis:[127.0.0.1]:10044 smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_recipient_domain, reject_unknown_sender_domain, check_client_access cidr:/etc/postfix/filter-mynets.cidr, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination, check_sender_access regexp:/etc/postfix/filter-catchall.regexp /etc/postfix/filter-mynets.cidr : 127.0.0.0/8 FILTER smtp-amavis:[127.0.0.1]:10042 10.0.0.0/8 FILTER smtp-amavis:[127.0.0.1]:10042 172.16.0.0/12 FILTER smtp-amavis:[127.0.0.1]:10042 192.168.0.0/16 FILTER smtp-amavis:[127.0.0.1]:10042 /etc/postfix/filter-catchall.regexp: /^/ FILTER smtp-amavis:[127.0.0.1]:10040 In my case, I want to do this for DK/DKIM. I want to have all outgoing mail signed (from mynetworks and non-local authenticated mail), but not mail destined for a local address (even if from mynetworks or auth). Am I just confusing myself for no reason? It probably isn't a problem to be signing those auth-to-local and mynetworks-to-local mails, but if it doesn't have to go through that step it reduces the latency a bit. I thought this example was almost exactly what I needed, except that I think I could still use permit_mynetworks rather than the check_client_access because the global filter would be the DK/DKIM signing path and the non-global filter would be the incoming version without DK/DKIM signing. So with: main.cf: content_filter=smtp-amavis:[127.0.0.1]:10044 smtpd_recipient_restrictions = ... permit_mynetworks, permit_sasl_authenticated, ... check_sender_access regexp:/etc/postfix/filter-catchall.regexp /etc/postfix/filter-catchall.regexp: /^/ FILTER smtp-amavis:[127.0.0.1]:10040 mails originating from mynetworks and all authenticated mails go off to be signed by DK/DKIM and the rest, identified by the final check_sender_access will get the custom FILTER action. My confusion about the example as posted is the following line from that page: "The final effect is that ... authenticated non-local mail will be sent for content filtering to port 10044 (the global setting), while all the rest will be sent to port 10040 (as specified in catchall filter)." I don't understand how "authenticated non-local mail will be sent for content filtering to ... the global [content filter]". I can see from this config how ALL authenticated mail gets sent to the global content filter, but I don't see how it is only NON-LOCAL authenticated mail that gets sent to the global content filter, as the page states. Mails matching the check_client_access (from mynetworks) gets sent off to a non-global FILTER. The next line is permit_sasl_authenticated, which seems to send ALL authenticated mail to the global filter, not just NON-LOCAL authenticated mail. So my question I guess is how do I differentiate between local and non-local mails that come in via mynetworks or auth, or am I missing something obvious? Do I need to abandon the global filter and use the lookup FILTER action for all? If so, how do I do that with permit_sasl_authenticated? Dan Horne Web Services Administrator TAIS / Wilcox Travel Agency [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. SPAM-FREE 1.0(2476) ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
