Peter,
> I have added this to my amavisd.conf file
>
> $policy_bank{'SMTP_AUTH'} = {
> originating => 1,
> bypass_banned_checks_maps => [1],
> bypass_spam_checks_maps => [1],
> os_fingerprint_method => undef, # don't query p0f for internal clients
> };
>
> I am just wondering if this is the correct way to do that, or if this
> might be overkill. I do not want to have mails from authenticated users
> checked for spam, and they should be allowed to send attachments.
Yes, looks good. If you want to guaranty spam and banned checks
do not apply even if a result is already available in the cache,
you may want to also add:
spam_lovers_maps => [1],
banned_files_lovers_maps => [1],
> I don't excactly know what the "originating" stands for?
amavisd-new-2.5.0 release notes :
- policy banks now contain a new key 'originating', which generalizes
a previously hard-wired policy bank MYNETS. It is a boolean variable,
turned on automatically in the currently loaded policy bank when a
smtp client's IP address matches @mynetworks_maps, to retain full
compatibility with existing setups. When a new policy bank is loaded
over a current one, the new policy bank may also modify the 'originating'
key - a typical use is to turn it on by a policy bank activated by mail
submission from authenticated roaming users (SASL/AUTH), so that such
users are treated as locals (originating mail) even though their IP address
does not match a @mynetworks_maps list of lookup tables.
The current value of variable 'originating' is now the only control to
some macros or decisions, which were previously controlled implicitly
by a @mynetworks_maps match. These are:
* macro %l now directly corresponds to the current value of the
'originating' variable (returning a '1' or an empty string);
* some statistics counters differentiate between 'Inbound' and 'Internal'
mail directly based on the value of the 'originating' variable
(applies to mail with local recipients, otherwise it is 'Outbound');
* pen pals lookups are performed only when 'originating' is false
(i.e. for all inbound or internal mail);
* there may be other uses in the future (e.g. DKIM signing perhaps),
so it is prudent to keep @mynetworks_maps and @local_domains_maps
configured correctly, and if necessary turn on the 'originating' flag
for mail that is supposed to be treated as originating from internal
or authorized roaming users;
Example use:
$interface_policy{'10026'} = 'ORIG';
$policy_bank{'ORIG'} = { # mail originating from our users
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 1, # enables disclaimer insertion if available
virus_admin_maps => ["[EMAIL PROTECTED]"],
spam_admin_maps => ["[EMAIL PROTECTED]"],
warnbadhsender => 1,
# forward to a smtpd service providing DKIM signing service
forward_method => 'smtp:[127.0.0.1]:10027',
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_banned_checks_maps => [1], # allow sending any file names & types
terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS opt.
};
Mark
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
