Jo,
> Okay, so here is the guilty code:
> elsif (!c('originating') && $sender ne '' &&
> lookup(0,$sender,@{ca('local_domains_maps')})) {}
> # no bonus to senders from outside using local domain, can't trust
> them
>
> I'm not sure what sets "originating", but it seems to read that if
> it's a local domain user but isn't originating locally then skip
> penpals. I believe that this logic is wrong for several reasons:
>
> * One of the major sources of false spam reports is mail coming from
> the blackberry servers. Which may be local domain name, but coming
> from remote source. Penpals would help.
>
> * Is originating only set by mynets? The messages which are failing
> are SMTP-auth messages. Isn't that originating? Should we check for
> auth and mark messages as originating?
'originating' is implicitly set by mynets, but you can set it
explicitly, typically from a policy bank.
amavisd-new-2.5.0 release notes
- policy banks now contain a new key 'originating', which generalizes
a previously hard-wired policy bank MYNETS. It is a boolean variable,
turned on automatically in the currently loaded policy bank when a
smtp client's IP address matches @mynetworks_maps, to retain full
compatibility with existing setups. When a new policy bank is loaded
over a current one, the new policy bank may also modify the 'originating'
key - a typical use is to turn it on by a policy bank activated by mail
submission from authenticated roaming users (SASL/AUTH), so that such
users are treated as locals (originating mail) even though their IP address
does not match a @mynetworks_maps list of lookup tables.
The current value of variable 'originating' is now the only control to
some macros or decisions, which were previously controlled implicitly
by a @mynetworks_maps match. These are:
* macro %l (letter ell) now directly corresponds to the current value
of the 'originating' variable (returning a '1' or an empty string);
* some statistics counters differentiate between 'Inbound' and 'Internal'
mail directly based on the value of the 'originating' variable
(applies to mail with local recipients, otherwise it is 'Outbound');
* pen pals lookups are performed only when 'originating' is false
(i.e. for all inbound or internal mail);
* there may be other uses in the future (e.g. DKIM signing perhaps),
so it is prudent to keep @mynetworks_maps and @local_domains_maps
configured correctly, and if necessary turn on the 'originating' flag
for mail that is supposed to be treated as originating from internal
or authorized roaming users;
Example use:
$interface_policy{'10026'} = 'ORIG';
$policy_bank{'ORIG'} = { # mail originating from our users
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 1, # enables disclaimer insertion if available
virus_admin_maps => ["[EMAIL PROTECTED]"],
spam_admin_maps => ["[EMAIL PROTECTED]"],
warnbadhsender => 1,
# forward to a smtpd service providing DKIM signing service
forward_method => 'smtp:[127.0.0.1]:10027',
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_banned_checks_maps => [1], # allow sending any file names & types
terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS opt.
};
> * One of the major sources of false spam reports is mail coming from
> the blackberry servers. Which may be local domain name, but coming
> from remote source. Penpals would help.
If such mail can somehow be reliably identified by MTA
(e.g on a sending host's IP address), it can route it to amavisd
on a dedicated port, where a policy bank sets originating=>1.
This flag now (with 2.6.0) also enables DKIM signing.
> Um... neither of these are defined.
> I have maybe 70 domains locally, so I was using
> @local_domains_acl = ('.');
Not recommended, except for testing.
There is an increasing number of features which need
to distinguish between inbound, outbound and all-internal
mail. The @local_domains_maps and the originating flag serve
to distinguish between the three possibilities (the fourth
never occurs, unless one is running an open relay).
Mark
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
