Hello Mark
Mark Martinec schrieb:
> Thomas,
>
>> Is there a way for amavisd-new to add X-Spam-Score from spamassassin in
>> every header? It works fine for all mydomains with @local_domains_maps =
>> ( [".$mydomain"] );
>>
>> but I have a lot of backup mx ranges in my postfix with domains i don't
>> host by myself. I need a full scan for this ranges including adding all
>> X-* flags to the header.
>
> Content is scanned regardless of @local_domains_maps,
> it's just the adding of X-Spam-* header fields that
> we are discussing here, these header fields are only
> added to inbound mail (or internal-to-internal mail).
Sure. I also see this by a X-Virus-Scanned entry even for non $mydomain
entries:
X-Virus-Scanned: by amavisd-new at virusscan20.ourdomain.com
> A common way for amavisd to know if mail is inbound
> for any given recipient is to check recipient address
> against @local_domains_maps (in case of multiple recipients,
> mail can be both internal-to-internal and outbound at
> the same time, the property is per-recipient).
> This is the same mechanism as used my MTA
> (e.g. to prevent it being an open relay, ...).
>
> Determining whether to add X-Spam-* header fields is not
> the only reason for @local_domains_maps, a mail direction
> influences some other decisions too, like penpals, DKIM signing
> vs. verification, recipient notifications, adding disclaimers,
> adding X-Quarantine-ID header field, choice of SNMP-like
> statistics counters (amavisd-agent), and likely more
> in the future.
>
> Even though you may treat all world as local
> (by having a '.' in @local_domains_maps), it will
> cause all mail to be treated internal-to-internal
> or inbound, and is it quite likely that sooner or
> later some functionality will behave contrary to
> your expectations. Don't do that.
>
> As you already have a list of local domains made
> available to your MTA, your best choice is to make
> the same list (or its derivative) also available
> to amavisd. One way is to read a text file with
> domains (one per line, leading dot implies its
> subdomains), e.g.:
>
> @local_domains_maps =
> ( read_hash("$MYHOME/etc/local_domains") );
>
> Other choices is to share a SQL table of
> local domains between MTA and amavisd.
>
> There are other options possible, the amavisd.conf
> is just a Perl program, write a small loop to
> create a perl hash from your list of domains
> and assign a ref to it to @local_domains_maps.
Thanks for this excellent explanation. The problem I face are all this
unknown domains from our users. As a larger ISP we usually assign IP
ranges to smaller ISPs or other customers. Some are PA ranges or from
our several /16 ranges. This means i have no clue what kind of domain
names they will host/use.
But we provide for all this ip ranges a backup MX entry, based on this
ip ranges in postfix. Some of this users want to use our mail
environment for anti-spam protections. So they add our mailservers as
backup mx, deny traffic to port 25 on there own primary mx except for
our mail servers.
The idea behind is, that every email goes trough our backup mx, will be
scaned and tagged and delivered to the primary mx which has no anti spam
solution.
So there is no way out of the box to let amavisd-new add X-* tags to the
header based on backup MX IP ranges entries and not domain names?
>> Can this be done with @mynetworks in amavisd.conf?
>
> No, @mynetworks tell amavisd the origin of mail,
> not its destination (just like in MTA).
>
> mynetwork local
> 0 0 can not happen (open relay)
> 0 1 inbound
> 1 0 outbound
> 1 1 internal-to-internal
Ok.
Regards,
Thomas
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
