Alan, > I've just used Lukasz Trabinski rpm's to put amavisd-new 2.6.1 onto a > couple of Fedora 10 box's. I'm doing this so I can configure DKIM > signing and virus scanning for outbound mail. Inbound mail to these > nodes has already been filtered by my box's outside the local network. > > Firstly, having looked at DKIM a couple of times previously, my thanks > to Mark for doing such a great job on making this so easy to deploy. > > Following the on-line docs I've had no problem setting up the signing > and outbound mail is correctly being signed. > > The only problem I seem to have is that inbound mail from the external > relays is being re-scanned. Not a major problem but I'd like to fix > this. As I only want to filter outbound traffic I've set-up ports 10026 > & 10027 as per the on-line docs. I've used > > smtpd_sender_restrictions = > check_sender_access regexp:/etc/postfix/tag_as_originating.re > > to tag for filtering. Which is where I must have gone wrong as all mail > gets triggered for filtering.
The tag_as_originating.re as shown in my example attaches a FILTER unconditionally to every mail. The idea is that a later FILTER in tag_as_foreign.re can override this setting, but only if it is reached. The tag_as_foreign.re is not reached if permit_mynetworks or permit_tls_clientcerts terminates the smtpd_sender_restrictions sooner. So having the first tag_as... without the second doesn't make much sense. > I don't have any of the external relay's > in mynetworks for either amavisd.conf or main.cf. I have tried numerous > options to prevent the external mail from not triggering the filter. > > While I think the other way of setting this up would be to add an alias > address on the internal mail server and to separate the feeds in > master.cf I wanted to check which method of configuration is generally > preferred. I'd also like to fix my current configuration, just for my > own understanding. Right, adding a dedicated alias IP or a dedicated port number for mail arriving from your MX relays would be the cleanest solution. A smtpd service bound to that IP or port can have on -o option (e.g. -o content_filter=amavisfeed:[127.0.0.1]:10024 or even a null -o content_filter=) to override the global default and redirect incoming mail to a dedicated amavisd port or even to bypass amavisd entirely for inbound traffic. Such clean approach also avoids the need to mess with FILTER tagging. Mark ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
