Thomas, > i'm trying to activate the pen pals / bounce killer feature. > > i'm using amavisd-new 2.6.2 on debian lenny. i configured storage_sql_dsn > for logging. lookup is done in ldap. Full configuration here: > http://pastebin.com/m45149835 > > i've configured a policybank SMTP and Submission. Postfix will send port > 25 to SMTP and 587 to Submission. Log says that's working. I read such > entries: > > "Passed CLEAN, SMTP" > "Passed CLEAN, Submission LOCAL" > > For policy bank submission i turned on "originating => 1", as you just > can send if your [you're] authenticated
> - is this the "LOCAL" part of the syslog entry? Yes, the presence of a 'LOCAL' in the log directly corresponds to the 'originating' flag being true. log template: [?%l||LOCAL ] amavisd-new-2.5.0 release notes: * macro %l (letter ell) now directly corresponds to the current value of the 'originating' variable (returning a '1' or an empty string); > How does amavisd decide if a sender is local Only by the 'originating' flag being true. > if he sends authenticated by port 25? The 'originating' flag is either turned on implicitly by a SMTP client's IP address matching @mynetworks, or explicitly by some policy bank with "originating => 1". How you activate a policy bank is up to you. So, if you want authenticated mail submitted to port 25 from remote clients to be considered originating, you must somehow configure MTA to recognize it and redirect it to amavisd on a dedicated port where a corresponding policy bank will be activated. How you do it varies, a common approach relies on FILTER in smtpd_sender_restrictions, see: http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim-postfix-dual-path A cleaner approach is to separate MX from a submission mailer (give each its own IP address, even if on the same host), then block port 25 of the submission mailer at the firewall or by a smtpd_client_restrictions. This way no FILTER tricks are necessary, an '-o content_filter=...' attached to appropriate Postfix smtpd services suffices. > i've read that every address that it finds in LDAP is considered local. Yes, unless claimed otherwise by an attribute amavisLocal being false. But you are mixing two things: a domain in an email-address being considered local or not, and the fact that a mail is coming from your networks or roaming authenticated users. These are two unrelated things. The two facts combine as follows: originating recipient-local 0 0 can not happen (or an open relay) 0 1 inbound mail 1 0 outbound mail 1 1 internal-to-internal mail A sender address being local or not does not influence any important decisions, is for most purposes irrelevant as far as amavisd is concerned (SpamAssassin may want to examine it nevertheless). What matters for important decisions are 'originating' flag, and a recipient address being local or not. In other words, 'originating' tells where mail is COMING FROM, recipient domain tells where mail is GOING TO. Sender domain is irrelevant for most purposes. > shoudn't it then also mention "LOCAL" in syslog entries, how do I > know that amavisd knows that it's a local mail? The LOCAL in the main log entry says mail is originating. > as i've configured port 25 for smtpd_proxy_filter i don't know a method > how to redirect port25-authenticated users to a policy bank with > "originating => 1". See the above URL. Mark ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
