Am Donnerstag 09 Juli 2009 schrieb Thomas Gelf:
> As far as I remember all docs I used long time ago to set up my first > Amavis boxes clearly state that it is absolutely necessary to avoid > REJECTs by the postfix instance Amavis is reinjecting the mail to. It > should NOT do any checks that did not already happen at the first > instance. If you're using smtpd_proxy_filter in Postfix (which you should do to avoid backscatter-mails) it's not possible to use header-/body_checks in the first smtpd-instance on port 25. The only way to use header-/body_checks is the reinjection-instance at port 10025. So: If it would be absolutely not allowed to reject mails at port 10025, body-/header_checks wouldn't be usable any more at all. And: Sometimes it's necessary to have a second filter stage (spam, virus) so it's necessary to feed the mails from amavis directly into another filter to get a realtime spam-/virus-engine. If you don't do so because it isn't allowd to reject mails to amavis, you would always have a store+forward-system and you would always run into backscatter problems. And: Rejecting mails against amavis works pretty good. I can't se a problem in it. It's working great. Except that Amavis is always sending a DSN which is okay with D_BOUNCE and which should be avoided with D_REJECT. -That's the only problem. > The user that brought up this issue is using header checks with > postfix. ...as I recommend and as it is the only way to use body-/header_checks. > In my believes (I must confess I did not read all config > details in that thread) adding "-o header_checks=" to his postfix on > port 10025 would solve this issue - even if I have no idea how he is No, because it isn't possible to specify header_checks= for the smtpd. Adding "-o receive_override_options=no_header_body_checks" would help :-), but in this case you would NEVER do this checks so there's no need do define header_checks at all... > able to generate mail passing this check on the first postfix > instance and hitting it on the second one. A possible explanation Using smtpd_proxy_filter (=pre-queue filtering!) the e-mail is forwarded directly to port 10024. The mail does not pass the cleanup process which is doing the checks. It's not possible to do the check on the first instance! > Nonetheless I cannot immagine any special case where this DSNs (in > case of REJECT) from Amavis would make sense - so as you did I'd also > opt for suppressing them. Perfect :-) Peer Heinlein -- 4. Mailserver-Konferenz am 2./3. Juli 2009 in Berlin: http://www.heinlein-support.de/mk Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030-405051-42 Fax: 030-405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
