MrC <lists-ama...@cappella.us> wrote:

>Jeff,
>
>On 7/27/2009 1:32 PM, Jeff Grossman wrote:
>> I am running Postfix 2.6.2 and Amavis 2.6.4 together. Everything is
>> running smoothly except for one problem. When a user connects remotely and
>> sends a message, I get the following line in my amavis-logwatch output:
>>
>> 1   *Warning: Security risk
>> -----------------------------------------------------------------
>> 1      Open relay? Nonlocal recips but not originating: recip1
>>
>> I have asked about this on the Logwatcher mailing list, but I was told it
>> was an Amavis configuration problem.  What setting do I either have
>> incorrect or not have at all to remove this error from the amavis-logwatch
>> output?
>>
>
>I saw your post, but had believed it was answered to your satisfaction, 
>so didn't contribute anything.
>
>Here's the basic idea, as others have mentioned.
>
>You want something similar to the submission service listed below in 
>postfix's master.cf file (note the content_filter setting and port 
>number of 10026):
>
>master.cf:
>
>submission inet n       -       n       -       -       smtpd
>    -o content_filter=lmtp-amavis:[127.0.0.1]:10026
>    -o smtpd_tls_security_level=encrypt
>    -o smtpd_tls_auth_only=yes
>    -o smtpd_sasl_auth_enable=yes
>    -o broken_sasl_auth_clients=yes
>    -o receive_override_options=no_header_body_checks,no_address_mappings
>    -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
>
>
>Now, in amavis's configuration file amavisd.conf, you'd want a matching 
>policy bank entry with listener (note the additional 10026 listening 
>port in $inet_socket_port):
>
>amavsid.conf:
>
># listen on multiple TCP ports
>$inet_socket_port = [10024,10026];
>
>$interface_policy{'10026'} = 'ORIGINATING';
>
># mail supposedly originating from our users
>$policy_bank{'ORIGINATING'} = {
>   # declare that mail was submitted by our smtp client
>     originating => 1,
>   # enables disclaimer insertion if available
>   # allow_disclaimers => 1,
>   # avoids loading MYNETS policy unnecessarily
>     mynetworks_maps => [],
>   # don't spam scan
>     bypass_spam_checks_maps => [1],
>   # allow sending any file names and types
>     bypass_banned_checks_maps => [1],
>   # don't check headers
>     bypass_header_checks_maps => [1],
>   # notify administrator of locally originating malware
>     virus_admin_maps => ["virusale...@$mydomain"],
>     spam_admin_maps  => ["virusale...@$mydomain"],
>     warnbadhsender   => 1,
>   # don't remove NOTIFY=SUCCESS option
>     terminate_dsn_on_notify_success => 0,
>   # don't query p0f
>     os_fingerprint_method => undef,
>};
>
>With these settings, the mail submitted by your users will traverse one 
>route while your general service takes the existing route.  The 
>'originating' flag will be set, and amavis will consider mail from your 
>local users as local mail.  Tailor to suit your needs.
>
>See also:
>
>http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks-ex
>
>Mike

I never responded to this e-mail, but wanted to say thank you.
Everything that you said in this message worked perfectly and I am no
longer getting the error message in my log files.

Jeff


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/amavis-user 
 AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 
 AMaViS-HowTos:http://www.amavis.org/howto/ 

Reply via email to