MrC <lists-ama...@cappella.us> wrote: >Jeff, > >On 7/27/2009 1:32 PM, Jeff Grossman wrote: >> I am running Postfix 2.6.2 and Amavis 2.6.4 together. Everything is >> running smoothly except for one problem. When a user connects remotely and >> sends a message, I get the following line in my amavis-logwatch output: >> >> 1 *Warning: Security risk >> ----------------------------------------------------------------- >> 1 Open relay? Nonlocal recips but not originating: recip1 >> >> I have asked about this on the Logwatcher mailing list, but I was told it >> was an Amavis configuration problem. What setting do I either have >> incorrect or not have at all to remove this error from the amavis-logwatch >> output? >> > >I saw your post, but had believed it was answered to your satisfaction, >so didn't contribute anything. > >Here's the basic idea, as others have mentioned. > >You want something similar to the submission service listed below in >postfix's master.cf file (note the content_filter setting and port >number of 10026): > >master.cf: > >submission inet n - n - - smtpd > -o content_filter=lmtp-amavis:[127.0.0.1]:10026 > -o smtpd_tls_security_level=encrypt > -o smtpd_tls_auth_only=yes > -o smtpd_sasl_auth_enable=yes > -o broken_sasl_auth_clients=yes > -o receive_override_options=no_header_body_checks,no_address_mappings > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject > > >Now, in amavis's configuration file amavisd.conf, you'd want a matching >policy bank entry with listener (note the additional 10026 listening >port in $inet_socket_port): > >amavsid.conf: > ># listen on multiple TCP ports >$inet_socket_port = [10024,10026]; > >$interface_policy{'10026'} = 'ORIGINATING'; > ># mail supposedly originating from our users >$policy_bank{'ORIGINATING'} = { > # declare that mail was submitted by our smtp client > originating => 1, > # enables disclaimer insertion if available > # allow_disclaimers => 1, > # avoids loading MYNETS policy unnecessarily > mynetworks_maps => [], > # don't spam scan > bypass_spam_checks_maps => [1], > # allow sending any file names and types > bypass_banned_checks_maps => [1], > # don't check headers > bypass_header_checks_maps => [1], > # notify administrator of locally originating malware > virus_admin_maps => ["virusale...@$mydomain"], > spam_admin_maps => ["virusale...@$mydomain"], > warnbadhsender => 1, > # don't remove NOTIFY=SUCCESS option > terminate_dsn_on_notify_success => 0, > # don't query p0f > os_fingerprint_method => undef, >}; > >With these settings, the mail submitted by your users will traverse one >route while your general service takes the existing route. The >'originating' flag will be set, and amavis will consider mail from your >local users as local mail. Tailor to suit your needs. > >See also: > >http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks-ex > >Mike
I never responded to this e-mail, but wanted to say thank you. Everything that you said in this message worked perfectly and I am no longer getting the error message in my log files. Jeff ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/