MrC <lists-ama...@cappella.us> wrote:
>Jeff,
>
>On 7/27/2009 1:32 PM, Jeff Grossman wrote:
>> I am running Postfix 2.6.2 and Amavis 2.6.4 together. Everything is
>> running smoothly except for one problem. When a user connects remotely and
>> sends a message, I get the following line in my amavis-logwatch output:
>>
>> 1 *Warning: Security risk
>> -----------------------------------------------------------------
>> 1 Open relay? Nonlocal recips but not originating: recip1
>>
>> I have asked about this on the Logwatcher mailing list, but I was told it
>> was an Amavis configuration problem. What setting do I either have
>> incorrect or not have at all to remove this error from the amavis-logwatch
>> output?
>>
>
>I saw your post, but had believed it was answered to your satisfaction,
>so didn't contribute anything.
>
>Here's the basic idea, as others have mentioned.
>
>You want something similar to the submission service listed below in
>postfix's master.cf file (note the content_filter setting and port
>number of 10026):
>
>master.cf:
>
>submission inet n - n - - smtpd
> -o content_filter=lmtp-amavis:[127.0.0.1]:10026
> -o smtpd_tls_security_level=encrypt
> -o smtpd_tls_auth_only=yes
> -o smtpd_sasl_auth_enable=yes
> -o broken_sasl_auth_clients=yes
> -o receive_override_options=no_header_body_checks,no_address_mappings
> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
>
>
>Now, in amavis's configuration file amavisd.conf, you'd want a matching
>policy bank entry with listener (note the additional 10026 listening
>port in $inet_socket_port):
>
>amavsid.conf:
>
># listen on multiple TCP ports
>$inet_socket_port = [10024,10026];
>
>$interface_policy{'10026'} = 'ORIGINATING';
>
># mail supposedly originating from our users
>$policy_bank{'ORIGINATING'} = {
> # declare that mail was submitted by our smtp client
> originating => 1,
> # enables disclaimer insertion if available
> # allow_disclaimers => 1,
> # avoids loading MYNETS policy unnecessarily
> mynetworks_maps => [],
> # don't spam scan
> bypass_spam_checks_maps => [1],
> # allow sending any file names and types
> bypass_banned_checks_maps => [1],
> # don't check headers
> bypass_header_checks_maps => [1],
> # notify administrator of locally originating malware
> virus_admin_maps => ["virusale...@$mydomain"],
> spam_admin_maps => ["virusale...@$mydomain"],
> warnbadhsender => 1,
> # don't remove NOTIFY=SUCCESS option
> terminate_dsn_on_notify_success => 0,
> # don't query p0f
> os_fingerprint_method => undef,
>};
>
>With these settings, the mail submitted by your users will traverse one
>route while your general service takes the existing route. The
>'originating' flag will be set, and amavis will consider mail from your
>local users as local mail. Tailor to suit your needs.
>
>See also:
>
>http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks-ex
>
>Mike
I never responded to this e-mail, but wanted to say thank you.
Everything that you said in this message worked perfectly and I am no
longer getting the error message in my log files.
Jeff
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
