Hello all, Sorry if this has been answered before (it probably has, but, AFAIK, there's no way to search the list archives, only dig through one post after the other... Do I miss something?)
I want to bypass Amavis scanning for outgoing emails (I know there is some point to allow outgoing emails scanning, but this is another question IMHO), so I've done a few searchs and ended-up on that: http://marc.info/?l=amavis-user&m=113415019700881 I tried to apply advise #2, i.e.: what follows the "Another way is more specific" sentence. So: - I added: "check_client_access hash:/etc/postfix/amavis_internal" to Postfix's main.cf - I wrote these two lines to: /etc/postfix/amavis_internal 10.10.10.11 FILTER amavis:[10.10.10.11]:10026 88.191.xxx.xxx FILTER amavis:[10.10.10.11]:10026 (The email server is a linux-vserver, which is listening on 10.10.10.11, while amavis is running on another linux-vserver, with the 10.10.10.15 IP address). Then I postmap'ed amavis_internal and reloaded Postfix. - Finally, I commented-out: $inet_socket_port = undef and added: $inet_socket_port = [10024, 10026]; $interface_policy{'10026'} = 'INTERNAL'; $policy_bank{'INTERNAL'} = { # mail originating from the internal server bypass_spam_checks_maps => [1], # don't spam-check outgoing mail bypass_banned_checks_maps => [1], # don't banned-check outgoing mail final_spam_destiny => D_PASS, # insure spam passes final_banned_destiny => D_PASS, # insure banned files pass }; in /etc/amavis/conf.d/50-user (this is a Debian vserver), then I restarted Amavis. Using this setup, emails are not delivered anymore. Here's what the logs say (vscan1 is the Amavis server, with the 10.10.10.15 IP address): mail.info.2.gz:Mar 12 03:16:30 vscan1 amavis[17484]: (!)Net::Server: 2011/03/12-03:16:30 Can't connect to TCP port 10024 on 10026 [Cannot as sign requested address]\n at line 88 in file /usr/share/perl5/Net/Server/Proto/TCP.pm I dig the web a bit and believe that I found a post saying that amavisd can't listen on two different ports. I'm not sure as I can't find it anymore. Should I then consider that this kind of "mini-howto" is wrong? Do I miss something? Answers will be, of course, greatly appreciated :) Thanks, -- Loic
