* [email protected] <[email protected]>: > > I'm setting up Amavis with Postfix. > > It's mostly all working, but when I send mail from an authenticated > roaming user -- specifically from my mobile phone authenticating to and > sending via my server -- I get > > Apr 28 11:31:50 test postfix/qmgr[26625]: 9689560119: > from=<[email protected]>, size=3984, nrcpt=1 (queue active) > Apr 28 11:31:50 test amavis[26375]: (26375-01) Checking: > Yf23MOH6kTEC [184.208.230.208] <[email protected]> -> > <[email protected]> > Apr 28 11:31:50 test amavis[26375]: (26375-01) Open relay? > Nonlocal recips but not originating: [email protected] > Apr 28 11:31:50 test postfix/smtpd[31605]: disconnect from > 184-208-230-208.pools.spcsdns.net[184.208.230.208] > Apr 28 11:31:57 test postfix/qmgr[26625]: D07C96021B: > from=<[email protected]>, size=4505, nrcpt=1 (queue active) > > I tracked down this thread, > > "Open relay? Nonlocal recips but not originating: ..." > http://lists.amavis.org/pipermail/amavis-users/2011-March/000063.html
amavis has an internal model of transport directions (all variations of internal and external). If you don't tell it any sender is believed to be external. If that sender sends to a "non local" domain the transport directions is considered to be "external -> external" aka "open relay". For anything that is directed internal add all your domains to @local_domains_maps. For any local sender with static IP either use @mynetworks or, if you need something more sophistcated, use @client_ipaddr_policy and map certain IP spaces to different policy_banks (where you can run different content filter setups for local senders). For any local sender with dynamic IP let their clients use Port 587 (submission) in Postfix and send their messages to a dedicated content_filter/smtpd_proxy_filter e.g. on port 10026 in amavis. Create a dedicated $policy_bank for that port and (!) set "origination => 1" in that policy bank. This way amavis will know the senders message originates i.e. is local. As soon as you do that amavis will stop complaining, because it can tell where (external/internal) come from and where they are going to (external/internal). p@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
