Hi, this morning a mail has been blocked that came from an internal address because of RCVD_IN_BRBL_LASTEXT, RCVD_IN_PBL and others. The mail is from one domain local to my Postfix to another domain local to my postfix.
IP address of the SMTP sender is in @mynetworks in amavisd.conf as well as in trusted_networks in spamassassin/local.cf. This is the Amavis log: =================================================================================== loaded policy bank "MYNETS" ESMTP::10024 /var/spool/amavis/tmp/amavis-20150806T025226-29363-HQpQ9khh: <[email protected]> -> <[email protected]> SIZE=2874 BODY=7BIT Received: from mx2.local.domain ([127.0.0.1]) by amavisd.local.domain (mx2.local.domain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <[email protected]>; Thu, 6 Aug 2015 08:32:11 +0200 (CEST) Checking: 6EBXfVXE3k9f MYNETS [192.168.7.21] <[email protected]> -> <[email protected]> p001 1 Content-Type: text/plain, size: 1227 B, name: header_edits_for_quar: <[email protected]> -> <[email protected]>, Yes, score=7.815 tag=-999 tag2=6.2 kill=6.9 tests=[RCVD_IN_BRBL_LASTEXT=1.644, RCVD_IN_PBL=3.558, RCVD_IN_SORBS_DUL=0.001, RCVD_IN_SORBS_WEB=0.614, RCVD_IN_XBL=0.724, RDNS_NONE=1.274] autolearn=no SEND from <> -> <[email protected]>,[email protected] BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 63E3FCC5D6 Blocked SPAM {DiscardedOutbound,Quarantined}, MYNETS LOCAL [192.168.7.21]:46212 [192.168.7.21] <[email protected]> -> <[email protected]>, quarantine: [email protected], Queue-ID: 699BECC5D5, Message-ID: <[email protected]>, mail_id: 6EBXfVXE3k9f, Hits: 7.815, size: 2874, 461 ms =================================================================================== The Received headers look like this: =================================================================================== Received: from mx2.local.domain ([127.0.0.1]) by amavisd.local.domain (mx2.local.domain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6EBXfVXE3k9f for <[email protected]>; Thu, 6 Aug 2015 08:32:11 +0200 (CEST) Received: from mail.local.domain (fis-d-exchange [192.168.7.21]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx2.local.domain (Postfix) with ESMTPS id 699BECC5D5 for <[email protected]>; Thu, 6 Aug 2015 08:32:10 +0200 (CEST) Received: from MSEX1.local.domain ([fe80::f93c:3c98:7c66:3b33]) by MSEX1.local.domain ([fe80::f93c:3c98:7c66:3b33%11]) with mapi id 14.03.0248.002; Thu, 6 Aug 2015 08:32:08 +0200 =================================================================================== What I don't understand: shouldn't Amavis skip RBL/PBL checks when the SMTP sender is in @mynetworks? Could it be that amavis is confused by the IPv6 address in the headers? Or do I need to add something to my policy_banks? Current setup is: =================================================================================== @mynetworks = qw( 127.0.0.1/32 # others 192.168.7.21/32 # others ); $policy_bank{'MYNETS'} = { originating => 1, os_fingerprint_method => undef, }; $policy_bank{'ORIGINATING'} = { originating => 1, allow_disclaimers => 1, virus_admin_maps => ["$MY_alerts"], spam_admin_maps => ["$MY_alerts"], warnbadhsender => 1, forward_method => 'smtp:[127.0.0.1]:10027', smtpd_discard_ehlo_keywords => ['8BITMIME'], bypass_banned_checks_maps => [1], terminate_dsn_on_notify_success => 0, }; =================================================================================== Versions are: postfix-2.9.4 amavisd-new-2.7.0 spamassassin-3.3.1 Regards, Robert
