Sorry Karol, I misspoke. I thought this was another issue. Ignore my comment.
-----Original Message----- From: amavis-users [mailto:[email protected]] On Behalf Of Karol Augustin Sent: Friday, February 9, 2018 8:05 PM To: [email protected] Subject: Re: Open relay? Nonlocal recips but not originating: in my maillog On 2018-02-10 0:44, Dino Edwards wrote: > This has been a well publicized issue. As far as I can tell there is no fix, > it seems to be a perl issue. Are you using Fedora? I couldn't find anything about it. I am using Debian. Can you point me to any info about it? It seems weird to be a Perl issue. There are some changes between these versions around handling policy banks. Do you know what is exact cause of this? For me it looks like a bug. This is diff between the versions relating handling policy banks. Haven't got a chance to dive into that yet... @@ -12629,14 +13000,20 @@ sub after_chroot_init() { # $policy_bank{$policy_bank_name}, or load the default policy bank (empty name) # sub load_policy_bank($;$) { - my($policy_bank_name,$msginfo) = @_; - if (!exists $policy_bank{$policy_bank_name}) { - do_log(-1,'policy bank "%s" does not exist, ignored', $policy_bank_name); - } elsif ($policy_bank_name eq '') { + my($policy_bank_name, $msginfo) = @_; if (!defined + $policy_bank_name) { + # silently ignore + } elsif (!exists $policy_bank{$policy_bank_name}) { + do_log(5,'policy bank "%s" does not exist, ignored', $policy_bank_name); + } elsif ($policy_bank_name eq '') { # special case %current_policy_bank = %{$policy_bank{$policy_bank_name}}; # copy base update_current_log_level(); do_log(4,'loaded base policy bank'); + } elsif ($policy_bank_name eq c('policy_bank_name')) { + do_log(5,'policy bank "%s" just loaded, ignored', $policy_bank_name); } else { + # compatibility: policy bank MYNETS implicitly pre-sets 'originating' flag + $current_policy_bank{'originating'} = 1 if $policy_bank_name eq 'MYNETS'; my $cpbp = c('policy_bank_path'); # currently loaded bank my $new_bank_ref = $policy_bank{$policy_bank_name}; my $do_log5 = ll(5); @@ -12683,10 +13060,59 @@ sub load_policy_bank($;$) { } $current_policy_bank{'policy_bank_path'} = ($cpbp eq '' ? '' : $cpbp.'/') . $policy_bank_name; - update_current_log_level(); ll(3) && do_log(3,'loaded policy bank "%s"%s', $policy_bank_name, $cpbp eq '' ? '' : " over \"$cpbp\""); + # update global settings which may have changed + update_current_log_level(); + $msginfo->originating(c('originating')) if $msginfo; + } +} + > > ------------------------- > > FROM: Karol Augustin <[email protected]> > SENT: Friday, February 9, 2018 7:32 PM > TO: [email protected] > SUBJECT: Re: Open relay? Nonlocal recips but not originating: in my > maillog > > Hi, > > I have the same problem when I upgraded to 2.11. It looks like > originating -> 1 is not respected and Amavis decides that all e-mail > is send from non-local addresses. > > As soon as I update to 2.11 I get this problem: > > amavis[24157]: (24157-01) Passed CLEAN {AcceptedInternal}, AM.PDP-SOCK > LOCAL [66.220.155.153] [66.220.155.153] /AM.PDP <external_address> -> > <local_address> > amavis[23558]: (23558-01) Passed CLEAN {RelayedOpenRelay}, ORIGINATING > [127.0.0.1]:43008 ESMTP/ESMTP <local_address> -> <external_address> > amavis[23371]: (23371-01) Passed CLEAN {RelayedInbound}, ORIGINATING > [86.47.99.235]:57284 [86.47.99.235] ESMTP/ESMTP <local_address> -> > <local_address> > > With 2.10 (same config): > > amavis[25242]: (25242-01) Passed CLEAN {AcceptedInbound}, AM.PDP-SOCK > [2607:f8b0:4001:c0b::234] [2607:f8b0:4001:c0b::234] /AM.PDP > <external_address> -> <local_address>, > amavis[25244]: (25244-01) Passed CLEAN {RelayedOutbound}, ORIGINATING > LOCAL [127.0.0.1]:43684 ESMTP/ESMTP <local_address> -> > <external_address> > amavis[25250]: (25250-01) Passed CLEAN {RelayedInternal}, ORIGINATING > LOCAL [127.0.0.1]:43838 ESMTP/ESMTP <local_address> -> <local_address> > > I have following relevant config: > > $inet_socket_port = [10026,10027]; > $interface_policy{'10026'} = 'ORIGINATING'; $interface_policy{'10027'} > = 'PICKUP'; > > $policy_bank{'AM.PDP-SOCK'} = { > protocol => 'AM.PDP', > originating => [1], > }; > > $policy_bank{'PICKUP'} = { # mail originating from @mynetworks > originating => [1], enable_dkim_verification => 1, enable_dkim_signing > => 0, > bypass_spam_checks_maps => 1, # don't spam-check internal mail > bypass_banned_checks_maps => 1, # don't banned-check internal mail # > spam_kill_level_maps => 4, bypass_decode_parts => 1, > bypass_header_checks_maps => 1, bypass_virus_checks_maps => 1, > bypass_banned_checks_maps => 1, # remove_existing_x_scanned_headers > => 1. > }; > > $policy_bank{'ORIGINATING'} = { # mail originating from our users > originating => 0, enable_dkim_verification => 1, > final_virus_destiny => D_BOUNCE, > final_banned_destiny => D_BOUNCE, > final_spam_destiny => D_BOUNCE, > > }; > > $sql_select_policy = 'SELECT name, 3.5 as spam_tag2_level, 9 as > spam_kill_level FROM virtual_domains WHERE CONCAT("@",name) IN (%k)'; > > Thanks, > Karol > -- Karol Augustin [email protected] http://karolaugustin.pl/ +353 85 775 5312
