Ian, * Ian Evans <[email protected]>: > On Tue, Aug 4, 2020 at 3:38 PM Matus UHLAR - fantomas <[email protected]> > wrote: > > > >Open relay? Nonlocal recips but not originating: [person I'm emailing] > > > > this happens when 'originating' flag is not set and recipient is not local. > > maybe you don't have $mynetworks amavis variable set > > > > Okay bizarre. Just did a grep on my conf.d dir and 'originating' and > '$mynetworks' don't appear in any of these files: > > 01-debian > 05-domain_id > 05-node_id > 15-av_scanners > 15-content_filter_mode > 20-debian_defaults > 21-ubuntu_defaults > 25-amavis_helpers > 30-template_localization > 40-policy_banks > 50-user > > Again except for these outgoing notices in the logs, the server has worked > fine for years. Amavis, Postfix and Dovecot are all on the same server.
for any domain/recipient that amavis should feel responsible for add its name
to @local_domains_maps or let amavis read it from a file, e.g.
/etc/postfix/relay_domains:
@local_domains_maps = (
".$mydomain",
read_hash('/etc/postfix/relay_domains')
);
This will tell amavis what it should classify as "incoming".
For any IP address/network that is internal add it to @mynetworks. This will
tell amavis which sources are internal:
@mynetworks = qw(
127.0.0.0/8
);
In reverse conclusion all other senders not listed in @mynetworks are
considered to be "outside".
If your authenticated senders submit messages via Port 465 or 587 then route
their messages into a dedicated port into amavis and assign that port to a
policy bank, where you declare everything in that policy bank as originating:
# Claim the port:
@listen_sockets = (
# Release
'[::1]:9998',
# Post-Queue, Submission
'[::1]:10024',
# Pre-Queue, MTA zu MTA
"$MYHOME/amavisd.sock"
);
# Assign the port to a $policy_bank:
$interface_policy{'10024'} = 'SUBMISSION';
# Tag everything as $originating in that policy_bank:
$policy_bank{'SUBMISSION'} = {
originating => 1,
bypass_spam_checks_maps => [1],
final_virus_destiny => D_BOUNCE,
final_banned_destiny=> D_PASS,
final_bad_header_destiny => D_PASS,
banned_filename_maps => ['MYNETS-DEFAULT'],
warnbadhsender => 0,
forward_method => 'smtp:127.0.0.1:10025',
notify_method => 'smtp:127.0.0.1:10025',
undecipherable_subject_tag => undef,
};
> Just so I don't upset the apple cart, what do I need to add and to which
> file do I need to add it?
I suggest you copy over 50-user to 60-mysystem and add your local config
there. It will never be overwritten by an update.
p@rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
smime.p7s
Description: S/MIME cryptographic signature
