On Tue, Aug 4, 2020 at 6:19 PM Patrick Ben Koetter <[email protected]> wrote:
> Ian, > > * Ian Evans <[email protected]>: > > On Tue, Aug 4, 2020 at 3:38 PM Matus UHLAR - fantomas <[email protected] > > > > wrote: > > > > > >Open relay? Nonlocal recips but not originating: [person I'm emailing] > > > > > > this happens when 'originating' flag is not set and recipient is not > local. > > > maybe you don't have $mynetworks amavis variable set > > > > > > > Okay bizarre. Just did a grep on my conf.d dir and 'originating' and > > '$mynetworks' don't appear in any of these files: > [snip]> > > Again except for these outgoing notices in the logs, the server has > worked > > fine for years. Amavis, Postfix and Dovecot are all on the same server. > > for any domain/recipient that amavis should feel responsible for add its > name > to @local_domains_maps or let amavis read it from a file, e.g. > /etc/postfix/relay_domains: > > @local_domains_maps = ( > ".$mydomain", > read_hash('/etc/postfix/relay_domains') > ); > > This will tell amavis what it should classify as "incoming". > > For any IP address/network that is internal add it to @mynetworks. This > will > tell amavis which sources are internal: > > @mynetworks = qw( > 127.0.0.0/8 > ); > > In reverse conclusion all other senders not listed in @mynetworks are > considered to be "outside". > > If your authenticated senders submit messages via Port 465 or 587 then > route > their messages into a dedicated port into amavis and assign that port to a > policy bank, where you declare everything in that policy bank as > originating: > > # Claim the port: > @listen_sockets = ( > # Release > '[::1]:9998', > # Post-Queue, Submission > '[::1]:10024', > # Pre-Queue, MTA zu MTA > "$MYHOME/amavisd.sock" > ); > > # Assign the port to a $policy_bank: > $interface_policy{'10024'} = 'SUBMISSION'; > > # Tag everything as $originating in that policy_bank: > $policy_bank{'SUBMISSION'} = { > originating => 1, > bypass_spam_checks_maps => [1], > final_virus_destiny => D_BOUNCE, > final_banned_destiny=> D_PASS, > final_bad_header_destiny => D_PASS, > banned_filename_maps => ['MYNETS-DEFAULT'], > warnbadhsender => 0, > forward_method => 'smtp:127.0.0.1:10025', > notify_method => 'smtp:127.0.0.1:10025', > undecipherable_subject_tag => undef, > }; > > > > Just so I don't upset the apple cart, what do I need to add and to which > > file do I need to add it? > > I suggest you copy over 50-user to 60-mysystem and add your local config > there. It will never be overwritten by an update. > > Patrick, thanks for the detailed notes. I wanted to respond when I had time to look at my setup. A few questions: I only handle email for my domain so I'm assuming this is okay? @local_domains_maps = ( ".$mydomain" ); @mynetworks = qw( 127.0.0.0/8 ); My biggest question and config I don't want to foul up is the submission section for the amavis config. Here's what's in my master.cf in Postfix: submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING #OpenDKIM signing -o smtpd_milters=inet:localhost:12345 So the email is sent to port 587 and processed through OpenDKIM. Being coffee and sleep-deprived I don't want to FUBAR anything in the amavis config? Your example said to claim the port: # Claim the port: @listen_sockets = ( # Release '[::1]:9998', # Post-Queue, Submission '[::1]:10024', # Pre-Queue, MTA zu MTA "$MYHOME/amavisd.sock" ); So which one do I change? And will that interfere with the master.cf submission interfacing with OpenDKIM. Thanks again. If I was feeling better I'm sure this would be clearer to me. Take care.
