Nikolaos!
* Nikolaos Milas <nmi...@noa.gr>:
> On 28/11/2022 6:12 μ.μ., Patrick Ben Koetter wrote:
> > In this case use @client_ipaddr_policy instead of @mynetworks as it allows
> > for
> > more fine grained control e.g. like this:
> >
> > @client_ipaddr_policy = (
> > [qw( 0.0.0.0/8 127.0.0.1/32 [::] [::1] )] => 'LOCALHOST',
> > [qw( !172.16.1.0/24 172.16.0.0/12 192.168.0.0/16 )] => 'PRIVATENETS',
> > [qw( 192.0.2.0/25 192.0.2.129 192.0.2.130 )] => 'BANK',
> > [qw( 212.7.160.0/19 )] => 'SUBMISSION',
> > \@mynetworks => 'MYNETS'
> >
> > And then create a policy_bank that disabled the checks you'd like to
> > disable.
> >
> > #############################################################################
> > ## POLICY BANKS: BANK
> > #
> >
> > $policy_bank{'BANK'} = {
> > bypass_spam_checks_maps => [1],
> > spam_lovers_maps => [1],
> > };
>
> Hi Patrick,
>
> If I remember right, policy banks get triggered only using particular
> methods; so, in this case, to implement the above (or any other similar
> policy bank), we would need to configure amavis to listen to a different
> port and route such traffic from postfix to amavis to that port. Isn't that
> right?
Nope. amavis ist Perl. There is more than one way to do it. ;-) (SCNR)
amavis may use various triggers to load additional policy_banks. You may use
an entry port like you suggested, or use an IP address like I suggested in my
previous post or even use a valid DKIM signature associated with a particular
senderdomain as trigger to load a policy_bank.
> If so, then it seems to me that the above approach wouldn't help; I would
> think that it is more straightforward to filter the traffic we want in
> postfix and redirect it to a "global" amavis port where we have disabled
> spam processing, as we already currently do, by listening on port 10028:
You any of the triggers I mentioned to load the BYPASS policy_bank if the
trigger exists (some still don't DKIM sign their messages). Here's an example
that extends your example:
$inet_socket_port = [10024,10028]; # listen on multiple TCP ports
# amavis entry socket trigger
$interface_policy{'10028'} = 'BYPASS';
# sender IP trigger
# If the MX for bankofgreece.gr sends the message then also load BYPASS policy
@client_ipaddr_policy = (
[qw( 195.64.172.67 )] => 'BYPASS',
\@mynetworks => 'MYNETS'
# Verified DKIM signature trigger
# If bankofgreece.gr sends a message containing a valid bankofgreece.gr DKIM
# signature
@author_to_policy_bank_maps = ( {
'bankofgreece.gr' => 'BYPASS'
} );
$policy_bank{'BYPASS'} = { # those configured to send mail to port 10028
bypass_virus_checks_maps => [1], # don't virus-check this mail
bypass_spam_checks_maps => [1], # don't spam-check this mail
bypass_banned_checks_maps => [1], # don't banned-check this mail
bypass_header_checks_maps => [1], # don't header-check this mail
};
> In order to use the 'BANK' policy_bank, we would need to listen to e.g.
> 10029 etc...
Nope. ;-)
> If I don't understand right, please correct me.
I did. Was it understandable?
Best,
p@rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
