* Alex <mysqlstud...@gmail.com>:
> I have a fedora37 amavisd system that's processing mail for a handful of
> domains. One of the domains wants more of the bulk email like newsletters
> and mailing lists to be delivered than the rest. How do I do this?
>
> I can create an SA rule that triggers on the "Precedence" header,
> which should probably be enough to get started, but how then do I trigger
> amavisd to use that to allow that mail to be delivered?
>
> It appears policy banks are more for IP addresses, correct? Perhaps I can
Currently policy banks are more source (IP, Port, DKIM) focussed and less
destination driven.
> use @score_sender_maps but I don't know how to do it based on an SA rule or
> something that doesn't depend on knowing the sending domain.
>
> I have amavisd connected to postfix as the default transport. I don't
> entirely understand the connection between $policy_bank, $interface_policy
> and being able to send specific emails to different policies.
Maybe this config example helps:
#############################################################################
## POLICY MAPPING
#
# We are able to identify and route incoming messages via:
#
# - TCP / UNIX-Socket
# - IP-address / IP-range
# - DKIM-authenticated domain / sender
# Assign policy by socket:
$interface_policy{'10024'} = 'SUBMISSION';
$interface_policy{'SOCK'} = 'AM.PDP-SOCK';
$interface_policy{'9998'} = 'AM.PDP-INET';
# Assign policy by IP address / range:
@client_ipaddr_policy = (
[qw( 0.0.0.0/8 127.0.0.1/32 [::] [::1] )] => 'LOCALHOST',
[qw( !172.16.1.0/24 172.16.0.0/12 192.168.0.0/16 )] => 'PRIVATENETS',
[qw( 192.0.2.0/25 192.0.2.129 192.0.2.130 )] => 'PARTNER',
[qw( 212.7.160.0/19 )] => 'SUBMISSION',
\@mynetworks => 'MYNETS'
);
# Assign policy by verified DKIM domain
@author_to_policy_bank_maps = ( {
'state-of-mind.de' => 'WHITELIST,NOBANNEDCHECK,NOVIRUSCHECK',
'.paypal.de' => 'WHITELIST',
'amazon.de' => 'WHITELIST',
} );
#############################################################################
## POLICY BANKS: WHITELIST
#
$policy_bank{'WHITELIST'} = {
bypass_spam_checks_maps => [1],
spam_lovers_maps => [1],
};
#############################################################################
## POLICY BANKS: NOVIRUSCHECK
#
$policy_bank{'NOVIRUSCHECK'} = {
bypass_decode_parts => 1,
bypass_virus_checks_maps => [1],
virus_lovers_maps => [1],
};
#############################################################################
## POLICY BANKS: NOBANNEDCHECK
#
$policy_bank{'NOBANNEDCHECK'} = {
bypass_banned_checks_maps => [1],
banned_files_lovers_maps => [1],
};
#############################################################################
## POLICY BANKS: SUBMISSION
#
$policy_bank{'SUBMISSION'} = {
originating => 1,
bypass_spam_checks_maps => [1],
final_virus_destiny => D_BOUNCE,
final_banned_destiny=> D_PASS,
final_bad_header_destiny => D_PASS,
banned_filename_maps => ['MYNETS-DEFAULT'],
warnbadhsender => 0,
forward_method => 'smtp:127.0.0.1:10025',
notify_method => 'smtp:127.0.0.1:10025',
undecipherable_subject_tag => undef,
};
#############################################################################
## POLICY BANKS: MYNETS
#
$policy_bank{'MYNETS'} = {
originating => 1,
bypass_spam_checks_maps => [1],
final_virus_destiny => D_BOUNCE,
final_banned_destiny=> D_PASS,
final_bad_header_destiny => D_PASS,
banned_filename_maps => ['MYNETS-DEFAULT'],
warnbadhsender => 0,
forward_method => 'smtp:*:*',
notify_method => 'smtp:*:*',
undecipherable_subject_tag => undef,
};
#############################################################################
## POLICY BANKS: AM.PDP
#
$policy_bank{'AM.PDP-INET'} = {
protocol => 'AM.PDP',
inet_acl => [qw( 127.0.0.1 )],
auth_required_release => 0,
};
$policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP',
notify_method => 'smtp:127.0.0.1:10025',
auth_required_release => 0,
};
> If I want to have domain1.com use my DOMAIN1 policy and domain2.com use my
> DOMAIN2 policy, do I need to have separate postfix transports send only
> mail for the respective domains to their respective ports defined by
> $interface_policy?
That's a way to go. Another way would be to feed amavis with per-domain /
per-recipient settings via SQL / LDAP.
p@rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
