On 11.11.23 10:55, Dino Edwards wrote:
to be more precise: OpenDMARC running as milter only sees output from
milters applied before it.

Milter is run pre-queue and content_filter is run after queue, so opendmarc
does not see that amavis produced, because it was added later.

If you used amavisd-milter at SMTP port, opendmarc could see its output.

I run amavisd-milter at SMTP port, so it can reject spam/viruses
immediately and amavis as content-filter by default (local and trusted
submission).

So it looks like I can run amavis as content_filter AND milter. This sounds
like a good solution. Do you mind sharing your postfix config for amavis
milter? I'm assuming I need a separate program called amavis-milter?

amavisd config - Debian's /etc/amavis/conf.d/50-user

$final_virus_destiny            = D_REJECT;
$final_banned_destiny           = D_REJECT;
$final_spam_destiny             = D_PASS;

$interface_policy{'SOCK'} = 'AM.PDP-SOCK';      # milter
$policy_bank{'AM.PDP-SOCK'} = {
        protocol => 'AM.PDP',   # select Amavis policy delegation protocol
        spam_kill_level_maps    => 10,
        final_spam_destiny      => D_REJECT,
        final_virus_destiny     => D_REJECT,
        final_banned_destiny    => D_REJECT,
};


I have experimented with final_*_destiny
- D_REJECT in content_filter causes bouce back to sender which should be safe with local senders. - D_BOUNCE Does the same but it's amavis who creates the notification. Perhaps it'd be better.

main.cf:

content_filter=amavisfeed:[127.0.0.1]:10024

master.cf:

smtp      inet  n       -       y       -       1       postscreen
smtpd     pass  -       -       y       -       -       smtpd
  -o content_filter=
  -o smtpd_milters=unix:/amavis/amavisd-milter.sock


Where 'amavisfeed' and '127.0.0.1:10025' are set up according to amavisd-new README.Postfix (lmtp version)

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95

Reply via email to