post...@corwyn.net schrieb: > At 03:29 PM 2/14/2009, mouss wrote: >> I didn't test this, but in principle, amavisd-new only "tags" mail if >> the recipient is in a "local" domain. did you abuse @local_domains_maps >> (or one of the alternative ways to declare local domains)? > > Good call. I have local_domain_maps = ( 1 ) based on some other feedback > to fix some other problem (it wasn't flagging / checking mail to some of > the domains that the mail server hosted). I'll guess that instead I need > to enter all the domains here based on your described behavior. > > I've been testing having all the mail domains that the server hosts in > that map file, and it appears to all be working as defined. Thanks for > your assistance! > > Is there a way to get amavisd to read/know my local_domain_maps from > postfix (which is hosting multiple wildly different virtual domains) > somewhere so that this updates dynamically? I searched around for a > while, and that seemed like a complex undertaking. If my domains were > hashed it'd be one thing, but they're all in mysql. > >> See >> http://www.ijs.si/software/amavisd/amavisd-new-docs.html > > Thanks! that's really helpful. > >> Note that you can disable filtering for outbound mail. if this is what >> you want > > I'd like to avoid that, but if that's what it takes for a fully dynamic > config I might have to end up there anyway. Right now adding a new > domain is a matter of adding it in postfixadmin (and updating MX). I'd > rather be able to update the maps file (above) dynamically, since I'd > rather filter my outbound mail, but I might go that way if there's no > other recourse. > > Rick > PS But I'm filing those notes away for future reference! >
Hi you might consider, using spamass-milter and clamav-milter instead of using amavis spamass-milter ( with a patch from cvs ) can be configured not to scan outbound with sasl authed clients or by ip after all this makes you loose spam scanning from authed clients to other hosted maildomains on the same server in a multidomain setup, read postfix docs about milters, they may have perfomance problems in with really big mailsetups ( i dont have some wtih 3000 Mailboxes on one server ) what really sexy on these milter is , you may reject virus on smtp income level, and reject spam at smtp income level by reaching choosable spam level. spamassmilter asks spamd which might be configured to use configs in mysql which makes it possible for users to chosse their own blacklist,whitelist settings from i. horde imp webmail or squirrelmail but for sure equal can be done with amavis the most difference between the mitler soltution and amavis is that milters are before queue, amavis is typical after queue and can use more antivirus solutions at once and has more possibilties to fine setup about quarantaine etc but therefor its config growed over the years very big, with milters every milter has its own config which might be more easy to setup ( but thats a question of taste ) other solution with amavis bypass outbound are descriped here http://www200.pair.com/mecham/spam/bypassing.html i use something like --snip # In main.cf: smtpd_data_restrictions = reject_unauth_pipelining permit_sasl_authenticated check_client_access regexp:/etc/postfix/add_auth_header.regexp # In /etc/postfix/add_auth_header.regexp: /^/ PREPEND X-SMTP-Auth: no # In SpamAssassin's local.cf: header __NO_SMTP_AUTH X-SMTP-Auth =~ /^no$/m meta SMTP_AUTH !__NO_SMTP_AUTH describe SMTP_AUTH Message sent using SMTP Authentication tflags SMTP_AUTH nice score SMTP_AUTH -10 I suggest you do not use X-SMTP-Auth literally. I would obscure this by using a X-something-else header name of your choice, and if you have more than one machine, I suggest using something different on each. In order to prevent confusion (the header would end up getting written again after the message was processed by amavisd-new), you should override smtpd_data_restrictions on the amavisd-new reinjection port. In master.cf add -o smtpd_data_restrictions= 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o smtpd_data_restrictions= [other typical amavisd-new reinjection port overrides] all versions have their pros and contras so you may chosse what best fits to your needs try google this was discussed many times before i think the best way which is tec rightly is instruct mailusers to use the submission port, which was recommended before, unfourtunally i have learned this pulls up support questions as many users are totaly lost in configure their mail clients even if there is a guide well pictured faq side with descriptions for mostly used mailclients -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
