Good Morning,
I have a question regarding Mail Relay that I haven't been able to find
much clarity on.
Scenario:
I have a postfix machine with (clamav-milter) and spamassassin
(non-milter) installed. The machine serves as a relay / front-end to an
exchange server.
If an email comes in (via a trusted domain or ip address) it is
processed via the milters. Is there a way to bypass milter processing
for emails coming from specific domains / ips? I would assume that
placing a "trusted" ip for a sender into mynetworks would do it, but
would an entry in $mynetworks bypass milters? While placing an IP in
$mynetworks might work, I don't think that's the correct solution due to
relay security. I'd like to accept email from these "hosts / ips / ips
with cidr" without traversing the milter(s).
Basically, here's what I'm looking for:
Regular Mail from Untrusted IP: Client Mailserver ----> My Postfix
Relay -----> (my milter) -------> If pass, then relay to Exchange server.
Mail from Trusted IP / Host / IP w CIDR: Client Mailserver -------->
My Postfix Relay ------> (no milter processing) -------> Direct to
Exchange Server.
I've been reading the documentation and searching for a solution, but
can't seem to find a succinct answer.
Cheers and TIA.
-PK
my main.cf looks like this:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = myrelay.mydomain.com
mydomain = mydomain.com
myorigin = $mydomain
inet_interfaces = all
mydestination =
local_recipient_maps =
unknown_local_recipient_reject_code = 550
mynetworks = x.x.x.x, x.x.x.x ,127.0.0.1
relay_domains = $mydomain some.other.domain one.other.domain
message_size_limit = 20485760
smtpd_helo_required = yes
disable_vrfy_command = yes
transport_maps = hash:/etc/postfix/transport
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_milters = unix:/var/run/clamav/clamav-milter.sock
milter_default_action = accept
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client
b.barracudacentral.org, reject_rbl_client sbl.spamhaus.org,
reject_rbl_client xbl.spamhaus.org, reject_rbl_client
tor.dnsbl.sectoor.de, reject_rbl_client new.spam.dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net
body_checks = regexp:/etc/postfix/body_checks
header_checks = regexp:/etc/postfix/header_checks
default_destination_concurrency_limit = 100
transport_destination_concurrency_limit = 100
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
