Hi,
> I have the server's IP address (y.y.y.y) in my lists of trusted and internal
> as so:
> trusted_networks xx.xx.xx.xx
> trusted_networks y.y.y.y
> trusted_networks z.z.z.z
>
> internal_networks xx.xx.xx.xx
> internal_networks y.y.y.y
> internal_networks z.z.z.z
>
> I don't see that that made any difference. Shouldn't it have?
No, I don't believe that is its purpose. trusted/internal networks is
intended to define the demarc between you and the outside world to,
for example, know at which point the headers are trustworthy, not to
automatically stop scanning.
Since you're using amavisd, add something like this to your config:
$policy_bank{'TRUSTED'} = {
originating => 1,
bypass_virus_checks_maps => [1],
bypass_spam_checks_maps => [1],
bypass_banned_checks_maps => [1],
bypass_header_checks_maps => [1],
};
Then add the IPs you wish to bypass scanning to your client_ipaddr_policy:
@client_ipaddr_policy = (
[qw( 1.2.3.4/32 )] => 'TRUSTED',
[qw( 5.6.7.8/32 )] => 'TRUSTED',
[qw( 4.3.2.0/24 )] => 'TRUSTED',
);
Restart/reload amavisd or just wait for it to do that itself
periodically. Look up amavisd policy banks for more info.
