Mark Martinec wrote:
Adam,
How do you use policy banks with the sendmail/amavisd-milter setup?
The new AM.PDP protocol allows the caller to provide a SMTP client's
IP address in an attribute pair like: client_address=10.2.3.4
If the client IP information is provided and @mynetworks_maps is defined,
then the MYNETS policy bank gets selected on mail from our networks,
just like in a Postfix setup.
I know that milter in its call to mlfi_connect provides
client's host name as well as its IP address.
It remains to be seen whether Petr Rehor's amavisd-milter
helper program passes this information to amavisd.
It shouldn't be too much work if it doesn't already do so.
I looked at the code and it seems as if it is:
AMAVISD_REQUEST("client_address", mlfi->mlfi_addr);
The issues I am still trying to find a good solution for are:
- Need a way to bypass all spam checks for mail generated from
127.0.0.1. Automated reports and forwards can sometimes get triggered
as spam. I cannot use soft whitelisting for this because mail is sent
as the users email address for forwards and other things, etc. I know
for a fact that mail generated from 127.0.0.1 will never be spam so it
seems more logical to bypass this by IP.
I'm aware of the problem, but don't know of a good solution.
I hope someone more intimately involved with milter will provide one...
Perhaps a decision based on client's address can be used - a helper
program may decide to complete the request by itself, without
interrogating amavisd.
- Need a way to bypass mail from certain hosts that are known to trigger
as spam and I never want to check spam from.
My planned course could cover that, provided a client's IP address is
available.
It would be nice to be able to bypass spam checking by IP without
needing policy banks. Setting up policy banks just to bypass spam
checks for some hosts seems like a lot of complexity for what I think is
a common need.
Well, I don't think the following is excessively complicated:
@mynetworks = qw(127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 ...);
$policy_bank{'MYNETS'} = {
bypass_spam_checks_maps => [1],
}
Since it seems as client_address is getting set then would I just need
to set the above and not set interface_policy since milter config is not
based on ports?
This would solve most of my issues if this works. Most of the bypassing
needs to be done for hosts that I control(I will list 127.0.0.1 too).
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
