Rob,
> I assume when you say there are no semantics you mean it's going to be
> hard to get AM.PDP to give the answers to Postfix I am looking for?
The current code is very simple:
sub postfix_policy($$$) {
my($conn,$msginfo,$attr_ref) = @_;
my(@response);
if ($attr_ref->{'request'} ne 'smtpd_access_policy') {
die("unknown 'request' value: " . $attr_ref->{'request'});
} else {
@response = 'action=DUNNO';
}
@response;
}
It receives a hash %$attr_ref of attribute key/value pairs
exactly as given by Postfix, and returns a list of key/value
response lines as its return value. It its above
implementation it always replies with a single line: action=DUNNO
regardless of what information Postfix provides in its query.
What is missing is your semantics code: check what information
came in, and prepare a suitable response.
You may start experimenting with is as it stands,
it will always reply with action=DUNNO, so it won't
affect the outcome of Postfix restrictions.
Add some arbitrary TCP port number (like 2552) to the $inet_socket_port
list as the only or an additional tcp port number, then associate
a policy bank with it, the mail purpose of it being to specify
a protocol name (in place of a default SMTP protocol):
amavisd.conf:
$inet_socket_port = [2552];
$interface_policy{'2552'} = 'Pf-POLICY';
$policy_bank{'Pf-POLICY'} = {
protocol => 'AM.PDP', # Amavis or Postfix policy delegation protocol
};
Restart amavisd (preferably in debugging mode: amavisd debug )
and check that it works:
$ telnet 127.0.0.1 2552
Connected ...
request=smtpd_access_policy
aaa=bbb
sender=xxx
action=DUNNO
request=smtpd_access_policy
kkk=whatever
lll=1,2,3
mmm=xx
action=DUNNO
^]
telnet> Connection closed.
Check the log:
amavis[37740]: (37740-01) loaded policy bank "Pf-POLICY"
amavis[37740]: (37740-01) policy protocol: aaa=bbb
amavis[37740]: (37740-01) Request: smtpd_access_policy(): : [] <xxx> -> <>
amavis[37740]: (37740-01) TIMING [total 1 ms] - got data: 0 (3%)3, rundown: 1
(97%)100
amavis[37740]: (37740-01) policy protocol: kkk=whatever
amavis[37740]: (37740-01) policy protocol: lll=1,2,3
amavis[37740]: (37740-01) policy protocol: mmm=xx
amavis[37740]: (37740-01) Request: smtpd_access_policy(): : [] <> -> <>
amavis[37740]: (37740-01) TIMING [total 0 ms] - got data: 0 (3%)3, rundown: 0
(97%)100
Now hook it into your Postfix (set: soft_bounce = yes just in case!):
main.cf:
soft_bounce = yes
smtpd_policy_service_max_idle = 3s
smtpd_policy_service_max_ttl = 30s
smtpd_recipient_restrictions =
...
check_policy_service inet:[127.0.0.1]:2552
...
and watch the amavisd log (at $log_level=5), e.g:
amavis[37736]: (37736-15) loaded policy bank "Pf-POLICY"
amavis[37736]: (37736-15) policy protocol:
reverse_client_name=p54ACC4ED.dip0.t-ipconnect.de
amavis[37736]: (37736-15) policy protocol: recipient_count=0
amavis[37736]: (37736-15) policy protocol: instance=9f5f.45b7a488.c9e83.0
amavis[37736]: (37736-15) policy protocol: size=0
amavis[37736]: (37736-15) policy protocol: etrn_domain=
amavis[37736]: (37736-15) policy protocol: sasl_method=
amavis[37736]: (37736-15) policy protocol: sasl_username=
amavis[37736]: (37736-15) policy protocol: sasl_sender=
amavis[37736]: (37736-15) policy protocol: ccert_subject=
amavis[37736]: (37736-15) policy protocol: ccert_issuer=
amavis[37736]: (37736-15) policy protocol: ccert_fingerprint=
amavis[37736]: (37736-15) policy protocol: encryption_protocol=
amavis[37736]: (37736-15) policy protocol: encryption_cipher=
amavis[37736]: (37736-15) policy protocol: encryption_keysize=0
> Do you have any other thoughts as to a solution that would work for me
> and for others or maybe I should just let this go for now.
Now all you need to do is to provide the missing decision-making
in sub postfix_policy :)
You may disable whole code sections in amavisd
which you won't be needing:
amavisd.conf:
@bypass_virus_checks_maps = (1);
@bypass_spam_checks_maps = (1);
@bypass_banned_checks_maps= (1);
$bypass_decode_part = 1;
and provide sufficient number of child processes:
$max_servers = 20;
Verify at amavisd startup that non-needed sections are NOT LOADED.
Although amavisd could handle Posfix policy requests on
one port and the usual content filtering requests on another,
mixing the two would probably not work well, one being
many and leightweight requests, the other being few and
fat requests.
Good luck.
Mark
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
