Gary V wrote the following on 5/10/2007 2:31 PM -0800: > Bill wrote: > > >> Gary V wrote the following on 5/10/2007 2:21 PM -0800: >> >>> Bill wrote: >>> >>> >>> >>>> mouss wrote the following on 5/10/2007 1:26 PM -0800: >>>> >>>> >>>>> it is recommended to pass outbound mail through a virus checker. one way >>>>> to do this is to tell amavisd-new to listen on two ports (10024 and >>>>> 10586 for instance) and use >>>>> ... FILTER amavis:[127.0.0.1]:10586 >>>>> for outbound mail (mynetworks and if user was authenticated): >>>>> >>>>> smtpd_recipient_restrictions = >>>>> ... >>>>> check_client_access pcre:/etc/postfix/filter_outbound >>>>> permit_mynetworks >>>>> permit_sasl_authenticated >>>>> check_client_access pcre:/etc/postfix/filter_inbound >>>>> reject_unauth_destination >>>>> .. >>>>> >>>>> filter_outbound: >>>>> /./ FILTER amavis:[1027.0.0.1]:10586 >>>>> >>>>> filter_inbound: >>>>> /./ FILTER amavis:[127.0.0.1]:10024 >>>>> >>>>> >>>>> >>>> I can see how this will work fine for outbound mail from networks listed >>>> in "mynetworks"; however, what is to prevent inbound mail from being >>>> virus scanned twice, once by each filter? >>>> >>>> >>> The last one used wins. >>> >>> >>> >> Yep, so either inbound mail gets processed by just the first content >> filter (in which case we are an open relay) or it gets processed by both >> (not a good use of resources). So which is it? >> > > >> Bill >> > > FILTER results in DUNNO. The message is not sent to the FILTER at that > point, FILTER overrides the transport. The message is not transported > anywhere until it is accepted - queued. >
Rules are processed top down. Since everything will match /./ in the first filter rule, everything will be sent to the first "amavis:[1027.0.0.1]:10586" content_filter. Unless some post content_filter filtering is being done, nothing ever gets past the first filter, and everything only gets virus scanned and relayed. If I am totally misunderstanding this, then please explain how anything ever get past "check_client_access pcre:/etc/postfix/filter_outbound" in the smtpd_recipient_restrictions? If that's the end of processing, then we are in trouble. Bill ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
