Re: [AMaViS-user] long list of mynetworks

Fri, 16 Jan 2009 16:47:21 -0800 

rosca,

> > You must not forget that a message can have more than one recipient,
> > so a message could be both internal-to-internal and outbound
> > at the same time. It is dangerous (and usually incorrect)
> > to tack a FILTER in a check_recipient_access, because these
> > rules are run multiple times (for each recipient), and only
> > the last FILTER setting remains in place. So the resulting
> > FILTER would depend on what was the last recipient specified
> > (internal or external).
>
> Infact! I left out this aspect! Indeed, a policy compliant with the my aim
> could be to omit virus scanning for outbound messages. In the sense that,
> if a message is either internal-to-internal and outbound then the message
> would be scanned as well.
>
> How could obtain this?
> Moreover, where is a suitable place where to perform recipient checking?

As a general rule, per-recipient settings require the use of @*_maps
lookups (like: a mail destination being local or not),
while settings which depend on a property of a message as a whole
(like a sender address, client IP address / origin of mail) are best
dealt-with through policy banks, selected with a help of a MTA.

So, to control virus or spam scanning based on mail destination,
use @bypass_*_checks_maps and/or @*_lovers_maps.

If you need to control all three possibilities, you need to
combine @*_maps with a policy bank:

originating  recip. is local
      0             0                    can't happen (open relay)
      0             1                    inbound
      1             0                    outbound
      1             1                    internal-to-internal


# a global setting, can be overridden by a policy bank,
# so in this case will apply only to inbound mail
#
@bypass_virus_checks_maps = ();   # actually is a default, just illustrating

# mail originating from our users, override global settings
#
$policy_bank{'ORIGINATING'} = {
  originating => 1,
  bypass_virus_checks_maps => [
    { '.mydomain1.org' => 0,  # do not skip check for local rcpts (int-to-int)
       '.mydomain2.org' => 0,
       '.' => 1,  # skip the check for everybody else (outbound)
    } ],
};


Mark


------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/amavis-user 
 AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 
 AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to