> One thing that I can do after I have separated traffic originating
> inside my network, from the other traffic passing through my mail
> gateway, is to stop to analyse that traffic agaist viruses.
>
> Indeed, I then realized that I would like to continue to scan email
> originating from my network and destined still to my network.
>
> A policy compliant with the my aim could be to omit virus scanning
> for outbound messages.
|> The idea is to present a bypass_virus_checks='N' for all local
|> domains, and provide a default of a yes for the rest (either by
|> an SQL record or by a statical default).
> So,
>
> $sql_clause{'sel_policy'} = \$sql_select_policy;
This assignment isn't necesary in a config file, it is already done at
amavisd initialization time.
> $sql_select_policy = "select policy.virus_lover as virus_lover from
> (SELECT 1 as virus_lover, domain FROM domain where active=1 and domain
> in (%k)) as policy left join domain on (policy.domain=domain.domain)";
>
> Could be ok?
>
> PS: The query returns:
> +-------------+
> | virus_lover |
> +-------------+
> | 1 |
> +-------------+
> If domain is local and
>
> +-------------+
> | virus_lover |
> +-------------+
> Otherwise.
Don't you want just the opposite? You said you wanted all outbound mail
to pass without virus checking, which means your local domains (inbound
or internal-to-internal mail) need a virus_lover false, and everybody else
(outbound) needs a true,
|> Also table names do not matter.
> $sql_select_policy = "select policy.virus_lover as virus_lover from
As mentioned, table names in the final result do not matter (DBI module
strips them off, returning only bare field names), so the above AS alias
is unnecessary, a "SELECT virus_lover FROM ..." suffices.
So now we have a:
SELECT virus_lover FROM
( SELECT 0 as virus_lover, domain
FROM domain WHERE active=1 AND domain IN (%k)
) AS policy
LEFT JOIN domain ON (policy.domain=domain.domain)
As you are not interested in other fields being returned, I don't
see a need for a LEFT JOIN domain. It appears to me that a simple
select would do the job as well:
SELECT 0 as virus_lover FROM domain WHERE active=1 AND domain IN (%k)
Now what is still needed is to return a true for a virus_lover
for everybody else. It could be done by a SQL (a wildcard record for
a domain '@.'), but in this particular case it is simpler to do without
a catchall record and just use a statical lookup table as a fallback,
e.g.
push(@virus_lovers_maps, 1);
or the old style, if you prefer:
%virus_lovers = ('.' => 1);
Btw, I assume your SQL table 'domain' really contains only domain names
and not also some individual full email addresses, as otherwise you'd
need to introduce a priority filed and sort on it.
Make sure to have the $sql_lookups_no_at_means_domain set correctly:
release notes:
- added global configuration variables $sql_lookups_no_at_means_domain and
$ldap_lookups_no_at_means_domain, both false by default. They control
whether a database mail address field with no '@' character represents
a local username, or a domain name. By default (value false) it indicates
a username in SQL and LDAP lookups (but represents a domain in hash and
acl lookups), so domain names in SQL and LDAP should be specified as
'@domain'. Setting these to true will cause 'xxx' to be interpreted as
a domain name, just like in hash or acl lookups, which may facilitate
interoperability with databases from other applications;
Set it to true:
$sql_lookups_no_at_means_domain = 1;
if your domains in SQL table look like 'example.com' or '.example.com'.
Set it to false (or leave at a default), if your domains in SQL table
look like '@example.com' or '@.example.com'.
Mark
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
