Christian, > > So, the 'originating' flag must be set. It can be set implicitly > > through @mynetworks, which you said you have at: > > > > @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 > > 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); > > These nets are locally. But local means virtual servers. In fact my > server is a root-server in the internet and all clients are connecting > from remote.
So, either extend your list @mynetworks if you do know which networks your clients are in, or use some other mechanism to turn on a policy bank with 'originating' flag set. > I do not know how to tell amavis that a postfix user _was_ sasl > authenticated. See this header: [...] > Even postfix is writing authenticated-header fields, but it seems amavis > does not care about these. No, amavisd does not care about these header fields. See examples in the docs on a DKIM setup, which demonstrate how to turn on 'originating' flag for authenticated users. The setup is suitable for your needs too: http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim-postfix-dual-path The trick is to let a MTA feed authenticated mail to amavisd on a different port from the rest of the mail. A policy bank on that port then turns on the 'originating' flag, which is what you need. Mark ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/