Jeff,
On 7/27/2009 1:32 PM, Jeff Grossman wrote:
> I am running Postfix 2.6.2 and Amavis 2.6.4 together. Everything is
> running smoothly except for one problem. When a user connects remotely and
> sends a message, I get the following line in my amavis-logwatch output:
>
> 1 *Warning: Security risk
> -----------------------------------------------------------------
> 1 Open relay? Nonlocal recips but not originating: recip1
>
> I have asked about this on the Logwatcher mailing list, but I was told it
> was an Amavis configuration problem. What setting do I either have
> incorrect or not have at all to remove this error from the amavis-logwatch
> output?
>
I saw your post, but had believed it was answered to your satisfaction,
so didn't contribute anything.
Here's the basic idea, as others have mentioned.
You want something similar to the submission service listed below in
postfix's master.cf file (note the content_filter setting and port
number of 10026):
master.cf:
submission inet n - n - - smtpd
-o content_filter=lmtp-amavis:[127.0.0.1]:10026
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_auth_only=yes
-o smtpd_sasl_auth_enable=yes
-o broken_sasl_auth_clients=yes
-o receive_override_options=no_header_body_checks,no_address_mappings
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
Now, in amavis's configuration file amavisd.conf, you'd want a matching
policy bank entry with listener (note the additional 10026 listening
port in $inet_socket_port):
amavsid.conf:
# listen on multiple TCP ports
$inet_socket_port = [10024,10026];
$interface_policy{'10026'} = 'ORIGINATING';
# mail supposedly originating from our users
$policy_bank{'ORIGINATING'} = {
# declare that mail was submitted by our smtp client
originating => 1,
# enables disclaimer insertion if available
# allow_disclaimers => 1,
# avoids loading MYNETS policy unnecessarily
mynetworks_maps => [],
# don't spam scan
bypass_spam_checks_maps => [1],
# allow sending any file names and types
bypass_banned_checks_maps => [1],
# don't check headers
bypass_header_checks_maps => [1],
# notify administrator of locally originating malware
virus_admin_maps => ["virusale...@$mydomain"],
spam_admin_maps => ["virusale...@$mydomain"],
warnbadhsender => 1,
# don't remove NOTIFY=SUCCESS option
terminate_dsn_on_notify_success => 0,
# don't query p0f
os_fingerprint_method => undef,
};
With these settings, the mail submitted by your users will traverse one
route while your general service takes the existing route. The
'originating' flag will be set, and amavis will consider mail from your
local users as local mail. Tailor to suit your needs.
See also:
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks-ex
Mike
> Thanks for any help you can offer me.
>
> Jeff
>
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
