> > In this context what does "client" mean? So far I thought it is the > > MTA that passes mail to check to amavisd-new. However it seems that > > Postfix somehow forwards the address of its SMTP client and amavisd > > select policy bank upon this information. > > Indeed, it is the IP address of a sending host, passed by Postfix > to amavisd via XFORWARD command in the SMTP protocol.
Thanks for the clarification. However it is ambigous a bit yet. Let's assume the following scenario: User send mail from hostA. HostA passes mail to next MTA, hostB. HostB ask amavisd on hostC to check mail. In this case which host is "client"? HostA or hostB? In the logs one can find address of both. (%e and %a) > > I have more than one MTAs using a common spamfilter infrastructure. > > Is there any way to configure amavisd to choose policy bank by > > address of these MTAs or I have to make this decision on > > port number? (When every MTA sends mail on different ports of course). > > True, you'd need to associate policy banks with port numbers > and let each MTA submit to amavisd on a different port number, > if you need to distinguish between them. It would be possible > to achieve similar through custom hooks, but unless you have > very many MTAs, the port-per-MTA approach is the simplest. Yes, this afternoon I reconfigured amavisd and worked well. Then - understandig the "client IP address concept" - I tried to solve the last week problem with multiple scans of the same mail. I thought I set up an other policy bank with several bypass_* config variables. @client_ipaddr_policy= ( [qw( <MTA1_IPV4> [<MTA1_IPV6>] <MTA2_IPV4> [<MTA2_IPV6>] )] => 'TRUSTED', \...@mynetworks=> 'MYNETS', ); $policy_bank{TRUSTED} = { bypass_banned_checks_maps => [ 1 ], bypass_spam_checks_maps => [ 1 ], bypass_virus_checks_maps => [ 1 ], bypass_header_checks_maps => [ 1 ], }; My test mails from MTA0 went through MTA1, MTA2, and MTA1 again and back to MTA0. MTA1 and MTA2 are configured to use service of amavisd. Amavisd received them 3 times. I expected that effective scan will be done at first time only because when MTAs receive message from each other the partner's address will be found in @client_ipaddr_policy. However the result is: scan, scan, no scan. That is quite strange. Rough log entries: ...Passed CLEAN [IPv6:<MTA0_IPV6>] [IPv6:<MTA0_IPV6>] <My address> -> <Mailing list address>, ..., Hits: -3.107,... 3027 ms ...Passed CLEAN, NO_DSN [<MTA1_IPV6>] [IPv6:<MTA0_IPV6>] <My address> -> <Mailing list address>, ..., Hits: -1.307,... 2325 ms ...Passed CLEAN, TRUSTED [IPv6:MTA2_IPv6] [IPv6:<MTA0_IPV6>] <List-bounce address> -> <My address>, ..., Hits: -,... 199 ms Note that "IPV6:" prefix is missing from the second entry. NO_DSN is name of a port based policy bank. As far as I can understand both address and port based policy may be in effect at the same time. However TRUSTED is ineffective at the second step. I have no idea. Any advice will be appreciated. :-) Gabor ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org