On 10/29/10, Zhang Huangbin wrote: > > On Oct 30, 2010, at 2:29 AM, Mark Martinec wrote: > >> In your case the $allow_disclaimers was false. Seems like the >> policy ORIGINATING was not invoked. > > I have below settings in postfix main.cf: > > content_filter = smtp-amavis:[127.0.0.1]:10024 > > In postfix master.cf: > > If i change the port to 10026, it works: > > content_filter = smtp-amavis:[127.0.0.1]:10026 > > What's the difference between port 10024 and 10026?
Changing to content_filter = smtp-amavis:[127.0.0.1]:10026 is a mistake. This is the port you have configured to use the ORIGINATING policy bank. That policy bank is bypassing banned files checks, allowing everyone in the world to send you banned files. Port 10024 is typically the "normal" amavisd-new port. Other ports can be opened and configured to use policy banks. Policy banks are used to override current "normal" settings. You need to send mail from the outside world to port 10024 and mail from your client to port 10026 (or add their IP addresses or network address to @mynetworks as you did at one time). Typically if the clients are not in @mynetworks then you would have remote clients use SMTP AUTH and configure Postfix to send their messages to a policy back (like the ORIGINATING one you configured on port 10026). Here is an example of a snippet from Postfix master.cf where a message submitted to port 587 will use amavisd-new port 10026: submission inet n - - - - smtpd -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o content_filter=smtp-amavis:[127.0.0.1]:10026 Of course this requires that you also set up SMTP AUTH and then have the client change the way their users send mail to you. What objection did you have to adding their network address to @mynetworks and using the MYNETS policy bank? Seems like the simple solution to me and you said it works. If they are relaying all their mail from from a single server then you would only need to add the IP address of their server. -- Gary V ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org