Re: [AMaViS-user] @mynetworks_maps question

Wed, 12 Jan 2011 08:50:57 -0800 

Peter,

> I need to clarify the use of @mynetworks.
> I have a list of ip-addr of servers on my internal network which are
> allowed to use my gateway to send out mail. This is a very restricted set
> of servers. This is defined in  a MySql Table used by postfix, and
> whenever postfix is started I create a flat file with this info readable
> by amavisd-new like:
> 
> @mynetworks_maps =
>   (read_hash('/usr/local/etc/mxgw/postfix/mynetworks'), \...@mynetworks);
> 
> And then expect that only IP adresses defined here will be treated as local
> in the following MYNETS policy bank:
> 
> $policy_bank{'MYNETS'} = {  # mail originating from @mynetworks
>    originating => 1,  # is true in MYNETS by deflt, but let's make it
> explicit terminate_dsn_on_notify_success => 0,
>    spam_kill_level_maps => 6.9,
>    spam_subject_tag2_maps => ["***SPAM ORIGINATED FROM LOCAL*** "],
>    virus_admin_maps => ["masp...@sdu.dk"], # alert of internal viruses
>    spam_admin_maps  => ["masp...@sdu.dk"],  # alert of internal spam
>    warnbadhsender => 1,  # warn local senders about their broken MUA
>    spam_quarantine_cutoff_level_maps => $sa_tag2_level_deflt ,
> };
> 
> But this is not the case- What am I overlooking ?

What syntax are you using in the file read by read_hash() ?

I guess you problem is there. The hash-type lookup for IP addresses
is rather limited (only allows classful entries, no net size mask).

You would do better by using a read_array(), which produces an
ACL-type lookup table, which can handle CIDR syntax and IPv6 subnets.

E.g.:

@mynetworks_maps = (read_array('...'), \...@mynetworks);

Where a file could look like:

0.0.0.0/8
127.0.0.0/8
[::1]
[FE80::]/10
[FEC0::]/10
169.254.0.0/16
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

This is quite effective, as it keeps entries in a pre-parsed form.

See README.lookups, section 'ACL FOR IP ADDRESSES'.


   Mark

------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/amavis-user 
 Please visit http://www.ijs.si/software/amavisd/ regularly
 For administrativa requests please send email to rainer at openantivirus dot 
org

Reply via email to