I have similar setup. I too see these statements in amavis log messages that it is RelayedOpenRelay but in fact with my setup it is not. I think amavis is just warning you that you *may* have an open relay. You should have postfix set so that it is not an open relay, of course, and I don't think amavis is the best way to do this.
I use a whitelist with amavis: I have a file /etc/amavis/whitelist which contains on each line either a comment (starting with hash #), a full email address or just a domain, and then in /etc/amavis/conf.d/50-user I have lines like this: # whitelist some senders to save time and avoid false positives # - you can list full addresses or domains, one per line # idea from http://www.iredmail.org/forum/topic4681-iredmail-support-solved-how-to-bypass-amavisd-for-some-senders.html # This policy will perform virus checks only. read_hash(\%whitelist_sender, '/etc/amavis/whitelist'); @whitelist_sender_maps = (\%whitelist_sender); $interface_policy{'10026'} = 'VIRUSONLY'; $policy_bank{'VIRUSONLY'} = { bypass_spam_checks_maps => ['@whitelist_sender_maps'], # don't spam-check this mail bypass_banned_checks_maps => ['@whitelist_sender_maps'], # don't banned-check this mail bypass_header_checks_maps => ['@whitelist_sender_maps'], # don't header-check this mail }; The idea is that all mails will still be passed to amavis which will submit them for virus check, but whitelisted sender address will not be checked for other things. As far as I can tell this is working fine, although I am *not* an amavis expert. Other suggestions welcome. Dominic On 11 December 2016 at 06:24, Asif Iqbal <vad...@gmail.com> wrote: > I am running amavid-new with postfix and I like to skip content filter for > senders with domain example.com > > I do have amavisd-new setup with postfix like this where amavisd is setup as > the content_filter globally like below > > # cat /etc/postfix/main.cf > > ... > content_filter = amavisfeed:[127.0.0.1]:10024 > ... > > # cat /etc/postfix/master.cf > ... > > amavisfeed unix - - n - 2 lmtp > -o lmtp_data_done_timeout=1200 > -o lmtp_send_xforward_command=yes > -o disable_dns_lookups=yes > -o max_use=20 > > 127.0.0.1:10025 inet n - n - - smtpd > -o content_filter= > -o smtpd_delay_reject=no > -o smtpd_client_restrictions=permit_mynetworks,reject > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions=permit_mynetworks,reject > -o smtpd_data_restrictions=reject_unauth_pipelining > -o smtpd_end_of_data_restrictions= > -o smtpd_restriction_classes= > -o mynetworks=127.0.0.0/8 > -o smtpd_error_sleep_time=0 > -o smtpd_soft_error_limit=1001 > -o smtpd_hard_error_limit=1000 > -o smtpd_client_connection_count_limit=0 > -o smtpd_client_connection_rate_limit=0 > -o > receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings > -o local_header_rewrite_clients= > -o smtpd_milters= > -o local_recipient_maps= > -o relay_recipient_maps= > > # netstat -tunlp | grep 10024 > tcp 0 0 127.0.0.1:10024 0.0.0.0:* > LISTEN 26131/amavisd (mast > tcp 0 0 ::1:10024 :::* > LISTEN 26131/amavisd (mast > > # netstat -tunlp | grep 10025 > tcp 0 0 127.0.0.1:10025 0.0.0.0:* > LISTEN 28242/smtpd > > # ps -ef | grep 26131 > amavis 26131 1 0 05:49 ? 00:00:02 /usr/sbin/amavisd (master) > amavis 28157 26131 0 14:22 ? 00:00:01 /usr/sbin/amavisd > (ch6-28157-06-3) > amavis 28322 26131 4 14:27 ? 00:00:06 /usr/sbin/amavisd > (ch5-28322-05-7) > > # ps -ef | grep 28242 > postfix 28242 29732 0 14:25 ? 00:00:00 smtpd -n 127.0.0.1:10025 -t > inet -u -o content_filter= -o smtpd_delay_reject=no -o > smtpd_client_restrictions=permit_mynetworks,reject -o > smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o > smtpd_recipient_restrictions=permit_mynetworks,reject -o > smtpd_data_restrictions=reject_unauth_pipelining -o > smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o > mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o > smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o > smtpd_client_connection_count_limit=0 -o > smtpd_client_connection_rate_limit=0 -o > receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings > -o local_header_rewrite_clients= -o smtpd_milters= -o local_recipient_maps= > -o relay_recipient_maps= > > > And in amavisd.conf file I am using whitelist domains and email addresses > like below > > # cat /etc/amavisd/amavisd.conf > > ... > > read_hash(\%whitelist_sender, '/etc/amavisd/whitelist'); > @whitelist_sender_maps = (\%whitelist_sender); > ... > > $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our > users > originating => 1, # declare that mail was submitted by our smtp client > allow_disclaimers => 1, # enables disclaimer insertion if available > # notify administrator of locally originating malware > virus_admin_maps => ["virusalert\@$mydomain"], > spam_admin_maps => ["virusalert\@$mydomain"], > warnbadhsender => 1, > # forward to a smtpd service providing DKIM signing service > forward_method => 'smtp:[127.0.0.1]:10027', > # force MTA conversion to 7-bit (e.g. before DKIM signing) > smtpd_discard_ehlo_keywords => ['8BITMIME'], > bypass_spam_checks_maps => ['@whitelist_sender_maps'], # don't spam-check > this mail > bypass_banned_checks_maps => ['@whitelist_sender_maps'], # was [1] allow > sending any file names and types > bypass_header_checks_maps => ['@whitelist_sender_maps'], # don't > header-check this mail > terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS > option > }; > > ... > > # cat /etc/amavisd/whitelist > h...@example.com > eample.net > > > How do I make sure it is working? After I configured like below, I restarted > amavisd and postfix and I am seeing a lot of > ``RelayedOpenRelay'' like below.. > > > Dec 11 01:10:02 myhost amavis[12264]: (12264-08) Passed CLEAN > {RelayedOpenRelay}, [192.168.0.220]:51381 [192.168.0.220] <f...@example2.net> > -> <b...@juniper.net>, Message-ID: <20161211061002.7cdf95f...@example3.net>, > mail_id: jTfE0zqJExAe, Hits: -1.899, size: 1920, queued_as: EB9F49ED41, 440 > ms > > I have not used amavisd with postfix like this before and please let me know > how I can achieve > > whitelisting some of the sender addresses and sender domains and not making > the mail server an openrelay. > > > Thanks for your help! > > > > > > > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? >