Le 20/12/2010 17:55, Christian Roessner a écrit :
Yes, that will work fine if you put your check_sender_access rule under
smtpd_data_restrictions.
I am unsure if that works. I thought that check_sender_access only uses the
envelope-from tag.
It is.
So where is the difference between putting it in smtpd_recipient_restrictions
or waiting for the end of the DATA phase?Think, I don't understand :-)
smtpd_recipient_restrictions is called for _every_recipient. so mail is
sent to 3 recipients, a check will apend the header 3 times.
end of data is unique in a transaction.
moreale of the story: do what Noel suggested.
MAIL FROM:<whate...@example.org>
220 OK
RCPT TO:<....> <-- Testing here, if in smtpd_recipient_restrictions
220 OK
RCPT TO:<....> <-- and again, producing the duplicate??
yep.
220 OK
DATA
.<CR><LF> <-- Testing after this point, if in smtpd_data_restrictions. But
does this behave differently then the above?
of course. there is only one DATA command in a transaction. while there
may be many recipients.
So I thought I need a different method and configured header_checks:
# header_checks
if !/^VBR-Info:.*roessner-net(work-solutions)?/
/^From:....@roessner-net\.com/ PREPEND VBR-Info:
md=roessner-net.com; mv=dwl.spamhaus.org; mc=all
/^From:....@roessner-network-solutions\.com/ PREPEND VBR-Info:
md=roessner-network-solutions.com; mv=dwl.spamhaus.org; mc=all
endif
Headers are checked one at a time with no state kept, so the above will never
work. Put your check_sender_access rule in smtpd_data_restrictions.
The rules shown above are for header_checks. That seems to do the trick,
the if part is useless. what you are doing is:
for each header:
if this is not a ^VBR and if it is a ^From, then PREPEND ...
which obviously is the same as
if it is a ^From
in short, you can remove the "if !/^VRB...." and acompanying "endif".
but your rule depends on the presence of a From header, which is the
standard but is not necessarily true. and also, there may be multiple
FRom headers (although this is bad).
anyway, reading your prepend info tells us that you're trying to do
something regarding spamhaus based on the From header. This is most
probably wrong. if you tell us what you're trying to do, we will tell
you why you are wrong ;-p
but I have to add no_header_body_checks to the receive_overide_options in the
return socket. Unfortunately this also disables header checking for incoming
MTA connections. I would need a different return socket for amavis, but I do
not know how to tell amavis in its policy_banks to use a different
forward-/notify-method :-( So this is something I asked on the amavis-users
list right now.
$interface_policy{'12345'} = 'BLAHBLAH';
$policy_bank{'BLAHBLAH'} = {
# forward_method => 'smtp:[127.0.0.1]:10024',
# bypass_spam_checks_maps => [ 1 ],
# bypass_banned_checks_maps => [ 1 ],
# ....
};
