Re: [AMaViS-user] Open relay? Nonlocal recips but, not originating:
Hello Mark,
the mailclients are connecting through the internet to my smtp on
server-ip1 and server-ip2.
The following rule is in my main.cf:
smtpd_recipient_restrictions = permit_mynetworks,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
permit_sasl_authenticated,
reject_unlisted_recipient,
permit_auth_destination,
reject_unauth_destination
No other local host is sending mail, I have only one server.
Postfix is listening on two ports.
Postfix send mails to amavis on port 10024 for taganddeliver, and on
port 10025 for reject.
Amavis receives the mail on port 10024 and 10025, and give it back to
postfix on port 10030.
In my amavisd.conf is the following line:
@local_domains_maps = ( [".$mydomain","localhost"],
read_hash("/etc/postfix/virtual_domains") );
In my virtual_domains are all my virtual domains, for that postfix
receives mails.
My meaning is, amavis gives back the mail on port 10030 and sets the
flag originating.
Is this wrong?
regards Ralf
Mark Martinec schrieb:
> Ralf,
>
>> logwatch reports me a lot of lines like this:
>> Open relay? Nonlocal recips but, not originating.
>> I have found a howto to avoid this.
>> I have added the following lines to amavis.conf:
>> -
>> @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 Server-IP1
>> Server-IP2 );
>> $policy_bank{'MYNETS'} = { originating => 1,
>>os_fingerprint_method => undef,
>> };
>> $interface_policy{'10030'} = 'ORIGINATING';
>>originating => 1, # declare that mail was submitted by our smtp client
>> };
>> ---
>> But the lines are still in my maillog.
>> What I am doing wrong?
>
> Are all your mail clients really just on hosts Server-IP1 and Server-IP2 ?
> No other local host sending any mail? Is mail from other authenticated
> clients really directed by Postfix to amavisd on port 10030?
>
> Providing you get the 'originating' side right, it is also possible
> that you didn't list all your local domains in @local_domains_maps .
>
> Mark
>
> --
> Come build with us! The BlackBerry® Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9-12, 2009. Register now!
> http://p.sf.net/sfu/devconf
> ___
> AMaViS-user mailing list
> AMaViS-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/amavis-user
> AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
> AMaViS-HowTos:http://www.amavis.org/howto/
--
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Open relay? Nonlocal recips but, not originating:
Hello,
logwatch reports me a lot of lines like this:
Open relay? Nonlocal recips but, not originating.
I have found a howto to avoid this.
I have added the following lines to amavis.conf:
-
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 Server-IP1
Server-IP2 );
$policy_bank{'MYNETS'} = { originating => 1,
os_fingerprint_method => undef, # don't query p0f for internal clients
};
#An alternative is if postfix relays it to port 10026 it is flagged as
#originating=1 and you won't get the log message.
#http://lists.mikecappella.com/pipermail/logreporters/2009-July/000166.html
$interface_policy{'10030'} = 'ORIGINATING';
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 1, # enables disclaimer insertion if available
---
But the lines are still in my maillog.
What I am doing wrong?
with kind regards
Ralf
--
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] INFO: dot-stuffing error (only one leading dot)
Hello Mark,
I think this is spam.
Can I turn off the messages, or change amavisd to avoid this messages?
regards
Ralf
Mark Martinec schrieb:
> Ralf,
>
>> logwatch reports the following warnings:
>> INFO: dot-stuffing error (only one leading dot): .MsoChpDefault\r\n
>> INFO: dot-stuffing error (only one leading dot): .headerTop{background-
> color:#fdfdf...
>> INFO: dot-stuffing error (only one leading dot): .style1{\r\n
>>
>> Does anybody knows, what is the reason?
>> I ask google, but I have no answers found.
>
> For explanation on what dot-stuffing means
> in the SMTP protocol see RFC 2821, section "4.5.2 Transparency".
>
> Something is feeding invalid SMTP data to amavisd,
> forgetting to duplicated leading dots in the DATA transfer section.
>
> Mark
>
> --
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> ___
> AMaViS-user mailing list
> AMaViS-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/amavis-user
> AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
> AMaViS-HowTos:http://www.amavis.org/howto/
--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] INFO: dot-stuffing error (only one leading dot)
Hello,
logwatch reports the following warnings:
INFO: dot-stuffing error (only one leading dot): .MsoChpDefault\r\n
9 INFO: dot-stuffing error (only one leading dot):
.headerTop{background-color:#fdfdf...
4 INFO: dot-stuffing error (only one leading dot): .style1
{\r\n
Does anybody knows, what is the reason?
I ask google, but I have no answers found.
with kind regards
Ralf
--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] policy banks
Hello, is it possible with amavis to load different policy banks, depend on recipient-domains? Example: if a mail arrives for user t...@domain1.com amavis loads the policy bank for reject. If a mail arrives for mar...@domain1.com amavis loads the policy bank for taganddeliver. greetings ralf -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Not calling virus scanners
Hello Marc, I saw the mailbody is empty. # Charging 0 bytes # Thanks for your help. greetings Ralf Mark Martinec schrieb: > Ralf, > >> can anybody tell me, what it means in maillog: >> Not calling virus scanners, no files to scan in >> /var/amavis/tmp/amavis-20090109T133445-26255/parts >> I have nothing found by google. > > Either the mail body was (mostly) empty, > or decoding has screwed up somehow. > > Examine the message. It it doesn't look empty, > check the log at elevated $log_level. > > Mark > > -- > Check out the new SourceForge.net Marketplace. > It is the best place to buy or sell services for > just about anything Open Source. > http://p.sf.net/sfu/Xq1LFB > ___ > AMaViS-user mailing list > AMaViS-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Not calling virus scanners
Hello Mark, thanks a lot. I will do this, and give report. By the way, then a mail is given from postfix zu amavisd-new. Checks clamav the mail first, or spamassassin? Is amavis calling clamav first, or spamassassin? greetings Ralf Mark Martinec schrieb: > Ralf, > >> can anybody tell me, what it means in maillog: >> Not calling virus scanners, no files to scan in >> /var/amavis/tmp/amavis-20090109T133445-26255/parts >> I have nothing found by google. > > Either the mail body was (mostly) empty, > or decoding has screwed up somehow. > > Examine the message. It it doesn't look empty, > check the log at elevated $log_level. > > Mark > > -- > Check out the new SourceForge.net Marketplace. > It is the best place to buy or sell services for > just about anything Open Source. > http://p.sf.net/sfu/Xq1LFB > ___ > AMaViS-user mailing list > AMaViS-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Not calling virus scanners
Hello, can anybody tell me, what it means in maillog: Not calling virus scanners, no files to scan in /var/amavis/tmp/amavis-20090109T133445-26255/parts I have nothing found by google. thanks Ralf -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Hello Mark, in my maillog are entry like amavis[12535]: (12535-20) ESMTP ABORTING: Connection broken during data transfer amavis[12535]: (12535-20) (!)ESMTP: NOTICE: Connection broken during data transfer Amavis is in pre-queue mode. Now I have one error to the next error. And so on. In main.cf the setting is smtpd_proxy_timeout = 300 In amavis.conf the option $child_timeout is not set. In main.cf I set the option amavis_destination_concurrency_limit = 3, due to a howto http://postfix.state-of-mind.de/patrick.koetter/amavisd-new/ In amavis.conf $max_server = 3 I think the reason for the maillog entries Connection broken during... is the following: A client connects, and after a second it disconnects. Amavis does this not, and is waiting for data, til it finished in a timeout. Do you agree with me? kind regards Ralf Mark Martinec schrieb: > mouss, > >> Henrik K a écrit : >>> Using amavisd-milter is much better option, you can control concurrent >>> process amount and socket queue. >> how? >> >> if you configure postfix to accept 100 simultaneous connections, then >> you should be prepared to filter 100 simultaneous messages (I am talking >> pre-queue here). >> >> but even assuming a single message. if the time it takes to scan is >> long, the client may disconnect. I don't know if caching would help here >> (so that next time, the message is filtered quickly). > > Using a milter setup (through Petr Rehor's amavisd-milter) is slightly better > regarding the use of resources and client handling, compared to smtp-proxy. > > The difference is in client's SMTP session handling up to the DATA stage. > With a proxy approach amavisd is tied up from the very beginning of the > SMTP session, up to and including a data transfer from the client. > > With a milter approach, Postfix and amavisd-milter handle a client's > session by themselves up to the final dot at the end of a data transfer. > Only at this point is amavisd contacted. Moreover, the socket connection > request from amavisd-milter goes into a socket's connection queue (handled > by kernel) and need not be accepted by amavisd right away. Both facts > together make it possible to have somewhat less running child processes > compared to the proxy setup. If slow client sessions are common, this > difference may be important. > > Unfortunately the milter approach is more restricted in its functionality > than proxy or post-queue setups, because header edits can't be applied > per-recipient in multi-recipient mail. > > > Ralf, > >> amavis[27477]: (27477-10) (!)ESMTP: NOTICE: Connection broken during >> data transfer >> amavis[27477]: (27477-20) load: 7 %, total idle 7483.147 s, busy 541.002 >> s amavis needs too long time, to check the mail. See busy 541.002 s. > > This measures total busy time of this process (in all 20 sessions > up to this one in your case). The TIMING log entry (at log level 2) is > what is relevant for each mail transaction. > >> Postfix timeout is >> smtpd_proxy_timeout = 300 > > The smtpd_proxy_timeout should be above $child_timeout (with some margin). > > The relevant settings on the amavisd side are: > > # timeout for our processing: > $child_timeout = 8*60; # abort child if it does not complete a task in n sec > > # timeout for waiting on client input: > $smtpd_timeout = 8*60; # disconnect session if client is idle for too long; > # $smtpd_timeout should be higher than Postfix's max_idle (default 100s) > > > If you can afford wasting extra memory, amavisd allows you to > run SpamAssassin as a forked process: > > $sa_spawned = 1; > > At the expense of up-to-double the number of amavisd processes > and correspondingly increased virtual memory footprint, > a benefit is that long SpamAssassin processing can be cleanly > aborted by a parent amavisd process when elapsed time approaches > a deadline. It may be worth experimenting with this. > > Mark > > > -- > ___ > AMaViS-user mailing list > AMaViS-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Hello, before i was using amavis in post-queue mode. But due to german law, i must use amavis in pre-queue mode. How can i accelerate amavis, to use it in pre-queue mode? Ralf Alexander Wirt schrieb: > Ralf Heidenreich schrieb am Montag, den 29. Dezember 2008: > >> Hello, >> >> amavis is working in pre-queue mode. >> Now i have the following in maillog. >> amavis[27477]: (27477-10) (!)ESMTP: NOTICE: Connection broken during >> data transfer >> # >> amavis[27477]: (27477-20) load: 7 %, total idle 7483.147 s, busy 541.002 s >> # >> amavis needs too long time, to check the mail. See busy 541.002 s. >> Postfix timeout is >> smtpd_proxy_timeout = 300 >> Any ideas?? > Yes, don't do it. Using a full bloated amavis in pre-queue mode is a stupid > idea just for that reasons. > > Alex -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Hello, amavis is working in pre-queue mode. Now i have the following in maillog. amavis[27477]: (27477-10) (!)ESMTP: NOTICE: Connection broken during data transfer # amavis[27477]: (27477-20) load: 7 %, total idle 7483.147 s, busy 541.002 s # amavis needs too long time, to check the mail. See busy 541.002 s. Postfix timeout is smtpd_proxy_timeout = 300 Any ideas?? greetings Ralf mouss schrieb: > Ralf Heidenreich a écrit : >> Hello, >> >> i think i preferr the option with two ipaddresses. > > and I agree with you! > > cheers, > -- mouss > > -- > SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. > The future of the web can't happen without you. Join us at MIX09 to help > pave the way to the Next Web now. Learn more and register at > http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ > ___ > AMaViS-user mailing list > AMaViS-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
Hello, amavis is working in pre-queue mode. Now I have the following lines in maillog: amavis[2028]: (02028-04) load: 22 %, total idle 1222.831 s, busy 353.693 s amavis[2028]: (02028-01) load: 99 %, total idle 0.181 s, busy 26.955 s Is this normal? In post-queue mode i found this: amavis[17613]: (17613-16) load: 0 %, total idle 14425.425 s, busy 29.783 s lx-work amavis[7332]: (07332-01) load: 100 %, total idle 0.001 s, busy 1.486 s greetings Ralf mouss schrieb: > Steve a écrit : >> Hey! I am Swiss and looking what is happening over in Germany in some area >> just makes me shake my head. But who am I? I don't get it and probably will >> never get some of those "strange" laws. >> > > we don't yet have such laws in .fr and I don't read german, but as (I > may) have said earlier, I think the goal is to protect against these > services (anybody said hotmail?) that silently discard legitimate mail. > > if you configure your service according to the recipient choice > (including things like "discard if sender user part contains a 'z'), > then I don't see how the law can interfere here. > >> Do the German layers and the German law agree on the definition of >> "harmful"? I would be surprised if so. > > if something is "known to be harmful", nobody will disagree. so > discarding melissa or "I love you" infected mail should be ok. i.e. just > because we can't classify every message into harmful/harmless classes > doesn't mean we can't classify some of them. > >> Yes. But if this means that running in such a way that this early dropping >> of unwanted messages results in more resources used compared to running in >> the "early mode", then I really don't see the point in this "early >> dropping". I don't agree with you that dropping early is equal in less >> resources used then dropping later. >> > > if you reject a lot of mail during the smtp transaction, then you save > on disk IO. this is always true if your reject based on the envelope > (before DATA). if you check the content, things get more complicated and > the gains depend on how much junk you reject and how much resources you > have. In particular, pre-queue makes you more vulnerable to DoS (your > checks are driven by the foreign client). it also may cause a client > timeout, which is bad. > > but in most cases, performances are not the most critical issue. it is > much more important to deal with FPs (minimise as yu can, and when you > can't, provide feedback, ... etc) and with the junk that you didn't > reject (quarantine? tag and deliver? ... etc). "we" think that "tag and > deliver" or "quarantine" are "the" way to go, but when you look at how > users check their mail, quarantine, folders, ... you get to review this > (at least, this is my experience. and this is why I moved more toward > "origin" filtering as much as possible). > > -- > SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. > The future of the web can't happen without you. Join us at MIX09 to help > pave the way to the Next Web now. Learn more and register at > http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ > ___ > AMaViS-user mailing list > AMaViS-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Hello mouss, now i have postfix configured to listen on 2 ipaddresses. 1 IP has configured to give all mail on amavis port 10024. this triggers the policybank for taganddeliver. The other ip is configured to give all mail to amavis port 10025. this triggers the policybank for reject. The decision on what interface postfix receives mail, is configured in DNS. There are 2 hosts. mail and mail2. If a customer want to reject spammails, the mx for his domain delivers mails to the host mail2. I hope thats corrects my problem. Do you agree with me? greetings Ralf mouss schrieb: > Ralf Heidenreich a écrit : >> Hello, >> >> i think i preferr the option with two ipaddresses. > > and I agree with you! > > cheers, > -- mouss > > -- > SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. > The future of the web can't happen without you. Join us at MIX09 to help > pave the way to the Next Web now. Learn more and register at > http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ > ___ > AMaViS-user mailing list > AMaViS-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
Hello, i think i preferr the option with two ipaddresses. Thanks for your help. greetings Ralf mouss schrieb: > Ralf Heidenreich a écrit : >> Original-Nachricht >> Betreff: Re: [AMaViS-user] Amavis in pre-queue mode >> Datum: Wed, 17 Dec 2008 09:26:09 +0100 >> Von: Ralf Heidenreich >> An: Luis Daniel Lucio Quiroz >> Referenzen: <4947b648.8040...@lx-work.de> >> <200812161258.54671.luis.daniel.lu...@gmail.com> >> >> Hello, >> >> the law says: >> if a mail is in the queue, you must deliver it. > > The problem with laws is that they are written in a language that we > (non lawyers) can't read ;-p > > does this simply means "you can't discard mail"? or even a quarantine is > prohibited? > and what about the following scheme: > - "unwanted" mail is delivered to a special mailbox (which user can > access if she wants:) > - this mailbox has a small quota, and get purged automatically > > I tend to believe that the law means to protect the recipient against > what would be abusive filtering. > > but as your post shows, smtp is not lmtp. once you have read the > message, you can't reject some recipients and accept others. > >> Never mind if it is spam or not. >> To avoid this, amavis must reject the mail in the smtp-dialogue. >> While the connection is open, i can reject it. > > see my other post. you can reject with postfix (port 10026 in your > example) based on the "+spam" extension added by amavisd-new. > > but this requires solving the problem of multi-recipient mail. the > policy service approach should do. AFAIK, Postini do something similar > (tempfail if a recipient in another domain is used). > >> If the mail is queued, the connection is closed. And the mail must be >> delivered. >> So I must switch amavis to pre-queue mode. >> What do you mean with: >> postfix1(smtp)->amavis->postfix2(smpt) (10026/tcp for example)-> >> ??? >> + >> www.postfix.org says >> After-queue-filter: >> Network or >> local users -> Postfixqueue -> Contentfilter -> Postfixqueue -> Network >> or local mailbox >> ++ >> www.postfix.org says >> Before-Queue Content Filter >> Internet -> Postfix SMTP server -> Before queue filter >> -> Postfix SMTP server -> Postfix cleanup server >> -> Postfix queue -> -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
Original-Nachricht
Betreff: Re: [AMaViS-user] Amavis in pre-queue mode
Datum: Wed, 17 Dec 2008 09:26:09 +0100
Von: Ralf Heidenreich
An: Luis Daniel Lucio Quiroz
Referenzen: <4947b648.8040...@lx-work.de>
<200812161258.54671.luis.daniel.lu...@gmail.com>
Hello,
the law says:
if a mail is in the queue, you must deliver it.
Never mind if it is spam or not.
To avoid this, amavis must reject the mail in the smtp-dialogue.
While the connection is open, i can reject it.
If the mail is queued, the connection is closed. And the mail must be
delivered.
So I must switch amavis to pre-queue mode.
What do you mean with:
postfix1(smtp)->amavis->postfix2(smpt) (10026/tcp for example)->
???
+
www.postfix.org says
After-queue-filter:
Network or
local users -> Postfixqueue -> Contentfilter -> Postfixqueue -> Network
or local mailbox
++
www.postfix.org says
Before-Queue Content Filter
Internet -> Postfix SMTP server -> Before queue filter
-> Postfix SMTP server -> Postfix cleanup server
-> Postfix queue - Exactly
>
> What does law say,
>
> When you use postfix in postquee trafic is this:
>
> ->postfix1(smtp)->amavis->postfix2(smpt) (10026/tcp for example)->
>
> Postfix1 can be used to stop and do any prefiltering, therefore, amavis wont
> have heavy load after postfix1 has discard some basic rules.
>
> There is not difference using postfix because it is a daemon, ifyou want to
> use amavis in prequeue you should use a milter. The problem is that here,
> amavis will have all load and then postfix will only relay mail.
>
>
> On Tuesday 16 December 2008 08:08:08 Ralf Heidenreich wrote:
>> Hello,
>>
>> i have a problem. I have a mailserver (postfix), and amavis is working.
>> I am receiving mail for several domains. Some customers want the spam
>> delivering mode "taganddeliver" or reject. I have this realized with
>> policy banks. Amavis in post-queue mode works fine.
>> Due to a law, I must use amavis in pre-queue mode.
>> Thats the problem.
>> In the past it was the following:
>> Postfix receives the mail, and depend on a lookup table, the mail is
>> given to amavis on several ports. One port is for taganddeliver, an one
>> port is for reject. If a mail comes to amavis throug the defined port,
>> amavis loads the policy.
>> Will I use amavis in pre-queue mode, all mails must going to amavis.
>> Amavis must load the right policy for taganddeliver or reject.
>> My current config is
>> @local_domains_maps = ( [".$mydomain","localhost"],
>> read_hash("/etc/postfix/virtual_domains") );
>> I need 3 hashes.
>> One for the domains there is reject used
>> One for the domains there is taganddeliver used
>> One for the domains there is nofilter used.
>> Howe can I realize that?
>>
>> Thanks and greetings
>> Ralf
>>
>> ---
>> --- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas,
>> Nevada. The future of the web can't happen without you. Join us at MIX09
>> to help pave the way to the Next Web now. Learn more and register at
>> http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com
>> / ___
>> AMaViS-user mailing list
>> AMaViS-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/amavis-user
>> AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
>> AMaViS-HowTos:http://www.amavis.org/howto/
>
>
>
> --
> SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
> The future of the web can't happen without you. Join us at MIX09 to help
> pave the way to the Next Web now. Learn more and register at
> http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
> ___
> AMaViS-user mailing list
> AMaViS-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/amavis-user
> AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
> AMaViS-HowTos:http://www.amavis.org/howto/
--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
Original-Nachricht
Betreff: Re: [AMaViS-user] Amavis in pre-queue mode
Datum: Wed, 17 Dec 2008 09:01:50 +0100
Von: Ralf Heidenreich
An: mouss
Referenzen: <4947b648.8040...@lx-work.de> <4947e3d8.7030...@netoyen.net>
Hello mouss,
my idea was to let amavis decide what to do with the mails.
But it is not easy, i think it is impossible.
Now I have the same idea as you. I let postfix run on 2 IPs.
One IP for reject, and one IP for taganddeliver.
Thank you for your informations.
If you have any ideas to run postfix and amavis with one IP, let me
know, please.
greetings
Ralf
mouss schrieb:
> Ralf Heidenreich a écrit :
>> Hello,
>>
>> i have a problem. I have a mailserver (postfix), and amavis is working.
>> I am receiving mail for several domains. Some customers want the spam
>> delivering mode "taganddeliver" or reject. I have this realized with
>> policy banks. Amavis in post-queue mode works fine.
>> Due to a law, I must use amavis in pre-queue mode.
>> Thats the problem.
>> In the past it was the following:
>> Postfix receives the mail, and depend on a lookup table, the mail is
>> given to amavis on several ports. One port is for taganddeliver, an one
>> port is for reject. If a mail comes to amavis throug the defined port,
>> amavis loads the policy.
>> Will I use amavis in pre-queue mode, all mails must going to amavis.
>> Amavis must load the right policy for taganddeliver or reject.
>> My current config is
>> @local_domains_maps = ( [".$mydomain","localhost"],
>> read_hash("/etc/postfix/virtual_domains") );
>> I need 3 hashes.
>> One for the domains there is reject used
>> One for the domains there is taganddeliver used
>> One for the domains there is nofilter used.
>> Howe can I realize that?
>>
>
>
> If you have multiple IPs, the simplest solution would be to use
> different MXes. Otherwise, one problem is what to do if a single mail is
> destined to multiple recipients with different actions: you can't reject
> and deliver at the same time!
>
>
> A somewhat related discussion:
> http://marc.info/?l=amavis-user&m=104639986104274&w=2
>
>
> --
> SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
> The future of the web can't happen without you. Join us at MIX09 to help
> pave the way to the Next Web now. Learn more and register at
> http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
> ___
> AMaViS-user mailing list
> AMaViS-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/amavis-user
> AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
> AMaViS-HowTos:http://www.amavis.org/howto/
--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Amavis in pre-queue mode
Hello,
i have a problem. I have a mailserver (postfix), and amavis is working.
I am receiving mail for several domains. Some customers want the spam
delivering mode "taganddeliver" or reject. I have this realized with
policy banks. Amavis in post-queue mode works fine.
Due to a law, I must use amavis in pre-queue mode.
Thats the problem.
In the past it was the following:
Postfix receives the mail, and depend on a lookup table, the mail is
given to amavis on several ports. One port is for taganddeliver, an one
port is for reject. If a mail comes to amavis throug the defined port,
amavis loads the policy.
Will I use amavis in pre-queue mode, all mails must going to amavis.
Amavis must load the right policy for taganddeliver or reject.
My current config is
@local_domains_maps = ( [".$mydomain","localhost"],
read_hash("/etc/postfix/virtual_domains") );
I need 3 hashes.
One for the domains there is reject used
One for the domains there is taganddeliver used
One for the domains there is nofilter used.
Howe can I realize that?
Thanks and greetings
Ralf
--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
