Ralf Hildebrandt skrev den 2017-11-28 00:31:
Putting my rules in place already pointed out several hosts not on our
network
sending mail as charite.de senders...
your rules, your problem :=)
in amavisd 0.01 it was designed to use xclient forwards in postfix so
amavisd know what clients it really was, that could be used in the 2
default policy banks, one for incomming mails, and one for originated in
mynetworks in amavisd
you have possible maked a error that all policy banks have default
originated mails signed so you search amavisd.conf for originating,
removed if found outside of a policy bank, defult must be not defined
should i really help more by installing oldest amavidd to show configs ?
in newer versions of amavisd its just getting more easy to make more
errors
i just wish there was a command to dump config just like dovecot -n and
postfix -n, so we all knows why it fails
all we now have is endless debate and missing books :(
qoute from howtos
https://www.ijs.si/software/amavisd/amavisd-new-docs.html
# regular incoming mail, originating from anywhere (usually from
outside)
# the MX record (or backup mailers) should point to this IP address
192.0.2.1:smtp inet n - n - - smtpd
-o content_filter=amavisfeed:[127.0.0.1]:10040
# incoming mail from fetchmail, considered externally originating
# (add 'smtphost localhost/2345' to the poll section in .fetchmailrc)
127.0.0.1:2345 inet n - n - - smtpd
-o content_filter=amavisfeed:[127.0.0.1]:10041
-o smtpd_client_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
# IP address to be used by internal hosts for mail submission
192.0.2.2:smtp inet n - n - - smtpd
-o content_filter=amavisfeed:[127.0.0.1]:10042
-o smtpd_client_restrictions=permit_mynetworks,reject
# or, tcp port 587 to be used by internal hosts for mail submission
submission inet n - n - - smtpd
-o content_filter=amavisfeed:[127.0.0.1]:10042
-o smtpd_client_restrictions=permit_mynetworks,reject
# locally originating mail submitted on this host through a sendmail
binary
pickup fifo n - n 60 1 pickup
-o content_filter=amavisfeed:[127.0.0.1]:10043
did you read that ?
$interface_policy{'10040'} = 'EXT';
$interface_policy{'10041'} = 'EXT-FM';
$interface_policy{'10042'} = 'INT';
$interface_policy{'10043'} = 'INT-HOST';
$interface_policy{'10044'} = 'AUTH'; # to be used in the next example
# regular incoming mail, originating from anywhere (usually from
outside)
$policy_bank{'EXT'} = {
# just use global settings, no special overrides
};
# incoming mail from fetchmail, considered externally originating
$policy_bank{'EXT-FM'} = {
log_level => 2,
# no bounces for spam, not even for score below
spam_dsn_cutoff_level_maps:
final_spam_destiny => D_DISCARD,
};
# locally originating mail guaranteed to be from inside
$policy_bank{'INT'} = {
# enable/redirect admin notifications for locally originating
malware:
virus_admin_maps => ["virusalert\@$mydomain"],
spam_admin_maps => ["virusalert\@$mydomain"],
# be slightly more permissive on spam levels for mail from our
hosts:
spam_kill_level_maps => [7.0],
spam_dsn_cutoff_level_maps => [15],
final_virus_destiny => D_BOUNCE, # (unless in
viruses_that_fake_sender_maps)
final_spam_destiny => D_BOUNCE, # (unless above
spam_dsn_cutoff_level_maps)
bypass_banned_checks_maps => [ 1 ], # allow sending any file type or
name
# provide customized sender notifications for spam from our users:
notify_spam_sender_templ =>
read_text("$MYHOME/notify_spam_sender.txt"),
};
# mail locally submitted on the host on which MTA runs
$policy_bank{'INT-HOST'} = {
# NOTE: this is just an example; ignoring internally generated spam
# may not be such a good idea, consider zombified infected local PCs
bypass_spam_checks_maps => [ 1 ],
bypass_banned_checks_maps => [ 1 ],
final_spam_destiny => D_PASS,
final_banned_destiny => D_PASS,
};
# authenticated mail (used by the next example)
$policy_bank{'AUTH'} = {
# enable admin notifications for malware originating from our users:
virus_admin_maps => ["virusalert\@$mydomain"],
spam_admin_maps => ["virusalert\@$mydomain"],
# be slightly more permissive on spam levels for mail from our
users:
spam_kill_level_maps => 7.0,
spam_dsn_cutoff_level_maps => 15,
bypass_banned_checks_maps => 1, # allow sending any file type or name
final_bad_header_destiny => D_BOUNCE; # block invalid headers
};
lastly maybe read
Configuring multiple mail paths in amavisd section on how to make
originating work
why do i write all that ?, i use spampd :=)