Amavisd-new is a very powerful anti-spam software, but most of the time we need to skip the anti-spam checks on our local local mail, this article is a discussion of how to make the local domain skip the amavisd-new of several ways to implement the anti-spam inspection.
Overview: This article explained that through four ways to achieve the local domain skip anti-spam inspection, the first three methods have deficiencies, the fourth method is a better way to achieve.
Four ways to skip anti-spam checks in the local domain
Method One:
Skipping detection through submission.
The only drawback to this approach is that users using agent software such as OE or foxmail must modify the SMTP default port number (default is 25).
Edit POSTFIX/MASTER.CF
Enable submission This process, add authentication mode and filtering policy, save and exit
Submission inet n–n–-SMTPD
-O Smtpd_etrn_restrictions=reject
-O Smtpd_sasl_auth_enable=yes
-O Smtpd_client_restrictions=permit_sasl_authenticated,reject
-O content_filter=smtp-amavis:[127.0.0.1]:10026
The filtering strategy here is smtp-amavis:[127.0.0.1]:10026.
Modify Amavisd.conf
Open the AMAVISD listening port and AMAVISD will monitor the 10024,10025,10026 three ports later
$inet _socket_port = [10024, 10026];
Most people are configured to only open up to 10024, such as $inet_socket_port = 10024.
Then add the policy on port 10026, and if you already have a policy on port 10026 in your configuration, please comment it out.
$interface _policy{' 10026′} = ' Checkbypass ';
$policy _bank{' checkbypass '} = {# Mail from submission and SMTPS ports
Bypass_spam_checks_maps => [1], # don ' t spam-check this mail
Bypass_banned_checks_maps => [1], # don ' t banned-check this mail
Bypass_header_checks_maps => [1], # don ' t header-check this mail
};
Exit after saving
Restart Postfix and AMAVISD
NETSTAT-TNLP look at the port status
TCP 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 18525/master
587 is both a submission listening port.
Now set Outlook or Foxmail
Modify the SMTP port number in the Send settings to 587, and don't forget to let go of 587 in the firewall.
Use this domain user to try to send an email to see.
AMAVIS[30236]: (30236-16) passed clean, checkbypass [222.45.26.224] [222.45.26.224]->, Message-id:
, MAIL_ID:ALW5YMALJBGF, Hits:-, size:1605, queued_as:1ffa8474002, MS
If the "Hits:-" section appears, the settings are successful
Method Two:
Modify @mynetworks.
Edit amavisd.conf
The default is:
@mynetworks = QW (127.0.0.0/8 [:: 1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16);
Join the IP network segment you want to skip filtering
For example:
@mynetworks = QW (127.0.0.0/8 [:: 1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 222.45.26.0/24);
At the same time modify the Mynets policy as follows
$policy _bank{' mynets '} = {# mail originating from @mynetworks
Originating => 1, # is true in Mynets by default, but let's make it explicit
Os_fingerprint_method => undef, # don ' t query p0f for internal clients
Bypass_spam_checks_maps => [1], # don ' t spam-check internal mail
Bypass_banned_checks_maps => [1], # don ' t banned-check internal mail
Bypass_header_checks_maps => [1], # don ' t header-check internal mail
};
Restart Amaivsd after saving
Later messages from 222.45.26.0/24 are skipped for detection. 111cn.net
You will also see the following records
AMAVIS[15750]: (15750-11) passed clean, mynets local [222.45.26.132] [222.45.26.132]->, Message-id:
, MAIL_ID:VBR2KBQI-F1W, Hits:-, size:11378, queued_as:e741f1d94001, 450 ms
This method is not a panacea, he can only skip messages from the @mynetworks address
The second method only supports sending through the local domain. Sending directly to the mail client may be problematic unless the client is using an IP in Mynetworks,
Method Three:
Add the following two lines to amavisd.conf:
@bypass_spam_checks_maps = (%bypass_spam_checks, @bypass_spam_checks_acl, $bypass _spam_checks_re);
@bypass_spam_checks_maps = QW (localdomain1 localdomain2);
This method does not perform and skips anti-spam checks on messages that are sent and received.
Method Four:
Set White list
$sa _auto_whitelist = 1; # Turn on AWL (Default:false)
Below, set the whitelist position, note that these specified files must exist, otherwise Amavis will not start, and note that the permissions of these files, Amavis must be able to access.
# Specify White list
Read_hash (%whitelist_sender, '/var/lib/amavis/whitelist ');
# Specify Blacklist
Read_hash (%blacklist_sender, '/var/lib/amavis/blacklist ');
# If the recipient is in this list, no junk e-mail detection is done
Read_hash (%spam_lovers, '/var/lib/amavis/spam_lovers ');
will not check for outgoing messages, but check for incoming messages