Amavisd-new Configure local domain bypass anti-spam check

Source: Internet
Author: User
Tags port number

Amavisd-new is a very powerful anti-spam software, but most of the time we need to skip the anti-spam checks on our local local mail, this article is a discussion of how to make the local domain skip the amavisd-new of several ways to implement the anti-spam inspection.

Overview: This article explained that through four ways to achieve the local domain skip anti-spam inspection, the first three methods have deficiencies, the fourth method is a better way to achieve.

Four ways to skip anti-spam checks in the local domain

Method One:

Skipping detection through submission.

The only drawback to this approach is that users using agent software such as OE or foxmail must modify the SMTP default port number (default is 25).

Edit POSTFIX/MASTER.CF

Enable submission This process, add authentication mode and filtering policy, save and exit

Submission inet n–n–-SMTPD

-O Smtpd_etrn_restrictions=reject

-O Smtpd_sasl_auth_enable=yes

-O Smtpd_client_restrictions=permit_sasl_authenticated,reject

-O content_filter=smtp-amavis:[127.0.0.1]:10026

The filtering strategy here is smtp-amavis:[127.0.0.1]:10026.

Modify Amavisd.conf

Open the AMAVISD listening port and AMAVISD will monitor the 10024,10025,10026 three ports later

$inet _socket_port = [10024, 10026];

Most people are configured to only open up to 10024, such as $inet_socket_port = 10024.

Then add the policy on port 10026, and if you already have a policy on port 10026 in your configuration, please comment it out.

$interface _policy{' 10026′} = ' Checkbypass ';

$policy _bank{' checkbypass '} = {# Mail from submission and SMTPS ports

Bypass_spam_checks_maps => [1], # don ' t spam-check this mail

Bypass_banned_checks_maps => [1], # don ' t banned-check this mail

Bypass_header_checks_maps => [1], # don ' t header-check this mail

};

Exit after saving

Restart Postfix and AMAVISD

NETSTAT-TNLP look at the port status

TCP 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 18525/master

587 is both a submission listening port.

Now set Outlook or Foxmail

Modify the SMTP port number in the Send settings to 587, and don't forget to let go of 587 in the firewall.

Use this domain user to try to send an email to see.

AMAVIS[30236]: (30236-16) passed clean, checkbypass [222.45.26.224] [222.45.26.224]->, Message-id:

, MAIL_ID:ALW5YMALJBGF, Hits:-, size:1605, queued_as:1ffa8474002, MS

If the "Hits:-" section appears, the settings are successful

Method Two:

Modify @mynetworks.

Edit amavisd.conf

The default is:

@mynetworks = QW (127.0.0.0/8 [:: 1] [FE80::]/10 [FEC0::]/10

10.0.0.0/8 172.16.0.0/12 192.168.0.0/16);

Join the IP network segment you want to skip filtering

For example:

@mynetworks = QW (127.0.0.0/8 [:: 1] [FE80::]/10 [FEC0::]/10

10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 222.45.26.0/24);

At the same time modify the Mynets policy as follows

$policy _bank{' mynets '} = {# mail originating from @mynetworks

Originating => 1, # is true in Mynets by default, but let's make it explicit

Os_fingerprint_method => undef, # don ' t query p0f for internal clients

Bypass_spam_checks_maps => [1], # don ' t spam-check internal mail

Bypass_banned_checks_maps => [1], # don ' t banned-check internal mail

Bypass_header_checks_maps => [1], # don ' t header-check internal mail

};

Restart Amaivsd after saving

Later messages from 222.45.26.0/24 are skipped for detection. 111cn.net

You will also see the following records

AMAVIS[15750]: (15750-11) passed clean, mynets local [222.45.26.132] [222.45.26.132]->, Message-id:

, MAIL_ID:VBR2KBQI-F1W, Hits:-, size:11378, queued_as:e741f1d94001, 450 ms

This method is not a panacea, he can only skip messages from the @mynetworks address

The second method only supports sending through the local domain. Sending directly to the mail client may be problematic unless the client is using an IP in Mynetworks,

Method Three:

Add the following two lines to amavisd.conf:

@bypass_spam_checks_maps = (%bypass_spam_checks, @bypass_spam_checks_acl, $bypass _spam_checks_re);

@bypass_spam_checks_maps = QW (localdomain1 localdomain2);

This method does not perform and skips anti-spam checks on messages that are sent and received.

Method Four:

Set White list

$sa _auto_whitelist = 1; # Turn on AWL (Default:false)

Below, set the whitelist position, note that these specified files must exist, otherwise Amavis will not start, and note that the permissions of these files, Amavis must be able to access.

# Specify White list

Read_hash (%whitelist_sender, '/var/lib/amavis/whitelist ');

# Specify Blacklist

Read_hash (%blacklist_sender, '/var/lib/amavis/blacklist ');

# If the recipient is in this list, no junk e-mail detection is done

Read_hash (%spam_lovers, '/var/lib/amavis/spam_lovers ');

will not check for outgoing messages, but check for incoming messages

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.