Amavisd-new Configure local domain bypass anti-spam check

Source: Internet
Author: User
Tags port number

Amavisd-new is a very powerful anti-spam software, but most of the time we need to skip the anti-spam checks on our local local mail, this article is a discussion of how to make the local domain skip the amavisd-new of several ways to implement the anti-spam inspection.

Overview: This article explained that through four ways to achieve the local domain skip anti-spam inspection, the first three methods have deficiencies, the fourth method is a better way to achieve.

Four ways to skip anti-spam checks in the local domain

The first two approaches come from: http://scanty.blog.51cto.com/242145/406515, both of which have drawbacks.

Method One:

The

Skips detection through submission.
The only disadvantage of this method is that users using agent software such as OE or foxmail must modify the SMTP default port number (default is 25).
Edit POSTFIX/MASTER.CF
Enables submission this process, joins authentication and filtering policies, saves and exits
Submission inet n–n–-smtpd
-o smtpd_etrn_rest Rictions=reject
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated, Reject
-O content_filter=smtp-amavis:[127.0.0.1]:10026
This filter policy is used smtp-amavis:[127.0.0.1]:10026
Modify Amavisd.conf
To open the AMAVISD listening port, and AMAVISD will listen for 10024,10025,10026 these three ports later
$inet _socket_port = [10024, 10026];
Most people are configured to only open up to 10024, such as $inet_socket_port = 10024.
then add a policy to port 10026, and if you already have a policy on port 10026 in your configuration, please comment out.
$interface _policy{' 10026′} = ' Checkbypass ';

$policy _bank{' checkbypass '} = {# Mail from submission and SMTPS ports
Bypass_spam_checks_maps => [1], # don ' t spam-check this mail
Bypass_banned_checks_maps => [1], # don ' t banned-check this mail
Bypass_header_checks_maps => [1], # don ' t header-check this mail
};
Exit Www.111cn.net after saving
Restart Postfix and AMAVISD
NETSTAT-TNLP look at the port status
TCP 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 18525/master
587 is both a submission listening port.
Now set Outlook or Foxmail
Modify the SMTP port number in the Send settings to 587, and don't forget to let go of 587 in the firewall.
Use this domain user to try to send an email to see.
AMAVIS[30236]: (30236-16) passed clean, checkbypass [222.45.26.224] [222.45.26.224]->, Message-id:

, MAIL_ID:ALW5YMALJBGF, Hits:-, size:1605, queued_as:1ffa8474002, MS
If the "Hits:-" section appears, the settings are successful

Method Two:

Modify @mynetworks.
Edit amavisd.conf
The default is:
@mynetworks = QW (127.0.0.0/8 [:: 1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16);
Join the IP network segment you want to skip filtering
For example:
@mynetworks = QW (127.0.0.0/8 [:: 1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 222.45.26.0/24);
At the same time modify the Mynets policy as follows

$policy _bank{' mynets '} = {# mail originating from @mynetworks
Originating => 1, # is true in Mynets by default, but let's make it explicit
Os_fingerprint_method => undef, # don ' t query p0f for internal clients
Bypass_spam_checks_maps => [1], # don ' t spam-check internal mail
Bypass_banned_checks_maps => [1], # don ' t banned-check internal mail
Bypass_header_checks_maps => [1], # don ' t header-check internal mail
};
Restart Amaivsd after saving
Later messages from 222.45.26.0/24 are skipped for detection. 111cn.net
You will also see the following records
AMAVIS[15750]: (15750-11) passed clean, mynets local [222.45.26.132] [222.45.26.132]->, Message-id:

, MAIL_ID:VBR2KBQI-F1W, Hits:-, size:11378, queued_as:e741f1d94001, 450 ms
This method is not a panacea, he can only skip messages from the @mynetworks address
The second method only supports sending through the local domain. Sending directly to the mail client may be problematic unless the client is using an IP in Mynetworks,

Method Three:

Add the following two lines to amavisd.conf:
@bypass_spam_checks_maps = (%bypass_spam_checks, @bypass_spam_checks_acl, $bypass _spam_checks_re);
@bypass_spam_checks_maps = QW (localdomain1 localdomain2);

This method does not perform and skips anti-spam checks on messages that are sent and received.

Method Four:

Set White list
$sa _auto_whitelist = 1; # Turn on AWL (Default:false)

Below, set the whitelist position, note that these specified files must exist, otherwise Amavis will not start, and note that the permissions of these files, Amavis must be able to access.
# Specify White list
Read_hash (%whitelist_sender, '/var/lib/amavis/whitelist ');
# Specify Blacklist
Read_hash (%blacklist_sender, '/var/lib/amavis/blacklist ');
# If the recipient is in this list, no junk e-mail detection is done
Read_hash (%spam_lovers, '/var/lib/amavis/spam_lovers ');
will not check for outgoing messages, but check for incoming messages

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.