PDA

View Full Version : How to let Postfix bypass amavis


Roderik
28th September 2006, 12:47
I'm running a PostFox-Amavis setup, almost like the ones in the tutorials, but without the mysql backend part.

We recieve a lot of mail, reject a lot of spam with postfix, scan the rest with amavis en then to the mailbox. Outgoing email from our servers pass throught the postfix, to amavis, and amavis descides it's mail from the local networks and just sends it out.

While this is fine for most situations, we provide a service to our clients for sending commercial mailings (not spam but sometimes a lot (40k mails)). Sending one email through the postfix-amavis takes (according to mail.log) 200ms in amavis, so about 5 mails per second. This just doesn't cut it.

I would like to change it so that postfix doens't send it to amavis if it is a email originating from the local nets and just sends it out.

My master.cf
smtp-amavis unix - - y - 4 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20

127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_milters=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks
##-o strict_rfc821_envelopes=yes


in my amavis.conf
### BYPASS LOCAL EMAILS ##
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
192.168.0.11/16
);

$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
bypass_spam_checks_maps => [1], # don't spam-check internal mail
bypass_banned_checks_maps => [1], # don't banned-check internal mail
final_spam_destiny => D_PASS,
final_banned_destiny => D_PASS,
bypass_virus_checks_maps => [1],
bypass_header_checks_maps => [1],
final_virus_destiny => D_PASS,
};


the ip's in @mynetworks are mirrored in the mynetworks in the postfix main.cf

in main.cf i have the following (parts offcourse)


smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/helo_client_exceptions
check_sender_access hash:/etc/postfix/sender_checks,
reject_invalid_hostname,
## Can cause issues with Auth SMTP, so be weary!
# reject_non_fqdn_hostname,
##################################
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
# Add RBL exceptions here, when changing rbl_client_exceptions, this file must be regenerated using postmap <file>, to generate a Berkeley DB
check_client_access hash:/etc/postfix/rbl_client_exceptions,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rhsbl_sender dsn.rfc-ignorant.org,
# check_policy_service inet:127.0.0.1:60000 ##
permit


can anyone help or point me to a tutorial/manual on how to implement this sollution.

ps. i don't want to use an alternative port on the mailserver for outgoing, non-checked emails.

falko
29th September 2006, 15:12
Have a look here: http://www.howtoforge.com/forums/showthread.php?t=6879&highlight=amavisd+domains

Roderik
29th September 2006, 15:36
Hi,

that post is not an answer for my problem. You describe a way to bypass the checking in amavis itself, but i want to prevent sending the email from postfix to amavis all together. So i would need a config tweak for postfix, and not for postfix.

The reason for this is that just sending an email through amavis, even when bypassing all checks (spam and virus) still takes 200 miliseconds.

falko
1st October 2006, 01:26
Maybe this helps you: http://howtoforge.com/postfix_antispam_mailscanner_clamav_ubuntu_p3