How to avoid SPAM filter for internal networks?

Discussion in 'Installation/Configuration' started by Jackouille-CH, Feb 9, 2017.

  1. Jackouille-CH

    Jackouille-CH New Member

    I have configured my internal networks (10.41.1.0/24 and [fc00::]/7) on Email / Global Filters / Postfix Whitelist with sender and client but it doesn't help.
    Within main.cf I have the following entry:
    mynetworks = 127.0.0.0/8 10.41.0.0/16 [::1]/128 [fc00::]/7

    But I still got internal mails classified as SPAMMY:
    Feb 9 08:49:01 mail1 amavis[10147]: (10147-09) Passed SPAMMY {RelayedTaggedInternal}, ORIGINATING LOCAL [10.41.1.233]:42202 <root@vmn-dev.localdomain> -> <me@mydomain.net>, Queue-ID: 513471AAE, Message-ID: <20170209074902.3919ACA930@vmn-dev.localdomain>, mail_id: MmiTJSiwN9HR, Hits: 4.788, size: 1168, queued_as: 86B8D1AB3, 222 ms

    Feb 9 08:50:05 mail1 amavis[10336]: (10336-08) Passed SPAMMY {RelayedTaggedInternal}, ORIGINATING LOCAL [fc00::200:31]:52522 <root@vmn-dev.localdomain> -> <me@mydomain.net>, Queue-ID: BE06F1AAE, Message-ID: <20170209075003.4A139CA930@vmn-dev.localdomain>, mail_id: HPVW7Bpv7vtN, Hits: 6.618, size: 854, queued_as: 4D65B1AB3, 542 ms

    My local servers are running IPv4 and IPv6.
     
  2. Jesse Norell

    Jesse Norell Well-Known Member

    In a quick look at smtpd_sender_restrictions on a 3.1 server here, you would bypass amavis entirely (ie. spam/virus scanning) by either specifying your networks in mynetworks or by authenticating with sending. Are your users authenticating when they send mail? What is your smtpd_sender_restrictions set to? (run 'postconf smtpd_sender_restrictions') There are use cases for adding to mynetworks, but there are also reasons not to (ie. to help stop spam/virus mail from your customers) - I'd simply have users authenticate. If mynetworks/authentication isn't working to bypass amavis, you may have a configuration different than what ispconfig creates by default.
     
    Jackouille-CH likes this.
  3. Jackouille-CH

    Jackouille-CH New Member

    No mails are sent without authentication now from a PHP script.
    Here is the requested output:
    mail1:~# postconf smtpd_sender_restrictions
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    What should I change?
     
  4. Jackouille-CH

    Jackouille-CH New Member

    Thanks for your help Jessie. I am now using PHPMailer in order to authenticate my mails and they are no more classified as SPAM.
    I was thinking that mynetworks were by default treated as Whitelist.
     
  5. Jesse Norell

    Jesse Norell Well-Known Member

    Things don't quite add up here, in your original logs you had 'ORIGINATING LOCAL' so I think your mynetworks settings were working at that point, and my determination that doing so bypasses spam scanning may be wrong; looking at it today I think the difference is in dkim signing (check signatures vs. add signatures), does that sound correct @florian030 ?

    I suspect the difference/improvement in spam scanning is in the rules spamassassin applies, doing a much better job when it knows the sender is authenticated locally. You might look at TRUSTED_NETWORKS and/or INTERNAL_NETWORKS in spamassassin config and add your local hosts/networks where appropriate.
     
    Jackouille-CH likes this.
  6. Jackouille-CH

    Jackouille-CH New Member

    From my side this issue has been solved with mail authentication but working with DKIM is still an ongoing project.
     

Share This Page