[SOLVED] amavisd-new not loading MYNETS policy

Discussion in 'Server Operation' started by biro, Nov 8, 2018 at 3:46 PM.

  1. biro

    biro New Member

    I have postfix mail server with amavisd-new filter for incoming messages which works great.
    I am using amavis for adding DKIM signature and disclaimer footer in emails and this works great when users send messages by authenticating.
    smtpd_sender_restrictions =
            check_sender_access regexp:/etc/postfix/tag_as_originating.re
            check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    # cat tag_as_originating.re
    /^/  FILTER smtp-amavis:[]:10026
    # cat tag_as_foreign.re
    /^/  FILTER smtp-amavis:[]:10024

    However i am unable to make it add DKIM for emails sent with linux mail command, for example:
    echo "test" | mail -r [email protected] -Sreplyto="[email protected]" -s "Test" [email protected]
    In amavis log it shows:
    The raw message headers contain:
    Received: by domain.com (Postfix, from userid 0)
        id 514D526411F7; Thu,  8 Nov 2018 12:22:25 +0100 (CET)
    so i guess it is unable to see the email coming from localhost.
    Because there is no IP address in this Received header it shows in log: ip_from_received: no IP address in: Received: by domain.com (Postfix, from userid 0)
    In postfix config i added header checks to replace header if it contains "Postfix, from userid ":
    /^Received: by(.*) \(Postfix, from userid[^\)]+(.+)$/ REPLACE Received: from${1} ([])${2}
    Now the emails Received header looks like:
    Amavis log shows: ip_from_received: but still it shows in log "dkim: not signing mail which is not originating from our site"

    In amavisd.conf i use default @mynetworks value:
    @mynetworks = qw( [::1] [FE80::]/10 [FEC0::]/10

    Why it does not match to MYNETS and does not set originating=1?

    Is there any way making amavis add DKIM and disclaimer when linux mail command (or php mail() function) is used?

    I could provide other postfix and amavis config values if needed.
    Help is appreciated.
  2. biro

    biro New Member

    I found the solution.
    I created new listening port in amavis and connected it to new policy bank called LOCALHOST. I enabled originating and disclaimer for LOCALHOST, then changed master.cf to add content filter for pickup:
    pickup    fifo  n       -       n       60      1       pickup
       -o content_filter=smtp-amavis:[]:10127
    Now it is working as wanted.
    If someone can tell me if it's the best solution or possible vulnerability is opened, please let me know.

    I hope this is useful for other users.

Share This Page