[SOLVED] amavisd-new not loading MYNETS policy

Discussion in 'Server Operation' started by biro, Nov 8, 2018 at 3:46 PM.

  1. biro

    biro New Member

    Hello,
    I have postfix mail server with amavisd-new filter for incoming messages which works great.
    I am using amavis for adding DKIM signature and disclaimer footer in emails and this works great when users send messages by authenticating.
    Code:
    smtpd_sender_restrictions =
            check_sender_access regexp:/etc/postfix/tag_as_originating.re
            permit_mynetworks
            permit_sasl_authenticated
            permit_tls_clientcerts
            check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    
    
    
    # cat tag_as_originating.re
    /^/  FILTER smtp-amavis:[127.0.0.1]:10026
    
    # cat tag_as_foreign.re
    /^/  FILTER smtp-amavis:[127.0.0.1]:10024
    

    However i am unable to make it add DKIM for emails sent with linux mail command, for example:
    Code:
    echo "test" | mail -r [email protected] -Sreplyto="[email protected]" -s "Test" [email protected]
    
    In amavis log it shows:
    The raw message headers contain:
    Code:
    Received: by domain.com (Postfix, from userid 0)
        id 514D526411F7; Thu,  8 Nov 2018 12:22:25 +0100 (CET)
    so i guess it is unable to see the email coming from localhost.
    Because there is no IP address in this Received header it shows in log: ip_from_received: no IP address in: Received: by domain.com (Postfix, from userid 0)
    In postfix config i added header checks to replace header if it contains "Postfix, from userid ":
    Code:
    /^Received: by(.*) \(Postfix, from userid[^\)]+(.+)$/ REPLACE Received: from${1} ([127.0.0.1])${2}
    Now the emails Received header looks like:
    Amavis log shows: ip_from_received: 127.0.0.1 but still it shows in log "dkim: not signing mail which is not originating from our site"

    In amavisd.conf i use default @mynetworks value:
    Code:
    @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                      10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

    Why it does not match 127.0.0.1 to MYNETS and does not set originating=1?

    Is there any way making amavis add DKIM and disclaimer when linux mail command (or php mail() function) is used?

    I could provide other postfix and amavis config values if needed.
    Help is appreciated.
     
  2. biro

    biro New Member

    I found the solution.
    I created new listening port in amavis and connected it to new policy bank called LOCALHOST. I enabled originating and disclaimer for LOCALHOST, then changed master.cf to add content filter for pickup:
    Code:
    pickup    fifo  n       -       n       60      1       pickup
       -o content_filter=smtp-amavis:[127.0.0.1]:10127
    
    Now it is working as wanted.
    If someone can tell me if it's the best solution or possible vulnerability is opened, please let me know.

    I hope this is useful for other users.
     

Share This Page