1 (edited by Albux 2013-04-01 07:25:17)

Topic: [SOLVED] How to bypass amavisd for some senders?

==== Required information ====
- iRedMail version: 0.84
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP (iRedAdmin Pro 1.9.0)
- Linux/BSD distribution name and version: CentOS 6.4 x64
- Related log if you're reporting an issue:
====

Hello,
is there a way to completely bypass amavisd when message comes from certain domains or IPs ?
the "system" whitelist in iRedAdmin looks like it's working only to bypass greylist, and there is no per-domain whitelist.

The only way I've found is to use the whitelist in the per-user settings... but we have way too many users!

Even if it's not possible to do it from iRedAdmin-Pro, which files do I have to modify for this result? amavisd.conf ?

Thank you smile

2

Re: [SOLVED] How to bypass amavisd for some senders?

Maybe you can try Postfix "check_sender_access" in "smtpd_sender_restrictions"?
Reference: http://www.postfix.org/postconf.5.html# … strictions

3 (edited by Albux 2013-04-02 00:42:38)

Re: [SOLVED] How to bypass amavisd for some senders?

Hello Zhang,

I've solved like this:

1) I created the file /etc/amavisd/whitelist
where I inserted the addresses of the senders that I wanted to whitelist, one per line.
it works also for whole domains (but without the @)
Example:

user1@example.com
user2@example.org
example.net
example.eu

2) in /etc/amavisd/amavisd.conf I decommented AND modified the following section:

# This policy will perform virus checks only.
read_hash(\%whitelist_sender, '/etc/amavisd/whitelist');
@whitelist_sender_maps = (\%whitelist_sender);

$interface_policy{'10026'} = 'VIRUSONLY';
$policy_bank{'VIRUSONLY'} = { # mail from the pickup daemon
    bypass_spam_checks_maps   => ['@whitelist_sender_maps'],  # don't spam-check this mail
    bypass_banned_checks_maps => ['@whitelist_sender_maps'],  # don't banned-check this mail
    bypass_header_checks_maps => ['@whitelist_sender_maps'],  # don't header-check this mail
};

Checked the logs and the headers of the messages... it works perfectly! smile
The messages are with no score, have the WHITELISTED tag, and get checked for virus. Exactly what I wanted.
Delivery time lowered for the whitelisted addresses from 2500-3000ms to roughly 150ms.

If you want to make this method a quick "How-To" in your doc repository, feel free to use it.

4

Re: [SOLVED] How to bypass amavisd for some senders?

I tried this and got an bad file descriptor error on restarting amavisd (on my system, amavisd.conf is in /etc).  The path to my whitelist file is correct.   I have the file permissions set the same on both the whitelist file and amavisd.conf (user root and group amavis).  Any ideas?

5

Re: [SOLVED] How to bypass amavisd for some senders?

answerman wrote:

I tried this and got an bad file descriptor error on restarting amavisd (on my system, amavisd.conf is in /etc).  The path to my whitelist file is correct.   I have the file permissions set the same on both the whitelist file and amavisd.conf (user root and group amavis).  Any ideas?

Which system are you using?
Could you post the exact error?

6 (edited by answerman 2013-04-05 05:12:04)

Re: [SOLVED] How to bypass amavisd for some senders?

- iRedMail version: 0.7.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mySQL
- Linux/BSD distribution name and version: CentOS 5.6 x64

Error:
Starting Mail Virus Scanner (amavisd): Apr  4 16:07:38.066 xxxxxxxx.com [25471]: Error reading from /etc/amavisd/whitelist: Bad file descriptor


amavisd.conf is located in /etc/, and my whitelist file is located in /etc/amavisd/.  The path to the file is correct.  amavisd starts correctly even with the error, but it's not seeing the whitelist file for some reason (there are only two email addresses in the whitelist file for test purposes).

7 (edited by Albux 2013-04-05 16:22:32)

Re: [SOLVED] How to bypass amavisd for some senders?

The only thing that comes to my mind is to verify if your whitelist file is correctly written.

Maybe you have some invisible characters or some incorrect charset (it depends by which editor you used to write your file)?
Or maybe the last line of your text file is not terminated with a newline? This happens pretty often...

try to delete your whitelist file, rewrite it with an editor like vim or nano and restart amavisd.

Let me know smile

8

Re: [SOLVED] How to bypass amavisd for some senders?

Albux wrote:

The only thing that comes to my mind is to verify if your whitelist file is correctly written.

Maybe you have some invisible characters or some incorrect charset (it depends by which editor you used to write your file)?
Or maybe the last line of your text file is not terminated with a newline? This happens pretty often...

try to delete your whitelist file, rewrite it with an editor like vim or nano and restart amavisd.

Let me know smile

Well, I feel dumb.  Added a newline at the end and that was all it took.   Thanks for your help!

9

Re: [SOLVED] How to bypass amavisd for some senders?

answerman wrote:

Well, I feel dumb.  Added a newline at the end and that was all it took.   Thanks for your help!

Happy to have been useful, you're welcome smile

10

Re: [SOLVED] How to bypass amavisd for some senders?

Was just thinking... a client has asked me to block any email coming to him from a specific outside address.   Could we do something like this in reverse: a list of blacklisted senders that would bounce?

11

Re: [SOLVED] How to bypass amavisd for some senders?

Looking further into it, it looks as though I can do it with soft-blacklisting.  Just give the sender a nice high score.

12

Re: [SOLVED] How to bypass amavisd for some senders?

Hi answerman!
Sorry for dumb question.
In which part of the amavisd.conf should be inserted your new section?
I did not find similar code in the default conf.