1

Topic: iRedMail with external spam filter

Hello.

I'd need a way to bybass every spam / antivirus / SBL / whatever check with iredmail for incoming emails from single domain. Some of our domains use external spam filtering and everything from there should be considered 'safe', which isn't the case at the moment.

Currently, if we receive mail via spamfilter host iRedMail-box re-checks the mail, and unfortunately we often end up in situation where the mail is marked as spam on the subject line, but ie. X-Spam-Status and X-Spam-Flag headers are missing (which have been there since spamfilter-host). This is the case when spamhost detects spam but iredmail-box doesn't.

So, how I could whitelist single host so, that iRedMail doesn't scan incoming mail for spam nor viruses?

2

Re: iRedMail with external spam filter

Remove "content-filter", "check_policy_service" in postfix main.cf, then stop clamav, amavisd, policyd services.

3

Re: iRedMail with external spam filter

I don't want to shut down spam & virus filtering, I just need to whitelist single host where the mail is coming from. The whole installation isn't "after" that external spam filter, so disabling the whole antispam -feature would make a mess.

Let's explain this a bit via example: companya.com has MX iredmail.host and companyb.com has MX spamfilter.host. Spamfilter.host then delivers mail to companyb.com to iredmail.host.

Now, when iredmail.host receives anything from spamfilter.host it should be treated as safe, and there's no need for additional scanning or whatsoever. But when iredmail.host receives mail for companya.com it should be treated as unsafe and process incoming mail trough amavis.

I've managed to tweak this a bit, I added IP for spamfilter.host to @mynetworks on /etc/amavis/conf.d/50-user and changed policy_bank{MYNETS} a bit:

$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
   originating => 1,  # is true in MYNETS by default, but let's make it explicit
   os_fingerprint_method => undef,  # don't query p0f for internal clients
   allow_disclaimers => 1,  # enables disclaimer insertion if available
   bypass_spam_checks_maps   => [1],
   bypass_banned_checks_maps => [1],
   bypass_header_checks_maps => [1],
   bypass_virus_checks_maps => [1],
};

This almost works. Iredmail.host is now bypassing amavis tests etc. but X-Spam-Status nor X-Spam-Flag headers doesn't go trough.

4

Re: iRedMail with external spam filter

I guess you would like to append ip address of "spamfilter.host" in postfix 'mynetworks' setting.

5

Re: iRedMail with external spam filter

Ok, fixed this one. I don't know if I broke something in the process, but addition to previous changes I uncommented these:

$remove_existing_x_scanned_headers= 0;
$remove_existing_spam_headers = 0;

Now all headers via spamfilter.host goes trough unchanged and the X-Spam-* -headers stay intact.

6

Re: iRedMail with external spam filter

You should try my suggestion: append ip address of "spamfilter.host" in postfix 'mynetworks' setting.

Postfix won't pipe messages to amavisd if they comes from "mynetworks".