From: Camron W. Fox (no email)
Date: Mon Sep 01 2008 - 11:56:19 EDT
Stefan Palme wrote:
> On Fri, 2008-08-29 at 09:39 -1000, Camron W. Fox wrote:
>> Noel Jones wrote:
>>> Camron W. Fox wrote:
>>>> We would like to filter all internal email so that it bypasses
>>>> SpamAssassin. We have set up per_client_filters using:
>>>> smtpd_client_restrictions =
>>>> check_client_access cidr:/etc/postfix/per_client_filter
>>>> == per_client_filter:
>>>> 0.0.0.0/0 FILTER spamassassin:
>>>> 10.0.0.0/8 FILTER dummy:
>>> Note that order matters in a cidr: table. First match wins; everything
>>> matches 0.0.0.0/0. Put the catchall last, more specific entries earlier.
>>>> The spamassasin filter works fine, but how do we create a dummy
>>>> filter that just does a bypass of all the internal emails?
>>> Why send them through a filter at all if you don't want them filtered?
>>> Use DUNNO as the table result.
>>> 10.0.0.0/8 DUNNO
>>> 0.0.0.0/0 FILTER...
>> So this will accomplish what we want?
>> 10.0.0.0/0 DUNNO
>> 0.0.0.0/0 FILTER spamassassin:
> Maybe not exactly. We have a similar setup. The problem here is,
> that mails handed out to spamassassin (in our case its amavisd-new)
> is reinjected by amavisd-new to postfix via localhost:10025. All
> mails bypassing amavisd-new must be "manually" reinjected to port
> 10025 to accomplish address rewriting etc. (all the stuff that is
> done AFTER content filtering).
> So your setup would look like this:
> 10.0.0.0/0 FILTER smtp:[127.0.0.1]:10025
> 0.0.0.0/0 FILTER spamassassin:
Except we aren't using amavis and spamassassin processes traffic on our
DMZ. Virus scanning is done on the interior mail servers with
amavisd-new and ClamAV:
root at rb4:/etc/postfix [1002/2]# grep spamassassin master.cf
smtp inet n - n - - smtpd -o
unix - n n - - pipe
user=nobody argv=/usr/bin/spamc -e /usr/lib/sendmail -oi -f
Camron W. Fox
High Performance Computing Group
Fujitsu America, INC.