List Info

Thread: Amavisd-new 2.5.2 Disclaimer server
Amavisd-new 2.5.2 Disclaimer server
country flaguser name
United Kingdom		 2007-11-09 08:15:35 
Hi,

Hopefully someone can help me here.  I'm trying to set a
disclaimer policy
on my amavisd-new server, but the system is behaving
strangely.

I have created a PDP policy assigned to port 10025, which
sets
enable_disclaimers.


$interface_policy{'10025'} = 'DISCLAIMER';
$policy_bank{'DISCLAIMER'} = {
   allow_disclaimers => 1,
   originating => 1
};

##################

In the global config, altermime is configured thus :

$altermime = '/usr/local/bin/altermime';
altermime_args_disclaimer =
      qw(--verbose
         --disclaimer=/etc/postfix/disclaimer.txt);
$defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];

###################

My MTA is postfix, however when postfix routes a message to
amavisd on
localhost:10025, the disclaimer does not get added.

If I telnet to localhost however, port 10025, and manually
send the same
message, the amavisd-new does add the disclaimer.

Can anyone point out what I'm missing here - how can I make
port 10025
always add the disclaimer text.


Regards,



Graeme


NB - we also have amavisd listening on port 10024,
disclaimer is disabled.
Amavisd is configured to forward messages and notices to
another server
usign port 25.

-- 
Graeme Tattersall
GPG 0x97620D9F, 0xFBBDAB91
Lumison
d: 0131 514 4053
t: 0845 119 9901

P.S. Do you know that we have opened a new datacentre in
bond? Click
https://www.lumison.net/services/pdfs/colo_croydon.pdf
if you want to know
more
-- 

This email and any files transmitted with it are
confidential and intended 
solely for the use of the individual or entity to whom they
are addressed.  
If you have received this email in error please notify the
sender. Any 
offers or quotation of service are subject to formal
specification.  
Errors and omissions excepted.  Please note that any views
or opinions 
presented in this email are solely those of the author and
do not 
necessarily represent those of Lumison, nplusone or
lightershade ltd.  
Finally, the recipient should check this email and any
attachments for the 
presence of viruses.  Lumison, nplusone and lightershade ltd
accepts no 
liability for any damage caused by any virus transmitted by
this email.

-- 
-- 
Virus scanned by Lumison.

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
Re: Amavisd-new 2.5.2 Disclaimer server
country flaguser name
United States		 2007-11-09 11:47:28 
> -----Original Message-----
> From: amavis-user-bounceslists.sourceforge.net 
> [mailto:amavis-user-bounceslists.sourceforge.net] On
Behalf 
> Of Graeme Tattersall
> Sent: Friday, November 09, 2007 9:16 AM
> To: amavis-userlists.sourceforge.net
> Subject: [AMaViS-user] Amavisd-new 2.5.2 Disclaimer
server
> 
> 
> Hi,
> 
> Hopefully someone can help me here.  I'm trying to set
a 
> disclaimer policy on my amavisd-new server, but the
system is 
> behaving strangely.

Let me show you what I have, and you see if you can change
it to what
you are doing.
(maybe its just postfix needs the x-forward stuff)

I am using 'mynets' (all outbound email from 'mynets' gets
tagged if it
it is CLEAN).
Well, email should not go OUT if it isn't clean, but you
understand.

Also, you WILL want to use a different file for html and txt
file.
If not, outlookish client will wrap your disclaimer at
random points. ;
altermime_args_disclaimer =
  qw(--verbose  --disclaimer=/var/amavis/etc/disclaimer.txt

--disclaimer-html=/var/amavis/etc/disclaimer.html);
  $defang_maps_by_ccat{+CC_CLEAN} = [ 'disclaimer' ];

$policy_bank{'MYNETS'} = { # mail originating from mynetworks
  originating => 1,
  allow_disclaimers => 1,


Etc..

>From main.cf:
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = $mynetworks

>From master.cf:

127.0.0.1:10025 inet n  -       n     -       -  smtpd
    -o notify_clases=protocol,resource,software
    -o header_checks=
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o
smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o
receive_override_options=no_header_body_checks,no_unknown_re
cipient_chec
ks
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o local_header_rewrite_clients=
    -o smtpd_milters=
____________________________________________________________
_____________
This email has been scanned and certified safe by
SpammerTrap(tm). 
For Information please see http://www.spammertrap.com

____________________________________________________________
_____________

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
Re: Amavisd-new 2.5.2 Disclaimer server
country flaguser name
Slovenia		 2007-11-10 19:17:49 
Graeme,

> $interface_policy{'10025'} = 'DISCLAIMER';
> $policy_bank{'DISCLAIMER'} = {
>    allow_disclaimers => 1,
>    originating => 1
> };
> $altermime = '/usr/local/bin/altermime';
> altermime_args_disclaimer =
>       qw(--verbose
>          --disclaimer=/etc/postfix/disclaimer.txt);
> $defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];

> My MTA is postfix, however when postfix routes a
message to amavisd on
> localhost:10025, the disclaimer does not get added.
>
> If I telnet to localhost however, port 10025, and
manually send the same
> message, the amavisd-new does add the disclaimer.

The same message (envelope, author)?

Make sure the following condition is met (from
RELEASE_NOTES):

...and where any of the following addresses matches local
domains:
author (2822.From) or sender (2822.Sender) or return path
(2821.mail_from);

> Can anyone point out what I'm missing here - how can I
make port 10025
> always add the disclaimer text.

Log would tell. Make sure the policy bank gets loaded (level
2 or higher):

...loaded policy bank "DISCLAIMER"

Next, look in the log (level 2 or higher) for:

mangling YES: disclaimer (orig: disclaimer),
discl_allowed=1, <...> -> <...>
...
mangling by: disclaimer, <...>
program /usr/local/bin/altermime said: Attempting to add
disclaimernDone.n
mangling by altermime (disclaimer) done, new size: 362, orig
344 bytes

(search the log for: mangl|disclaim|defang)


> $defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];

Check the log that the message content type was CC_CLEAN
(e.g. search the
log for ccat), otherwise the CC_CATCHALL entry of a
%defang_maps_by_ccat
will not be reached - other entries taking precedence, such
as CC_BADH,
CC_VIRUS, CC_SPAMMY, CC_UNCHECKED, ... (all but CC_CLEAN).

The default value of %defang_maps_by_ccat is:

  %defang_maps_by_ccat = (
    CC_VIRUS,       sub { c('defang_virus') },
    CC_BANNED,      sub { c('defang_banned') },
    CC_UNCHECKED,   sub { c('defang_undecipherable') },
    CC_SPAM,        sub { c('defang_spam') },
    CC_SPAMMY,      sub { c('defang_spam') },
  # CC_BADH.',3',   1,  # NUL or CR character in header
  # CC_BADH.',5',   1,  # header line longer than 998
characters
  # CC_BADH.',6',   1,  # header field syntax error
    CC_BADH,        sub { c('defang_bad_header') },
  );

You might want to add disclaimer to content types such as
CC_BADH and CC_UNCHECKED, perhaps also to CC_SPAMMY.
Either set each hash key individually:

$defang_maps_by_ccat{+CC_UNCHECKED} = [ 'disclaimer' ];
$defang_maps_by_ccat{+CC_BADH}      = [ 'disclaimer' ];
$defang_maps_by_ccat{+CC_CATCHALL}  = [ 'disclaimer' ];

or replace the entire hash %defang_maps_by_ccat:

  %defang_maps_by_ccat = (
    CC_VIRUS,       sub { c('defang_virus') },
    CC_BANNED,      sub { c('defang_banned') },
    CC_SPAM,        sub { c('defang_spam') },
    CC_SPAMMY,      sub { c('defang_spam') },
    CC_CATCHALL,    [ 'disclaimer' ],
  );

If you won't be able to resolve the problem, make the log
(level 5)
available for inspection.

  Mark

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
Re: Amavisd-new 2.5.2 Disclaimer server
country flaguser name
United Kingdom		 2007-11-14 03:33:03 
Hi Mark,

Thanks for replying.  Yes, it was exactly the same message,
in both cases,
I was sending the same instructions manually by telnet to
the appropriate
server.

I have managed to get a solution working.  The problem was
that my sending
domain was not listed in local_domains.

Is there no way to force amavisd-new to add the disclaimer
to all mail
through a policy?  Can I override local_domains in a policy
bank?

FWIW, my configuration is now set up as follows :

===============
postfix: master.cf
===============
#handler transport for intranet footer filter-server (amavis
pdp)
disclaimer-filter  unix    -    -    y    -    35    smtp
 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes
 -o disable_dns_lookups=yes
 -o max_use=20

# smtp-filter server for intranet mail
# Instruct smtpd on Port 26 to deliver via 127.0.0.1:10025
# global smtpd settings apply unless an override is defined
26      inet  n       -       n       -       10      
smtpd
    -o content_filter=disclaimer-filter:[127.0.0.1]:10025
    -o receive_override_options=no_address_mappings


===============
amavisd-new: amavisd.conf
===============

local_domains_maps = ( [".$mydomain"],
  
["lumison.net"],["nplusone.net"],["
lightershade.com"] )

$altermime = '/usr/local/bin/altermime';
altermime_args_disclaimer =
      qw(--verbose
         --disclaimer=/etc/disclaimer/disclaimer.txt);
$defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];

$interface_policy{'10025'} = 'AVDISCLAIMER';
$policy_bank{'AVDISCLAIMER'} = {
   bypass_spam_checks_maps   => [1],
   bypass_banned_checks_maps => [1],
   bypass_header_checks_maps => [1],
   allow_disclaimers => 1,
   notify_method  => 'smtp:[x.y.z.10]:25',
   forward_method => 'smtp:[x.y.z.10]:25'
};


Many Thanks


Graeme



Mark Martinec wrote:
> The same message (envelope, author)?
> 
> Make sure the following condition is met (from
RELEASE_NOTES):
> 
> ...and where any of the following addresses matches
local domains:
> author (2822.From) or sender (2822.Sender) or return
path (2821.mail_from);
> 
>> Can anyone point out what I'm missing here - how
can I make port 10025
>> always add the disclaimer text.



-- 
Graeme Tattersall
GPG 0x97620D9F, 0xFBBDAB91
Lumison
d: 0131 514 4053
t: 0845 119 9901

P.S. Do you know that we have opened a new datacentre in
bond? Click
https://www.lumison.net/services/pdfs/colo_croydon.pdf
if you want to know
more

-- 

This email and any files transmitted with it are
confidential and intended 
solely for the use of the individual or entity to whom they
are addressed.  
If you have received this email in error please notify the
sender. Any 
offers or quotation of service are subject to formal
specification.  
Errors and omissions excepted.  Please note that any views
or opinions 
presented in this email are solely those of the author and
do not 
necessarily represent those of Lumison, nplusone or
lightershade ltd.  
Finally, the recipient should check this email and any
attachments for the 
presence of viruses.  Lumison, nplusone and lightershade ltd
accepts no 
liability for any damage caused by any virus transmitted by
this email.


------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
Re: Amavisd-new 2.5.2 Disclaimer server
country flaguser name
Slovenia		 2007-11-14 12:23:42 
Graeme,

> > Make sure the following condition is met (from
RELEASE_NOTES):
> > ...and where any of the following addresses
matches local domains:
> > author (2822.From) or sender (2822.Sender) or
return path
> > (2821.mail_from);

> I have managed to get a solution working. The problem
was that my sending
> domain was not listed in local_domains.

Good.

> Is there no way to force amavisd-new to add the
disclaimer to all mail
> through a policy?

The above condition is hard-coded, I don't see why it would
be
useful to modify third-party mail.

> Can I override local_domains in a policy bank?

Yes, that could do the trick.

$policy_bank{'AVDISCLAIMER'} = {
  local_domains_maps => [1],
  ...
};

There may be some undesired side-effects, e.g. all
disclaimed
mail will be treated as internal-to-internal (not outbound)
as
far as statistics counters are concerned, recipient
notifications,
defanging, pen pals.

It would be cleaner to just remove the restriction in the
program.
The relevant section is:

  # disclaimers should only go to mail with 2822.Sender or
2822.From
  # or 2821.mail_from address matching local domains:
  elsif (!grep {$_ ne '' && lookup(0,$_,{ca('local_domains_maps')})}
               {unique($rfc2822_sender, rfc2822_from, $sender)}) {
     $to_be_mangled = 0;  # not for foreign 'Sender:' or
'From:'
     do_log(5,"will not add disclaimer, sender/author
not local");
  }


Mark

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
[1-5]

about | contact  Other archives ( Real Estate discussion Medical topics )