Re: Creating a dummy filter

[Camron W. Fox]

Noel Jones wrote:
Camron W. Fox wrote:
Stefan Palme wrote:
On Fri, 2008-08-29 at 09:39 -1000, Camron W. Fox wrote:
Noel Jones wrote:
Camron W. Fox wrote:
Alle,
    We would like to filter all internal email so that it bypasses 
SpamAssassin. We have set up per_client_filters using:

smtpd_client_restrictions =
    check_client_access cidr:/etc/postfix/per_client_filter

== per_client_filter:
0.0.0.0/0    FILTER spamassassin:
10.0.0.0/8    FILTER dummy:
...

Note that order matters in a cidr: table.  First match wins; 
everything matches 0.0.0.0/0.  Put the catchall last, more specific 
entries earlier.
http://www.postfix.org/cidr_table.5.html

    The spamassasin filter works fine, but how do we create a 
dummy filter that just does a bypass of all the internal emails?

Why send them through a filter at all if you don't want them 
filtered?  Use DUNNO as the table result.

10.0.0.0/8  DUNNO
0.0.0.0/0  FILTER...

Noel,

    So this will accomplish what we want?

10.0.0.0/0    DUNNO
0.0.0.0/0    FILTER    spamassassin:


Maybe not exactly. We have a similar setup. The problem here is,
that mails handed out to spamassassin (in our case its amavisd-new)
is reinjected by amavisd-new to postfix via localhost:10025. All
mails bypassing amavisd-new must be "manually" reinjected to port
10025 to accomplish address rewriting etc. (all the stuff that is
done AFTER content filtering).

So your setup would look like this:

10.0.0.0/0 FILTER smtp:[127.0.0.1]:10025
0.0.0.0/0  FILTER spamassassin:

Regards
-stefan-



Stefan,

    Except we aren't using amavis and spamassassin processes traffic 
on our DMZ. Virus scanning is done on the interior mail servers with 
amavisd-new and ClamAV:

[EMAIL PROTECTED]:/etc/postfix [1002/2]# grep spamassassin master.cf
smtp      inet  n       -       n       -       -       smtpd -o 
content_filter=spamassassin
spamassassin
          unix  -       n       n       -       -       pipe
   user=nobody argv=/usr/bin/spamc -e /usr/lib/sendmail -oi -f 
${sender} ${recipient}

Best Regards,
Camron

Camron W. Fox
Hilo Office
High Performance Computing Group
Fujitsu America, INC.
E-mail:        [EMAIL PROTECTED]


The DUNNO solution described earlier will work for any setup that 
doesn't use "content_filter = something" in main.cf or the receiving 
smtpd listener.

So it should work fine for you.


Alle,

	I tested this and it seemed to work with no problems. When I 
implemented it on the production servers, I started to see these messages:

access table cidr:/etc/postfix/per_client_filter entry "10.1.2.3" 
requires transport:destination

	I cannot tell if this mail is being bounced or not. Any help would be 
appreciated.

Best Regards,
Camron

--
Camron W. Fox
Hilo Office
High Performance Computing Group
Fujitsu America, INC.
E-mail:         [EMAIL PROTECTED]