How to bypass local network with amavis
How to bypass local network with amavis
Purpose
This article explains how to bypass or white-list certain IP ranges, either because they are known to be trusted and internal, or because they provide specific services that should not be checked for spam.
Resolution
By default, the bypass is not enabled, and we need to enable it as follows:
zmprov mcf zimbraAmavisOriginatingBypassSA TRUE
When its enabled, we need to restart the following services:
zmantispamctl restart zmantivirusctl restart zmamavisdctl restart
Once set, amavis bypasses SpamAssassin for all messages originating internal trusted networks. These networks are configured by modifying the server configuration attribute zimbraMtaMyNetworks:
<attr id="311" name="zimbraMtaMyNetworks" type="astring" max="10240" cardinality="multi" optionalIn="globalConfig,server" flags="serverInherited" requiresRestart="mta"> <desc>value of postfix mynetworks</desc> </attr>
To retrieve current settings:
1. postconf mynetworks 2. zmprov gs `zmhostname` zimbraMtaMyNetworks
Configure MTA networks:
zmprov ms `zmhostname` zimbraMtaMyNetworks '127.0.0.0/8 10.0.0.0/8 192.168.0.0/16'
(note: zmconfigd will automatically restart the MTA processes after this change is made).
The zimbraMtaMyNetworks configuration is then included in Amavis in @mynetworks, which causes those IPs to be white-listed.
Additional Information
$ zmprov desc -a zimbraAmavisOriginatingBypassSA zimbraAmavisOriginatingBypassSA Whether or not Amavis should Bypass SpamAsassin for originating email. Defaults to FALSE type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : FALSE min : max : id : 1464 requiresRestart : mta since : 8.5.0 deprecatedSince :