How to bypass local network with amavis

How to bypass local network with amavis

   KB 23133        Last updated on 2018-01-18  




0.00
(0 votes)


Purpose

This article explains how to bypass or white-list certain IP ranges, either because they are known to be trusted and internal, or because they provide specific services that should not be checked for spam.


Resolution

By default, the bypass is not enabled, and we need to enable it as follows:

zmprov mcf zimbraAmavisOriginatingBypassSA TRUE 

When its enabled, we need to restart the following services:

zmantispamctl restart 
zmantivirusctl restart 
zmamavisdctl restart 


Once set, amavis bypasses SpamAssassin for all messages originating internal trusted networks. These networks are configured by modifying the server configuration attribute zimbraMtaMyNetworks:

<attr id="311" name="zimbraMtaMyNetworks" type="astring" max="10240" cardinality="multi" optionalIn="globalConfig,server" flags="serverInherited"  requiresRestart="mta">
 <desc>value of postfix mynetworks</desc>
</attr>


To retrieve current settings:

1. postconf mynetworks
2. zmprov gs `zmhostname` zimbraMtaMyNetworks


Configure MTA networks:

zmprov ms `zmhostname` zimbraMtaMyNetworks '127.0.0.0/8 10.0.0.0/8 192.168.0.0/16'

(note: zmconfigd will automatically restart the MTA processes after this change is made).

The zimbraMtaMyNetworks configuration is then included in Amavis in @mynetworks, which causes those IPs to be white-listed.


Additional Information

$ zmprov desc -a zimbraAmavisOriginatingBypassSA
zimbraAmavisOriginatingBypassSA
   Whether or not Amavis should Bypass SpamAsassin for originating email.
   Defaults to FALSE

              type : boolean
             value :
          callback :
         immutable : false
       cardinality : single
        requiredIn :
        optionalIn : globalConfig,server
             flags : serverInherited
          defaults : FALSE
               min :
               max :
                id : 1464
   requiresRestart : mta
             since : 8.5.0
   deprecatedSince :


Verified Against: Zimbra Collaboration 8.7 Date Created: 03/1/2017
Article ID: https://wiki.zimbra.com/index.php?title=How_to_bypass_local_network_with_amavis Date Modified: 2018-01-18



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Wiki/KB reviewed by SME1 SME2 Copyeditor Last edit by Jorge de la Cruz
Jump to: navigation, search